NotificationsYou must be signed in to change notification settings
Fork914
Star10.1k

Commitb788237

committed

optionally prevent system users from counting to user count

Signed-off-by: Danny Kopping <dannykopping@gmail.com>

1 parent300e80f commitb788237Copy full SHA for b788237

File tree

19 files changed

+105

-55

lines changed

cli
- server.go
coderd
- database
  - dbauthz
    - dbauthz.go
    - dbauthz_test.go
  - dbmem
    - dbmem.go
  - dbmetrics
    - querymetrics.go
  - dbmock
    - dbmock.go
  - migrations
    - 000301_system_user.down.sql
  - modelqueries.go
  - querier.go
  - querier_test.go
  - queries
    - organizationmembers.sql
    - users.sql
  - queries.sql.go
- userauth.go
- userauth_test.go
- users.go
- users_test.go
enterprise
- coderd/license
  - license.go
- dbcrypt
  - cliutil.go

19 files changed

+105

-55

lines changed

`‎cli/server.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1894,7 +1894,7 @@ func getGithubOAuth2ConfigParams(ctx context.Context, db database.Store, vals *c`
`1894`	`1894`
`1895`	`1895`	`ifdefaultEligibleNotSet {`
`1896`	`1896`	`// nolint:gocritic // User count requires system privileges`
`1897`		`-userCount,err:=db.GetUserCount(dbauthz.AsSystemRestricted(ctx))`
	`1897`	`+userCount,err:=db.GetUserCount(dbauthz.AsSystemRestricted(ctx),false)`
`1898`	`1898`	`iferr!=nil {`
`1899`	`1899`	`returnnil,xerrors.Errorf("get user count: %w",err)`
`1900`	`1900`	`}`

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 10 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -1084,13 +1084,13 @@ func (q *querier) ActivityBumpWorkspace(ctx context.Context, arg database.Activi`
`1084`	`1084`	`returnupdate(q.log,q.auth,fetch,q.db.ActivityBumpWorkspace)(ctx,arg)`
`1085`	`1085`	`}`
`1086`	`1086`
`1087`		`-func (q*querier)AllUserIDs(ctx context.Context) ([]uuid.UUID,error) {`
	`1087`	`+func (q*querier)AllUserIDs(ctx context.Context,includeSystembool) ([]uuid.UUID,error) {`
`1088`	`1088`	`// Although this technically only reads users, only system-related functions should be`
`1089`	`1089`	`// allowed to call this.`
`1090`	`1090`	`iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceSystem);err!=nil {`
`1091`	`1091`	`returnnil,err`
`1092`	`1092`	`}`
`1093`		`-returnq.db.AllUserIDs(ctx)`
	`1093`	`+returnq.db.AllUserIDs(ctx,includeSystem)`
`1094`	`1094`	`}`
`1095`	`1095`
`1096`	`1096`	`func (q*querier)ArchiveUnusedTemplateVersions(ctx context.Context,arg database.ArchiveUnusedTemplateVersionsParams) ([]uuid.UUID,error) {`
`@@ -1343,7 +1343,10 @@ func (q *querier) DeleteOldWorkspaceAgentStats(ctx context.Context) error {`
`1343`	`1343`
`1344`	`1344`	`func (q*querier)DeleteOrganizationMember(ctx context.Context,arg database.DeleteOrganizationMemberParams)error {`
`1345`	`1345`	`returndeleteQ[database.OrganizationMember](q.log,q.auth,func(ctx context.Context,arg database.DeleteOrganizationMemberParams) (database.OrganizationMember,error) {`
`1346`		`-member,err:=database.ExpectOne(q.OrganizationMembers(ctx,database.OrganizationMembersParams(arg)))`
	`1346`	`+member,err:=database.ExpectOne(q.OrganizationMembers(ctx, database.OrganizationMembersParams{`
	`1347`	`+OrganizationID:arg.OrganizationID,`
	`1348`	`+UserID:arg.UserID,`
	`1349`	`+}))`
`1347`	`1350`	`iferr!=nil {`
`1348`	`1351`	`return database.OrganizationMember{},err`
`1349`	`1352`	`}`
`@@ -1529,11 +1532,11 @@ func (q *querier) GetAPIKeysLastUsedAfter(ctx context.Context, lastUsed time.Tim`
`1529`	`1532`	`returnfetchWithPostFilter(q.auth,policy.ActionRead,q.db.GetAPIKeysLastUsedAfter)(ctx,lastUsed)`
`1530`	`1533`	`}`
`1531`	`1534`
`1532`		`-func (q*querier)GetActiveUserCount(ctx context.Context) (int64,error) {`
	`1535`	`+func (q*querier)GetActiveUserCount(ctx context.Context,includeSystembool) (int64,error) {`
`1533`	`1536`	`iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceSystem);err!=nil {`
`1534`	`1537`	`return0,err`
`1535`	`1538`	`}`
`1536`		`-returnq.db.GetActiveUserCount(ctx)`
	`1539`	`+returnq.db.GetActiveUserCount(ctx,includeSystem)`
`1537`	`1540`	`}`
`1538`	`1541`
`1539`	`1542`	`func (q*querier)GetActiveWorkspaceBuildsByTemplateID(ctx context.Context,templateID uuid.UUID) ([]database.WorkspaceBuild,error) {`
`@@ -2557,11 +2560,11 @@ func (q *querier) GetUserByID(ctx context.Context, id uuid.UUID) (database.User,`
`2557`	`2560`	`returnfetch(q.log,q.auth,q.db.GetUserByID)(ctx,id)`
`2558`	`2561`	`}`
`2559`	`2562`
`2560`		`-func (q*querier)GetUserCount(ctx context.Context) (int64,error) {`
	`2563`	`+func (q*querier)GetUserCount(ctx context.Context,includeSystembool) (int64,error) {`
`2561`	`2564`	`iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceSystem);err!=nil {`
`2562`	`2565`	`return0,err`
`2563`	`2566`	`}`
`2564`		`-returnq.db.GetUserCount(ctx)`
	`2567`	`+returnq.db.GetUserCount(ctx,includeSystem)`
`2565`	`2568`	`}`
`2566`	`2569`
`2567`	`2570`	`func (q*querier)GetUserLatencyInsights(ctx context.Context,arg database.GetUserLatencyInsightsParams) ([]database.GetUserLatencyInsightsRow,error) {`

