@@ -2,6 +2,7 @@ package coderd_test
2
2
3
3
import (
4
4
"context"
5
+ "database/sql"
5
6
"fmt"
6
7
"net/http"
7
8
"slices"
@@ -13,8 +14,10 @@ import (
13
14
14
15
"github.com/coder/coder/v2/coderd"
15
16
"github.com/coder/coder/v2/coderd/coderdtest/oidctest"
17
+ "github.com/coder/coder/v2/coderd/database/migrations"
16
18
"github.com/coder/coder/v2/coderd/notifications"
17
19
"github.com/coder/coder/v2/coderd/notifications/notificationstest"
20
+ "github.com/coder/coder/v2/coderd/prebuilds"
18
21
"github.com/coder/coder/v2/coderd/rbac/policy"
19
22
20
23
"github.com/golang-jwt/jwt/v4"
@@ -2415,3 +2418,92 @@ func BenchmarkUsersMe(b *testing.B) {
2415
2418
require .NoError (b ,err )
2416
2419
}
2417
2420
}
2421
+
2422
+ func TestSystemUserBehaviour (t * testing.T ) {
2423
+ // Setup.
2424
+ t .Parallel ()
2425
+
2426
+ ctx := testutil .Context (t ,testutil .WaitLong )
2427
+
2428
+ sqlDB := testSQLDB (t )
2429
+ err := migrations .Up (sqlDB )// coderd/database/migrations/00030*_system_user.up.sql will create a system user.
2430
+ require .NoError (t ,err ,"migrations" )
2431
+
2432
+ db := database .New (sqlDB )
2433
+
2434
+ // =================================================================================================================
2435
+
2436
+ // When: retrieving users with the include_system flag enabled.
2437
+ other := dbgen .User (t ,db , database.User {})
2438
+ users ,err := db .GetUsers (ctx , database.GetUsersParams {
2439
+ IncludeSystem :true ,
2440
+ })
2441
+
2442
+ // Then: system users are returned, alongside other users.
2443
+ require .NoError (t ,err )
2444
+ require .Len (t ,users ,2 )
2445
+
2446
+ var systemUser ,regularUser database.GetUsersRow
2447
+ for _ ,u := range users {
2448
+ if u .IsSystem .Bool {
2449
+ systemUser = u
2450
+ }else {
2451
+ regularUser = u
2452
+ }
2453
+ }
2454
+ require .NotNil (t ,systemUser )
2455
+ require .NotNil (t ,regularUser )
2456
+
2457
+ require .True (t ,systemUser .IsSystem .Bool )
2458
+ require .Equal (t ,systemUser .ID ,prebuilds .OwnerID )
2459
+ require .False (t ,regularUser .IsSystem .Bool )
2460
+ require .Equal (t ,regularUser .ID ,other .ID )
2461
+
2462
+ // =================================================================================================================
2463
+
2464
+ // When: retrieving users with the include_system flag disabled.
2465
+ users ,err = db .GetUsers (ctx , database.GetUsersParams {
2466
+ IncludeSystem :false ,
2467
+ })
2468
+
2469
+ // Then: only regular users are returned.
2470
+ require .NoError (t ,err )
2471
+ require .Len (t ,users ,1 )
2472
+ require .False (t ,users [0 ].IsSystem .Bool )
2473
+
2474
+ // =================================================================================================================
2475
+
2476
+ // When: attempting to update a system user's name.
2477
+ _ ,err = db .UpdateUserProfile (ctx , database.UpdateUserProfileParams {
2478
+ ID :systemUser .ID ,
2479
+ Name :"not prebuilds" ,
2480
+ })
2481
+ // Then: the attempt is rejected by a postgres trigger.
2482
+ require .ErrorContains (t ,err ,"Cannot modify or delete system users" )
2483
+
2484
+ // When: attempting to delete a system user.
2485
+ err = db .UpdateUserDeletedByID (ctx ,systemUser .ID )
2486
+ // Then: the attempt is rejected by a postgres trigger.
2487
+ require .ErrorContains (t ,err ,"Cannot modify or delete system users" )
2488
+
2489
+ // When: attempting to update a user's roles.
2490
+ _ ,err = db .UpdateUserRoles (ctx , database.UpdateUserRolesParams {
2491
+ ID :systemUser .ID ,
2492
+ GrantedRoles : []string {rbac .RoleAuditor ().String ()},
2493
+ })
2494
+ // Then: the attempt is rejected by a postgres trigger.
2495
+ require .ErrorContains (t ,err ,"Cannot modify or delete system users" )
2496
+ }
2497
+
2498
+ func testSQLDB (t testing.TB )* sql.DB {
2499
+ t .Helper ()
2500
+
2501
+ connection ,err := dbtestutil .Open (t )
2502
+ require .NoError (t ,err )
2503
+
2504
+ db ,err := sql .Open ("postgres" ,connection )
2505
+ require .NoError (t ,err )
2506
+ t .Cleanup (func () {_ = db .Close () })
2507
+
2508
+ return db
2509
+ }