Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitcf93307

Browse files
committed
chore: deprecate scoped org role names from the rbac package
Fixing all the test apis to remove this is a lot of work for littlereturn atm.
1 parent356099b commitcf93307

21 files changed

+81
-75
lines changed

‎cli/server_createadminuser.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -222,7 +222,7 @@ func (r *RootCmd) newCreateAdminUserCommand() *serpent.Command {
222222
UserID:newUser.ID,
223223
CreatedAt:dbtime.Now(),
224224
UpdatedAt:dbtime.Now(),
225-
Roles: []string{rbac.RoleOrgAdmin(org.ID)},
225+
Roles: []string{rbac.ScopedRoleOrgAdmin(org.ID)},
226226
})
227227
iferr!=nil {
228228
returnxerrors.Errorf("insert organization member: %w",err)

‎cli/server_createadminuser_test.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ func TestServerCreateAdminUser(t *testing.T) {
7171
orgIDs2:=make(map[uuid.UUID]struct{},len(orgMemberships))
7272
for_,membership:=rangeorgMemberships {
7373
orgIDs2[membership.OrganizationID]=struct{}{}
74-
assert.Equal(t, []string{rbac.RoleOrgAdmin(membership.OrganizationID)},membership.Roles,"user is not org admin")
74+
assert.Equal(t, []string{rbac.ScopedRoleOrgAdmin(membership.OrganizationID)},membership.Roles,"user is not org admin")
7575
}
7676

7777
require.Equal(t,orgIDs,orgIDs2,"user is not in all orgs")

‎coderd/authorize_test.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ func TestCheckPermissions(t *testing.T) {
2727
memberClient,_:=coderdtest.CreateAnotherUser(t,adminClient,adminUser.OrganizationID)
2828
memberUser,err:=memberClient.User(ctx,codersdk.Me)
2929
require.NoError(t,err)
30-
orgAdminClient,_:=coderdtest.CreateAnotherUser(t,adminClient,adminUser.OrganizationID,rbac.RoleOrgAdmin(adminUser.OrganizationID))
30+
orgAdminClient,_:=coderdtest.CreateAnotherUser(t,adminClient,adminUser.OrganizationID,rbac.ScopedRoleOrgAdmin(adminUser.OrganizationID))
3131
orgAdminUser,err:=orgAdminClient.User(ctx,codersdk.Me)
3232
require.NoError(t,err)
3333

‎coderd/batchstats/batcher_internal_test.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,7 @@ func setupDeps(t *testing.T, store database.Store, ps pubsub.Pubsub) deps {
177177
_,err:=store.InsertOrganizationMember(context.Background(), database.InsertOrganizationMemberParams{
178178
OrganizationID:org.ID,
179179
UserID:user.ID,
180-
Roles: []string{rbac.RoleOrgMember(org.ID)},
180+
Roles: []string{rbac.ScopedRoleOrgMember(org.ID)},
181181
})
182182
require.NoError(t,err)
183183
tv:=dbgen.TemplateVersion(t,store, database.TemplateVersion{

‎coderd/coderdtest/coderdtest.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -681,7 +681,7 @@ func AuthzUserSubject(user codersdk.User, orgID uuid.UUID) rbac.Subject {
681681
roles=append(roles,r.Name)
682682
}
683683
// We assume only 1 org exists
684-
roles=append(roles,rbac.RoleOrgMember(orgID))
684+
roles=append(roles,rbac.ScopedRoleOrgMember(orgID))
685685

686686
return rbac.Subject{
687687
ID:user.ID.String(),

‎coderd/database/dbauthz/customroles_test.go‎

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -153,7 +153,7 @@ func TestUpsertCustomRoles(t *testing.T) {
153153
UUID:uuid.New(),
154154
Valid:true,
155155
},
156-
subject:merge(canAssignRole,rbac.RoleOrgAdmin(orgID.UUID)),
156+
subject:merge(canAssignRole,rbac.ScopedRoleOrgAdmin(orgID.UUID)),
157157
org:codersdk.CreatePermissions(map[codersdk.RBACResource][]codersdk.RBACAction{
158158
codersdk.ResourceWorkspace: {codersdk.ActionRead},
159159
}),
@@ -162,7 +162,7 @@ func TestUpsertCustomRoles(t *testing.T) {
162162
{
163163
name:"user-escalation",
164164
// These roles do not grant user perms
165-
subject:merge(canAssignRole,rbac.RoleOrgAdmin(orgID.UUID)),
165+
subject:merge(canAssignRole,rbac.ScopedRoleOrgAdmin(orgID.UUID)),
166166
user:codersdk.CreatePermissions(map[codersdk.RBACResource][]codersdk.RBACAction{
167167
codersdk.ResourceWorkspace: {codersdk.ActionRead},
168168
}),
@@ -190,7 +190,7 @@ func TestUpsertCustomRoles(t *testing.T) {
190190
},
191191
{
192192
name:"read-workspace-in-org",
193-
subject:merge(canAssignRole,rbac.RoleOrgAdmin(orgID.UUID)),
193+
subject:merge(canAssignRole,rbac.ScopedRoleOrgAdmin(orgID.UUID)),
194194
organizationID:orgID,
195195
org:codersdk.CreatePermissions(map[codersdk.RBACResource][]codersdk.RBACAction{
196196
codersdk.ResourceWorkspace: {codersdk.ActionRead},