`‎coderd/database/dbauthz/dbauthz_test.go`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -1664,7 +1664,7 @@ func (s *MethodTestSuite) TestUser() {`
`1664`	`1664`	`s.Run("AllUserIDs",s.Subtest(func(db database.Store,check*expects) {`
`1665`	`1665`	`a:=dbgen.User(s.T(),db, database.User{})`
`1666`	`1666`	`b:=dbgen.User(s.T(),db, database.User{})`
`1667`		`-check.Args().Asserts(rbac.ResourceSystem,policy.ActionRead).Returns(slice.New(a.ID,b.ID))`
	`1667`	`+check.Args(false).Asserts(rbac.ResourceSystem,policy.ActionRead).Returns(slice.New(a.ID,b.ID))`
`1668`	`1668`	`}))`
`1669`	`1669`	`s.Run("CustomRoles",s.Subtest(func(db database.Store,check*expects) {`
`1670`	`1670`	`check.Args(database.CustomRolesParams{}).Asserts(rbac.ResourceAssignRole,policy.ActionRead).Returns([]database.CustomRole{})`
`@@ -3649,7 +3649,7 @@ func (s *MethodTestSuite) TestSystemFunctions() {`
`3649`	`3649`	`check.Args().Asserts(rbac.ResourceSystem,policy.ActionRead)`
`3650`	`3650`	`}))`
`3651`	`3651`	`s.Run("GetActiveUserCount",s.Subtest(func(db database.Store,check*expects) {`
`3652`		`-check.Args().Asserts(rbac.ResourceSystem,policy.ActionRead).Returns(int64(0))`
	`3652`	`+check.Args(false).Asserts(rbac.ResourceSystem,policy.ActionRead).Returns(int64(0))`
`3653`	`3653`	`}))`
`3654`	`3654`	`s.Run("GetUnexpiredLicenses",s.Subtest(func(db database.Store,check*expects) {`
`3655`	`3655`	`check.Args().Asserts(rbac.ResourceSystem,policy.ActionRead)`
`@@ -3692,7 +3692,7 @@ func (s *MethodTestSuite) TestSystemFunctions() {`
`3692`	`3692`	`check.Args(time.Now().Add(time.Hour*-1)).Asserts(rbac.ResourceSystem,policy.ActionRead)`
`3693`	`3693`	`}))`
`3694`	`3694`	`s.Run("GetUserCount",s.Subtest(func(db database.Store,check*expects) {`
`3695`		`-check.Args().Asserts(rbac.ResourceSystem,policy.ActionRead).Returns(int64(0))`
	`3695`	`+check.Args(false).Asserts(rbac.ResourceSystem,policy.ActionRead).Returns(int64(0))`
`3696`	`3696`	`}))`
`3697`	`3697`	`s.Run("GetTemplates",s.Subtest(func(db database.Store,check*expects) {`
`3698`	`3698`	`dbtestutil.DisableForeignKeysAndTriggers(s.T(),db)`

`‎coderd/database/dbmem/dbmem.go`

Lines changed: 8 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -1549,7 +1549,7 @@ func (q *FakeQuerier) ActivityBumpWorkspace(ctx context.Context, arg database.Ac`
`1549`	`1549`	`returnsql.ErrNoRows`
`1550`	`1550`	`}`
`1551`	`1551`
`1552`		`-func (q*FakeQuerier)AllUserIDs(_ context.Context) ([]uuid.UUID,error) {`
	`1552`	`+func (q*FakeQuerier)AllUserIDs(_ context.Context,includeSystembool) ([]uuid.UUID,error) {`
`1553`	`1553`	`q.mutex.RLock()`
`1554`	`1554`	`deferq.mutex.RUnlock()`
`1555`	`1555`	`userIDs:=make([]uuid.UUID,0,len(q.users))`
`@@ -2644,7 +2644,7 @@ func (q *FakeQuerier) GetAPIKeysLastUsedAfter(_ context.Context, after time.Time`
`2644`	`2644`	`returnapiKeys,nil`
`2645`	`2645`	`}`
`2646`	`2646`
`2647`		`-func (q*FakeQuerier)GetActiveUserCount(_ context.Context) (int64,error) {`
	`2647`	`+func (q*FakeQuerier)GetActiveUserCount(_ context.Context,includeSystembool) (int64,error) {`
`2648`	`2648`	`q.mutex.RLock()`
`2649`	`2649`	`deferq.mutex.RUnlock()`
`2650`	`2650`
`@@ -6200,7 +6200,8 @@ func (q *FakeQuerier) GetUserByID(_ context.Context, id uuid.UUID) (database.Use`
`6200`	`6200`	`returnq.getUserByIDNoLock(id)`
`6201`	`6201`	`}`
`6202`	`6202`
`6203`		`-func (q*FakeQuerier)GetUserCount(_ context.Context) (int64,error) {`
	`6203`	`+// nolint:revive // Not a control flag; used for filtering.`
	`6204`	`+func (q*FakeQuerier)GetUserCount(_ context.Context,includeSystembool) (int64,error) {`
`6204`	`6205`	`q.mutex.RLock()`
`6205`	`6206`	`deferq.mutex.RUnlock()`
`6206`	`6207`
`@@ -6209,6 +6210,10 @@ func (q *FakeQuerier) GetUserCount(_ context.Context) (int64, error) {`
`6209`	`6210`	`if!u.Deleted {`
`6210`	`6211`	`existing++`
`6211`	`6212`	`}`
	`6213`	`+`
	`6214`	`+if!includeSystem&&u.IsSystem.Valid&&u.IsSystem.Bool {`
	`6215`	`+continue`
	`6216`	`+}`
`6212`	`6217`	`}`
`6213`	`6218`	`returnexisting,nil`
`6214`	`6219`	`}`

`‎coderd/database/dbmetrics/querymetrics.go`

Lines changed: 7 additions & 6 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dbmock/dbmock.go`

Lines changed: 12 additions & 12 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/migrations/000301_system_user.down.sql`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,10 @@ DROP TRIGGER IF EXISTS prevent_system_user_deletions ON users;`
`9`	`9`	`-- Drop function`
`10`	`10`	`DROPFUNCTION IF EXISTS prevent_system_user_changes();`
`11`	`11`
	`12`	`+-- Delete user status changes`
	`13`	`+DELETEFROM user_status_changes`
	`14`	`+WHERE user_id='c42fdf75-3097-471c-8c33-fb52454d81c0';`
	`15`	`+`
`12`	`16`	`-- Delete system user`
`13`	`17`	`DELETEFROM users`
`14`	`18`	`WHERE id='c42fdf75-3097-471c-8c33-fb52454d81c0';`

`‎coderd/database/modelqueries.go`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -393,6 +393,7 @@ func (q *sqlQuerier) GetAuthorizedUsers(ctx context.Context, arg GetUsersParams,`
`393`	`393`	`arg.LastSeenAfter,`
`394`	`394`	`arg.CreatedBefore,`
`395`	`395`	`arg.CreatedAfter,`
	`396`	`+arg.IncludeSystem,`
`396`	`397`	`arg.OffsetOpt,`
`397`	`398`	`arg.LimitOpt,`
`398`	`399`	`)`

`‎coderd/database/querier.go`

Lines changed: 3 additions & 3 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/querier_test.go`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ import (`
`15`	`15`	`"github.com/stretchr/testify/require"`
`16`	`16`
`17`	`17`	`"cdr.dev/slog/sloggers/slogtest"`
	`18`	`+`
`18`	`19`	`"github.com/coder/coder/v2/coderd/coderdtest"`
`19`	`20`	`"github.com/coder/coder/v2/coderd/database"`
`20`	`21`	`"github.com/coder/coder/v2/coderd/database/db2sdk"`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitb788237

File tree

19 files changed

19 files changed

`‎cli/server.go`

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbauthz/dbauthz_test.go`

`‎coderd/database/dbmem/dbmem.go`

`‎coderd/database/dbmetrics/querymetrics.go`

`‎coderd/database/dbmock/dbmock.go`

`‎coderd/database/migrations/000301_system_user.down.sql`

`‎coderd/database/modelqueries.go`

`‎coderd/database/querier.go`

`‎coderd/database/querier_test.go`

0 commit comments