Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitcf93307

Browse files
committed
chore: deprecate scoped org role names from the rbac package
Fixing all the test apis to remove this is a lot of work for littlereturn atm.
1 parent356099b commitcf93307

21 files changed

+81
-75
lines changed

‎cli/server_createadminuser.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -222,7 +222,7 @@ func (r *RootCmd) newCreateAdminUserCommand() *serpent.Command {
222222
UserID:newUser.ID,
223223
CreatedAt:dbtime.Now(),
224224
UpdatedAt:dbtime.Now(),
225-
Roles: []string{rbac.RoleOrgAdmin(org.ID)},
225+
Roles: []string{rbac.ScopedRoleOrgAdmin(org.ID)},
226226
})
227227
iferr!=nil {
228228
returnxerrors.Errorf("insert organization member: %w",err)

‎cli/server_createadminuser_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ func TestServerCreateAdminUser(t *testing.T) {
7171
orgIDs2:=make(map[uuid.UUID]struct{},len(orgMemberships))
7272
for_,membership:=rangeorgMemberships {
7373
orgIDs2[membership.OrganizationID]=struct{}{}
74-
assert.Equal(t, []string{rbac.RoleOrgAdmin(membership.OrganizationID)},membership.Roles,"user is not org admin")
74+
assert.Equal(t, []string{rbac.ScopedRoleOrgAdmin(membership.OrganizationID)},membership.Roles,"user is not org admin")
7575
}
7676

7777
require.Equal(t,orgIDs,orgIDs2,"user is not in all orgs")

‎coderd/authorize_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ func TestCheckPermissions(t *testing.T) {
2727
memberClient,_:=coderdtest.CreateAnotherUser(t,adminClient,adminUser.OrganizationID)
2828
memberUser,err:=memberClient.User(ctx,codersdk.Me)
2929
require.NoError(t,err)
30-
orgAdminClient,_:=coderdtest.CreateAnotherUser(t,adminClient,adminUser.OrganizationID,rbac.RoleOrgAdmin(adminUser.OrganizationID))
30+
orgAdminClient,_:=coderdtest.CreateAnotherUser(t,adminClient,adminUser.OrganizationID,rbac.ScopedRoleOrgAdmin(adminUser.OrganizationID))
3131
orgAdminUser,err:=orgAdminClient.User(ctx,codersdk.Me)
3232
require.NoError(t,err)
3333

‎coderd/batchstats/batcher_internal_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,7 @@ func setupDeps(t *testing.T, store database.Store, ps pubsub.Pubsub) deps {
177177
_,err:=store.InsertOrganizationMember(context.Background(), database.InsertOrganizationMemberParams{
178178
OrganizationID:org.ID,
179179
UserID:user.ID,
180-
Roles: []string{rbac.RoleOrgMember(org.ID)},
180+
Roles: []string{rbac.ScopedRoleOrgMember(org.ID)},
181181
})
182182
require.NoError(t,err)
183183
tv:=dbgen.TemplateVersion(t,store, database.TemplateVersion{

‎coderd/coderdtest/coderdtest.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -681,7 +681,7 @@ func AuthzUserSubject(user codersdk.User, orgID uuid.UUID) rbac.Subject {
681681
roles=append(roles,r.Name)
682682
}
683683
// We assume only 1 org exists
684-
roles=append(roles,rbac.RoleOrgMember(orgID))
684+
roles=append(roles,rbac.ScopedRoleOrgMember(orgID))
685685

686686
return rbac.Subject{
687687
ID:user.ID.String(),

‎coderd/database/dbauthz/customroles_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -153,7 +153,7 @@ func TestUpsertCustomRoles(t *testing.T) {
153153
UUID:uuid.New(),
154154
Valid:true,
155155
},
156-
subject:merge(canAssignRole,rbac.RoleOrgAdmin(orgID.UUID)),
156+
subject:merge(canAssignRole,rbac.ScopedRoleOrgAdmin(orgID.UUID)),
157157
org:codersdk.CreatePermissions(map[codersdk.RBACResource][]codersdk.RBACAction{
158158
codersdk.ResourceWorkspace: {codersdk.ActionRead},
159159
}),
@@ -162,7 +162,7 @@ func TestUpsertCustomRoles(t *testing.T) {
162162
{
163163
name:"user-escalation",
164164
// These roles do not grant user perms
165-
subject:merge(canAssignRole,rbac.RoleOrgAdmin(orgID.UUID)),
165+
subject:merge(canAssignRole,rbac.ScopedRoleOrgAdmin(orgID.UUID)),
166166
user:codersdk.CreatePermissions(map[codersdk.RBACResource][]codersdk.RBACAction{
167167
codersdk.ResourceWorkspace: {codersdk.ActionRead},
168168
}),
@@ -190,7 +190,7 @@ func TestUpsertCustomRoles(t *testing.T) {
190190
},
191191
{
192192
name:"read-workspace-in-org",
193-
subject:merge(canAssignRole,rbac.RoleOrgAdmin(orgID.UUID)),
193+
subject:merge(canAssignRole,rbac.ScopedRoleOrgAdmin(orgID.UUID)),
194194
organizationID:orgID,
195195
org:codersdk.CreatePermissions(map[codersdk.RBACResource][]codersdk.RBACAction{
196196
codersdk.ResourceWorkspace: {codersdk.ActionRead},

‎coderd/database/dbauthz/dbauthz.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2472,7 +2472,7 @@ func (q *querier) InsertOrganization(ctx context.Context, arg database.InsertOrg
24722472

24732473
func (q*querier)InsertOrganizationMember(ctx context.Context,arg database.InsertOrganizationMemberParams) (database.OrganizationMember,error) {
24742474
// All roles are added roles. Org member is always implied.
2475-
addedRoles:=append(arg.Roles,rbac.RoleOrgMember(arg.OrganizationID))
2475+
addedRoles:=append(arg.Roles,rbac.ScopedRoleOrgMember(arg.OrganizationID))
24762476
err:=q.canAssignRoles(ctx,&arg.OrganizationID,addedRoles, []string{})
24772477
iferr!=nil {
24782478
return database.OrganizationMember{},err
@@ -2862,7 +2862,7 @@ func (q *querier) UpdateMemberRoles(ctx context.Context, arg database.UpdateMemb
28622862
}
28632863

28642864
// The org member role is always implied.
2865-
impliedTypes:=append(scopedGranted,rbac.RoleOrgMember(arg.OrgID))
2865+
impliedTypes:=append(scopedGranted,rbac.ScopedRoleOrgMember(arg.OrgID))
28662866
added,removed:=rbac.ChangeRoleSet(member.Roles,impliedTypes)
28672867
err=q.canAssignRoles(ctx,&arg.OrgID,added,removed)
28682868
iferr!=nil {

‎coderd/database/dbauthz/dbauthz_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -636,7 +636,7 @@ func (s *MethodTestSuite) TestOrganization() {
636636
check.Args(database.InsertOrganizationMemberParams{
637637
OrganizationID:o.ID,
638638
UserID:u.ID,
639-
Roles: []string{rbac.RoleOrgAdmin(o.ID)},
639+
Roles: []string{rbac.ScopedRoleOrgAdmin(o.ID)},
640640
}).Asserts(
641641
rbac.ResourceAssignRole.InOrg(o.ID),policy.ActionAssign,
642642
rbac.ResourceOrganizationMember.InOrg(o.ID).WithID(u.ID),policy.ActionCreate)
@@ -664,7 +664,7 @@ func (s *MethodTestSuite) TestOrganization() {
664664
mem:=dbgen.OrganizationMember(s.T(),db, database.OrganizationMember{
665665
OrganizationID:o.ID,
666666
UserID:u.ID,
667-
Roles: []string{rbac.RoleOrgAdmin(o.ID)},
667+
Roles: []string{rbac.ScopedRoleOrgAdmin(o.ID)},
668668
})
669669
out:=mem
670670
out.Roles= []string{}

‎coderd/httpmw/authorize_test.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ func TestExtractUserRoles(t *testing.T) {
6868
Roles:orgRoles,
6969
})
7070
require.NoError(t,err)
71-
returnuser,append(roles,append(orgRoles,rbac.RoleMember(),rbac.RoleOrgMember(org.ID))...),token
71+
returnuser,append(roles,append(orgRoles,rbac.RoleMember(),rbac.ScopedRoleOrgMember(org.ID))...),token
7272
},
7373
},
7474
{
@@ -89,8 +89,8 @@ func TestExtractUserRoles(t *testing.T) {
8989

9090
orgRoles:= []string{}
9191
ifi%2==0 {
92-
orgRoles=append(orgRoles,rbac.StaticRoleOrgAdmin())
93-
roles=append(roles,rbac.RoleOrgAdmin(organization.ID))
92+
orgRoles=append(orgRoles,rbac.RoleOrgAdmin())
93+
roles=append(roles,rbac.ScopedRoleOrgAdmin(organization.ID))
9494
}
9595
_,err=db.InsertOrganizationMember(context.Background(), database.InsertOrganizationMemberParams{
9696
OrganizationID:organization.ID,
@@ -100,7 +100,7 @@ func TestExtractUserRoles(t *testing.T) {
100100
Roles:orgRoles,
101101
})
102102
require.NoError(t,err)
103-
roles=append(roles,rbac.RoleOrgMember(organization.ID))
103+
roles=append(roles,rbac.ScopedRoleOrgMember(organization.ID))
104104
}
105105
returnuser,roles,token
106106
},

‎coderd/httpmw/organizationparam_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,7 @@ func TestOrganizationParam(t *testing.T) {
152152
_=dbgen.OrganizationMember(t,db, database.OrganizationMember{
153153
OrganizationID:organization.ID,
154154
UserID:user.ID,
155-
Roles: []string{rbac.RoleOrgMember(organization.ID)},
155+
Roles: []string{rbac.ScopedRoleOrgMember(organization.ID)},
156156
})
157157
_,err:=db.UpdateUserRoles(ctx, database.UpdateUserRolesParams{
158158
ID:user.ID,

‎coderd/organizations.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ func (api *API) postOrganizations(rw http.ResponseWriter, r *http.Request) {
9494
// come back to determining the default role of the person who
9595
// creates the org. Until that happens, all users in an organization
9696
// should be just regular members.
97-
rbac.RoleOrgMember(organization.ID),
97+
rbac.ScopedRoleOrgMember(organization.ID),
9898
},
9999
})
100100
iferr!=nil {