‎coderd/database/dbauthz/dbauthz.go‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2472,7 +2472,7 @@ func (q *querier) InsertOrganization(ctx context.Context, arg database.InsertOrg
24722472

24732473
func (q*querier)InsertOrganizationMember(ctx context.Context,arg database.InsertOrganizationMemberParams) (database.OrganizationMember,error) {
24742474
// All roles are added roles. Org member is always implied.
2475-
addedRoles:=append(arg.Roles,rbac.RoleOrgMember(arg.OrganizationID))
2475+
addedRoles:=append(arg.Roles,rbac.ScopedRoleOrgMember(arg.OrganizationID))
24762476
err:=q.canAssignRoles(ctx,&arg.OrganizationID,addedRoles, []string{})
24772477
iferr!=nil {
24782478
return database.OrganizationMember{},err
@@ -2862,7 +2862,7 @@ func (q *querier) UpdateMemberRoles(ctx context.Context, arg database.UpdateMemb
28622862
}
28632863

28642864
// The org member role is always implied.
2865-
impliedTypes:=append(scopedGranted,rbac.RoleOrgMember(arg.OrgID))
2865+
impliedTypes:=append(scopedGranted,rbac.ScopedRoleOrgMember(arg.OrgID))
28662866
added,removed:=rbac.ChangeRoleSet(member.Roles,impliedTypes)
28672867
err=q.canAssignRoles(ctx,&arg.OrgID,added,removed)
28682868
iferr!=nil {

‎coderd/database/dbauthz/dbauthz_test.go‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -636,7 +636,7 @@ func (s *MethodTestSuite) TestOrganization() {
636636
check.Args(database.InsertOrganizationMemberParams{
637637
OrganizationID:o.ID,
638638
UserID:u.ID,
639-
Roles: []string{rbac.RoleOrgAdmin(o.ID)},
639+
Roles: []string{rbac.ScopedRoleOrgAdmin(o.ID)},
640640
}).Asserts(
641641
rbac.ResourceAssignRole.InOrg(o.ID),policy.ActionAssign,
642642
rbac.ResourceOrganizationMember.InOrg(o.ID).WithID(u.ID),policy.ActionCreate)
@@ -664,7 +664,7 @@ func (s *MethodTestSuite) TestOrganization() {
664664
mem:=dbgen.OrganizationMember(s.T(),db, database.OrganizationMember{
665665
OrganizationID:o.ID,
666666
UserID:u.ID,
667-
Roles: []string{rbac.RoleOrgAdmin(o.ID)},
667+
Roles: []string{rbac.ScopedRoleOrgAdmin(o.ID)},
668668
})
669669
out:=mem
670670
out.Roles= []string{}

‎coderd/httpmw/authorize_test.go‎

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ func TestExtractUserRoles(t *testing.T) {
6868
Roles:orgRoles,
6969
})
7070
require.NoError(t,err)
71-
returnuser,append(roles,append(orgRoles,rbac.RoleMember(),rbac.RoleOrgMember(org.ID))...),token
71+
returnuser,append(roles,append(orgRoles,rbac.RoleMember(),rbac.ScopedRoleOrgMember(org.ID))...),token
7272
},
7373
},
7474
{
@@ -89,8 +89,8 @@ func TestExtractUserRoles(t *testing.T) {
8989

9090
orgRoles:= []string{}
9191
ifi%2==0 {
92-
orgRoles=append(orgRoles,rbac.StaticRoleOrgAdmin())
93-
roles=append(roles,rbac.RoleOrgAdmin(organization.ID))
92+
orgRoles=append(orgRoles,rbac.RoleOrgAdmin())
93+
roles=append(roles,rbac.ScopedRoleOrgAdmin(organization.ID))
9494
}
9595
_,err=db.InsertOrganizationMember(context.Background(), database.InsertOrganizationMemberParams{
9696
OrganizationID:organization.ID,
@@ -100,7 +100,7 @@ func TestExtractUserRoles(t *testing.T) {
100100
Roles:orgRoles,
101101
})
102102
require.NoError(t,err)
103-
roles=append(roles,rbac.RoleOrgMember(organization.ID))
103+
roles=append(roles,rbac.ScopedRoleOrgMember(organization.ID))
104104
}
105105
returnuser,roles,token
106106
},

‎coderd/httpmw/organizationparam_test.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,7 @@ func TestOrganizationParam(t *testing.T) {
152152
_=dbgen.OrganizationMember(t,db, database.OrganizationMember{
153153
OrganizationID:organization.ID,
154154
UserID:user.ID,
155-
Roles: []string{rbac.RoleOrgMember(organization.ID)},
155+
Roles: []string{rbac.ScopedRoleOrgMember(organization.ID)},
156156
})
157157
_,err:=db.UpdateUserRoles(ctx, database.UpdateUserRolesParams{
158158
ID:user.ID,

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp