@@ -4102,3 +4102,99 @@ func TestUpdateWorkspaceACL(t *testing.T) {
41024102require .Equal (t ,cerr .Validations [1 ].Field ,"user_roles" )
41034103})
41044104}
4105+
4106+ func TestDeleteWorkspaceACL (t * testing.T ) {
4107+ t .Parallel ()
4108+
4109+ dv := coderdtest .DeploymentValues (t )
4110+ dv .Experiments = []string {string (codersdk .ExperimentWorkspaceSharing )}
4111+
4112+ t .Run ("WorkspaceOwnerCanDelete_Groups" ,func (t * testing.T ) {
4113+ t .Parallel ()
4114+
4115+ var (
4116+ client ,db ,admin = coderdenttest .NewWithDatabase (t ,& coderdenttest.Options {
4117+ Options :& coderdtest.Options {
4118+ DeploymentValues :dv ,
4119+ },
4120+ LicenseOptions :& coderdenttest.LicenseOptions {
4121+ Features : license.Features {
4122+ codersdk .FeatureTemplateRBAC :1 ,
4123+ },
4124+ },
4125+ })
4126+ workspaceOwnerClient ,workspaceOwner = coderdtest .CreateAnotherUser (t ,client ,admin .OrganizationID ,rbac .ScopedRoleOrgAuditor (admin .OrganizationID ))
4127+ workspace = dbfake .WorkspaceBuild (t ,db , database.WorkspaceTable {
4128+ OwnerID :workspaceOwner .ID ,
4129+ OrganizationID :admin .OrganizationID ,
4130+ }).Do ().Workspace
4131+ )
4132+
4133+ ctx := testutil .Context (t ,testutil .WaitMedium )
4134+
4135+ group ,err := client .CreateGroup (ctx ,admin .OrganizationID , codersdk.CreateGroupRequest {
4136+ Name :"wibble" ,
4137+ })
4138+ require .NoError (t ,err )
4139+ err = workspaceOwnerClient .UpdateWorkspaceACL (ctx ,workspace .ID , codersdk.UpdateWorkspaceACL {
4140+ GroupRoles :map [string ]codersdk.WorkspaceRole {
4141+ group .ID .String ():codersdk .WorkspaceRoleUse ,
4142+ },
4143+ })
4144+ require .NoError (t ,err )
4145+
4146+ err = workspaceOwnerClient .DeleteWorkspaceACL (ctx ,workspace .ID )
4147+ require .NoError (t ,err )
4148+
4149+ acl ,err := workspaceOwnerClient .WorkspaceACL (ctx ,workspace .ID )
4150+ require .NoError (t ,err )
4151+ require .Empty (t ,acl .Groups )
4152+ })
4153+
4154+ t .Run ("SharedGroupUsersCannotDelete" ,func (t * testing.T ) {
4155+ t .Parallel ()
4156+
4157+ var (
4158+ client ,db ,admin = coderdenttest .NewWithDatabase (t ,& coderdenttest.Options {
4159+ Options :& coderdtest.Options {
4160+ DeploymentValues :dv ,
4161+ },
4162+ LicenseOptions :& coderdenttest.LicenseOptions {
4163+ Features : license.Features {
4164+ codersdk .FeatureTemplateRBAC :1 ,
4165+ },
4166+ },
4167+ })
4168+ workspaceOwnerClient ,workspaceOwner = coderdtest .CreateAnotherUser (t ,client ,admin .OrganizationID ,rbac .ScopedRoleOrgAuditor (admin .OrganizationID ))
4169+ workspace = dbfake .WorkspaceBuild (t ,db , database.WorkspaceTable {
4170+ OwnerID :workspaceOwner .ID ,
4171+ OrganizationID :admin .OrganizationID ,
4172+ }).Do ().Workspace
4173+ sharedClient ,toShareWithUser = coderdtest .CreateAnotherUser (t ,client ,admin .OrganizationID )
4174+ )
4175+
4176+ ctx := testutil .Context (t ,testutil .WaitMedium )
4177+
4178+ group ,err := client .CreateGroup (ctx ,admin .OrganizationID , codersdk.CreateGroupRequest {
4179+ Name :"wibble" ,
4180+ })
4181+ require .NoError (t ,err )
4182+ group ,err = client .PatchGroup (ctx ,group .ID , codersdk.PatchGroupRequest {
4183+ AddUsers : []string {toShareWithUser .ID .String ()},
4184+ })
4185+ require .NoError (t ,err )
4186+ err = workspaceOwnerClient .UpdateWorkspaceACL (ctx ,workspace .ID , codersdk.UpdateWorkspaceACL {
4187+ GroupRoles :map [string ]codersdk.WorkspaceRole {
4188+ group .ID .String ():codersdk .WorkspaceRoleUse ,
4189+ },
4190+ })
4191+ require .NoError (t ,err )
4192+
4193+ err = sharedClient .DeleteWorkspaceACL (ctx ,workspace .ID )
4194+ require .Error (t ,err )
4195+
4196+ acl ,err := workspaceOwnerClient .WorkspaceACL (ctx ,workspace .ID )
4197+ require .NoError (t ,err )
4198+ require .Equal (t ,acl .Groups [0 ].ID ,group .ID )
4199+ })
4200+ }