‎coderd/rbac/authz_internal_test.go

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -168,7 +168,7 @@ func TestFilter(t *testing.T) {
168168
Name:"Admin",
169169
Actor:Subject{
170170
ID:userIDs[0].String(),
171-
Roles:RoleNames{RoleOrgMember(orgIDs[0]),"auditor",RoleOwner(),RoleMember()},
171+
Roles:RoleNames{ScopedRoleOrgMember(orgIDs[0]),"auditor",RoleOwner(),RoleMember()},
172172
},
173173
ObjectType:ResourceWorkspace.Type,
174174
Action:policy.ActionRead,
@@ -177,7 +177,7 @@ func TestFilter(t *testing.T) {
177177
Name:"OrgAdmin",
178178
Actor:Subject{
179179
ID:userIDs[0].String(),
180-
Roles:RoleNames{RoleOrgMember(orgIDs[0]),RoleOrgAdmin(orgIDs[0]),RoleMember()},
180+
Roles:RoleNames{ScopedRoleOrgMember(orgIDs[0]),ScopedRoleOrgAdmin(orgIDs[0]),RoleMember()},
181181
},
182182
ObjectType:ResourceWorkspace.Type,
183183
Action:policy.ActionRead,
@@ -186,7 +186,7 @@ func TestFilter(t *testing.T) {
186186
Name:"OrgMember",
187187
Actor:Subject{
188188
ID:userIDs[0].String(),
189-
Roles:RoleNames{RoleOrgMember(orgIDs[0]),RoleOrgMember(orgIDs[1]),RoleMember()},
189+
Roles:RoleNames{ScopedRoleOrgMember(orgIDs[0]),ScopedRoleOrgMember(orgIDs[1]),RoleMember()},
190190
},
191191
ObjectType:ResourceWorkspace.Type,
192192
Action:policy.ActionRead,
@@ -196,11 +196,11 @@ func TestFilter(t *testing.T) {
196196
Actor:Subject{
197197
ID:userIDs[0].String(),
198198
Roles:RoleNames{
199-
RoleOrgMember(orgIDs[0]),RoleOrgAdmin(orgIDs[0]),
200-
RoleOrgMember(orgIDs[1]),RoleOrgAdmin(orgIDs[1]),
201-
RoleOrgMember(orgIDs[2]),RoleOrgAdmin(orgIDs[2]),
202-
RoleOrgMember(orgIDs[4]),
203-
RoleOrgMember(orgIDs[5]),
199+
ScopedRoleOrgMember(orgIDs[0]),ScopedRoleOrgAdmin(orgIDs[0]),
200+
ScopedRoleOrgMember(orgIDs[1]),ScopedRoleOrgAdmin(orgIDs[1]),
201+
ScopedRoleOrgMember(orgIDs[2]),ScopedRoleOrgAdmin(orgIDs[2]),
202+
ScopedRoleOrgMember(orgIDs[4]),
203+
ScopedRoleOrgMember(orgIDs[5]),
204204
RoleMember(),
205205
},
206206
},
@@ -221,10 +221,10 @@ func TestFilter(t *testing.T) {
221221
Actor:Subject{
222222
ID:userIDs[0].String(),
223223
Roles:RoleNames{
224-
RoleOrgMember(orgIDs[0]),
225-
RoleOrgMember(orgIDs[1]),
226-
RoleOrgMember(orgIDs[2]),
227-
RoleOrgMember(orgIDs[3]),
224+
ScopedRoleOrgMember(orgIDs[0]),
225+
ScopedRoleOrgMember(orgIDs[1]),
226+
ScopedRoleOrgMember(orgIDs[2]),
227+
ScopedRoleOrgMember(orgIDs[3]),
228228
RoleMember(),
229229
},
230230
},
@@ -235,7 +235,7 @@ func TestFilter(t *testing.T) {
235235
Name:"ScopeApplicationConnect",
236236
Actor:Subject{
237237
ID:userIDs[0].String(),
238-
Roles:RoleNames{RoleOrgMember(orgIDs[0]),"auditor",RoleOwner(),RoleMember()},
238+
Roles:RoleNames{ScopedRoleOrgMember(orgIDs[0]),"auditor",RoleOwner(),RoleMember()},
239239
},
240240
ObjectType:ResourceWorkspace.Type,
241241
Action:policy.ActionRead,
@@ -297,7 +297,7 @@ func TestAuthorizeDomain(t *testing.T) {
297297
Groups: []string{allUsersGroup},
298298
Roles:Roles{
299299
must(RoleByName(RoleMember())),
300-
must(RoleByName(RoleOrgMember(defOrg))),
300+
must(RoleByName(ScopedRoleOrgMember(defOrg))),
301301
},
302302
}
303303

@@ -435,7 +435,7 @@ func TestAuthorizeDomain(t *testing.T) {
435435
ID:"me",
436436
Scope:must(ExpandScope(ScopeAll)),
437437
Roles:Roles{
438-
must(RoleByName(RoleOrgAdmin(defOrg))),
438+
must(RoleByName(ScopedRoleOrgAdmin(defOrg))),
439439
must(RoleByName(RoleMember())),
440440
},
441441
}
@@ -507,7 +507,7 @@ func TestAuthorizeDomain(t *testing.T) {
507507
ID:"me",
508508
Scope:must(ExpandScope(ScopeApplicationConnect)),
509509
Roles:Roles{
510-
must(RoleByName(RoleOrgMember(defOrg))),
510+
must(RoleByName(ScopedRoleOrgMember(defOrg))),
511511
must(RoleByName(RoleMember())),
512512
},
513513
}
@@ -770,7 +770,7 @@ func TestAuthorizeLevels(t *testing.T) {
770770
},
771771
},
772772
},
773-
must(RoleByName(RoleOrgAdmin(defOrg))),
773+
must(RoleByName(ScopedRoleOrgAdmin(defOrg))),
774774
{
775775
Name:"user-deny-all",
776776
// List out deny permissions explicitly
@@ -856,7 +856,7 @@ func TestAuthorizeScope(t *testing.T) {
856856
ID:"me",
857857
Roles:Roles{
858858
must(RoleByName(RoleMember())),
859-
must(RoleByName(RoleOrgMember(defOrg))),
859+
must(RoleByName(ScopedRoleOrgMember(defOrg))),
860860
},
861861
Scope:must(ExpandScope(ScopeApplicationConnect)),
862862
}
@@ -892,7 +892,7 @@ func TestAuthorizeScope(t *testing.T) {
892892
ID:"me",
893893
Roles:Roles{
894894
must(RoleByName(RoleMember())),
895-
must(RoleByName(RoleOrgMember(defOrg))),
895+
must(RoleByName(ScopedRoleOrgMember(defOrg))),
896896
},
897897
Scope:Scope{
898898
Role:Role{
@@ -981,7 +981,7 @@ func TestAuthorizeScope(t *testing.T) {
981981
ID:"me",
982982
Roles:Roles{
983983
must(RoleByName(RoleMember())),
984-
must(RoleByName(RoleOrgMember(defOrg))),
984+
must(RoleByName(ScopedRoleOrgMember(defOrg))),
985985
},
986986
Scope:Scope{
987987
Role:Role{

‎coderd/rbac/authz_test.go

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ func benchmarkUserCases() (cases []benchmarkCase, users uuid.UUID, orgs []uuid.U
4949
Name:"Admin",
5050
Actor: rbac.Subject{
5151
// Give some extra roles that an admin might have
52-
Roles: rbac.RoleNames{rbac.RoleOrgMember(orgs[0]),"auditor",rbac.RoleOwner(),rbac.RoleMember()},
52+
Roles: rbac.RoleNames{rbac.ScopedRoleOrgMember(orgs[0]),"auditor",rbac.RoleOwner(),rbac.RoleMember()},
5353
ID:user.String(),
5454
Scope:rbac.ScopeAll,
5555
Groups:noiseGroups,
@@ -58,7 +58,7 @@ func benchmarkUserCases() (cases []benchmarkCase, users uuid.UUID, orgs []uuid.U
5858
{
5959
Name:"OrgAdmin",
6060
Actor: rbac.Subject{
61-
Roles: rbac.RoleNames{rbac.RoleOrgMember(orgs[0]),rbac.RoleOrgAdmin(orgs[0]),rbac.RoleMember()},
61+
Roles: rbac.RoleNames{rbac.ScopedRoleOrgMember(orgs[0]),rbac.ScopedRoleOrgAdmin(orgs[0]),rbac.RoleMember()},
6262
ID:user.String(),
6363
Scope:rbac.ScopeAll,
6464
Groups:noiseGroups,
@@ -68,7 +68,7 @@ func benchmarkUserCases() (cases []benchmarkCase, users uuid.UUID, orgs []uuid.U
6868
Name:"OrgMember",
6969
Actor: rbac.Subject{
7070
// Member of 2 orgs
71-
Roles: rbac.RoleNames{rbac.RoleOrgMember(orgs[0]),rbac.RoleOrgMember(orgs[1]),rbac.RoleMember()},
71+
Roles: rbac.RoleNames{rbac.ScopedRoleOrgMember(orgs[0]),rbac.ScopedRoleOrgMember(orgs[1]),rbac.RoleMember()},
7272
ID:user.String(),
7373
Scope:rbac.ScopeAll,
7474
Groups:noiseGroups,
@@ -79,9 +79,9 @@ func benchmarkUserCases() (cases []benchmarkCase, users uuid.UUID, orgs []uuid.U
7979
Actor: rbac.Subject{
8080
// Admin of many orgs
8181
Roles: rbac.RoleNames{
82-
rbac.RoleOrgMember(orgs[0]),rbac.RoleOrgAdmin(orgs[0]),
83-
rbac.RoleOrgMember(orgs[1]),rbac.RoleOrgAdmin(orgs[1]),
84-
rbac.RoleOrgMember(orgs[2]),rbac.RoleOrgAdmin(orgs[2]),
82+
rbac.ScopedRoleOrgMember(orgs[0]),rbac.ScopedRoleOrgAdmin(orgs[0]),
83+
rbac.ScopedRoleOrgMember(orgs[1]),rbac.ScopedRoleOrgAdmin(orgs[1]),
84+
rbac.ScopedRoleOrgMember(orgs[2]),rbac.ScopedRoleOrgAdmin(orgs[2]),
8585
rbac.RoleMember(),
8686
},
8787
ID:user.String(),
@@ -94,9 +94,9 @@ func benchmarkUserCases() (cases []benchmarkCase, users uuid.UUID, orgs []uuid.U
9494
Actor: rbac.Subject{
9595
// Admin of many orgs
9696
Roles: rbac.RoleNames{
97-
rbac.RoleOrgMember(orgs[0]),rbac.RoleOrgAdmin(orgs[0]),
98-
rbac.RoleOrgMember(orgs[1]),rbac.RoleOrgAdmin(orgs[1]),
99-
rbac.RoleOrgMember(orgs[2]),rbac.RoleOrgAdmin(orgs[2]),
97+
rbac.ScopedRoleOrgMember(orgs[0]),rbac.ScopedRoleOrgAdmin(orgs[0]),
98+
rbac.ScopedRoleOrgMember(orgs[1]),rbac.ScopedRoleOrgAdmin(orgs[1]),
99+
rbac.ScopedRoleOrgMember(orgs[2]),rbac.ScopedRoleOrgAdmin(orgs[2]),
100100
rbac.RoleMember(),
101101
},
102102
ID:user.String(),
@@ -108,7 +108,7 @@ func benchmarkUserCases() (cases []benchmarkCase, users uuid.UUID, orgs []uuid.U
108108
Name:"AdminWithScope",
109109
Actor: rbac.Subject{
110110
// Give some extra roles that an admin might have
111-
Roles: rbac.RoleNames{rbac.RoleOrgMember(orgs[0]),"auditor",rbac.RoleOwner(),rbac.RoleMember()},
111+
Roles: rbac.RoleNames{rbac.ScopedRoleOrgMember(orgs[0]),"auditor",rbac.RoleOwner(),rbac.RoleMember()},
112112
ID:user.String(),
113113
Scope:rbac.ScopeApplicationConnect,
114114
Groups:noiseGroups,

‎coderd/rbac/roles.go

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -70,19 +70,25 @@ func RoleMember() string {
7070
returnRoleName(member,"")
7171
}
7272

73-
funcStaticRoleOrgAdmin()string {
73+
funcRoleOrgAdmin()string {
7474
returnorgAdmin
7575
}
7676

77-
funcStaticRoleOrgMember()string {
77+
funcRoleOrgMember()string {
7878
returnorgMember
7979
}
8080

81-
funcRoleOrgAdmin(organizationID uuid.UUID)string {
81+
// ScopedRoleOrgAdmin is the org role with the organization ID
82+
// Deprecated This was used before organization scope was included as a
83+
// field in all user facing APIs. Usage of 'ScopedRoleOrgAdmin()' is preferred.
84+
funcScopedRoleOrgAdmin(organizationID uuid.UUID)string {
8285
returnRoleName(orgAdmin,organizationID.String())
8386
}
8487

85-
funcRoleOrgMember(organizationID uuid.UUID)string {
88+
// ScopedRoleOrgMember is the org role with the organization ID
89+
// Deprecated This was used before organization scope was included as a
90+
// field in all user facing APIs. Usage of 'ScopedRoleOrgMember()' is preferred.
91+
funcScopedRoleOrgMember(organizationID uuid.UUID)string {
8692
returnRoleName(orgMember,organizationID.String())
8793
}
8894

‎coderd/rbac/roles_internal_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ import (
2020
// A possible large improvement would be to implement the ast.Value interface directly.
2121
funcBenchmarkRBACValueAllocation(b*testing.B) {
2222
actor:=Subject{
23-
Roles:RoleNames{RoleOrgMember(uuid.New()),RoleOrgAdmin(uuid.New()),RoleMember()},
23+
Roles:RoleNames{ScopedRoleOrgMember(uuid.New()),ScopedRoleOrgAdmin(uuid.New()),RoleMember()},
2424
ID:uuid.NewString(),
2525
Scope:ScopeAll,
2626
Groups: []string{uuid.NewString(),uuid.NewString(),uuid.NewString()},
@@ -73,7 +73,7 @@ func TestRegoInputValue(t *testing.T) {
7373
// Expand all roles and make sure we have a good copy.
7474
// This is because these tests modify the roles, and we don't want to
7575
// modify the original roles.
76-
roles,err:=RoleNames{RoleOrgMember(uuid.New()),RoleOrgAdmin(uuid.New()),RoleMember()}.Expand()
76+
roles,err:=RoleNames{ScopedRoleOrgMember(uuid.New()),ScopedRoleOrgAdmin(uuid.New()),RoleMember()}.Expand()
7777
require.NoError(t,err,"failed to expand roles")
7878
fori:=rangeroles {
7979
// If all cached values are nil, then the role will not use

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp