NotificationsYou must be signed in to change notification settings
Fork927
Star10.1k

Commitef7fcf3

authored

fix: include dormant users in template acl query (#14461)

The issue is that if you add a user and then immediately go to give thempermissions, you can add them but they will not show up in the UI. Theyalso do not show up in the audit log entry.

1 parent49afab1 commitef7fcf3Copy full SHA for ef7fcf3

File tree

2 files changed

+41

-1

lines changed

coderd/database
- modelqueries.go
enterprise/coderd
- templates_test.go

2 files changed

+41

-1

lines changed

`‎coderd/database/modelqueries.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -167,7 +167,7 @@ func (q *sqlQuerier) GetTemplateUserRoles(ctx context.Context, id uuid.UUID) ([]`
`167`	`167`	`WHERE`
`168`	`168`	`users.deleted = false`
`169`	`169`	`AND`
`170`		`-users.status = 'active';`
	`170`	`+users.status!= 'suspended';`
`171`	`171`	`
`172`	`172`
`173`	`173`	`vartus []TemplateUser`

`‎enterprise/coderd/templates_test.go`

Lines changed: 40 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1025,6 +1025,46 @@ func TestTemplateACL(t *testing.T) {`
`1025`	`1025`	`require.Len(t,acl.Users,0,"deleted users should be filtered")`
`1026`	`1026`	`})`
`1027`	`1027`
	`1028`	`+// Test that we do not filter dormant users.`
	`1029`	`+t.Run("IncludeDormantUsers",func(t*testing.T) {`
	`1030`	`+t.Parallel()`
	`1031`	`+`
	`1032`	`+client,user:=coderdenttest.New(t,&coderdenttest.Options{LicenseOptions:&coderdenttest.LicenseOptions{`
	`1033`	`+Features: license.Features{`
	`1034`	`+codersdk.FeatureTemplateRBAC:1,`
	`1035`	`+},`
	`1036`	`+}})`
	`1037`	`+anotherClient,_:=coderdtest.CreateAnotherUser(t,client,user.OrganizationID,rbac.RoleTemplateAdmin(),rbac.RoleUserAdmin())`
	`1038`	`+`
	`1039`	`+ctx:=testutil.Context(t,testutil.WaitLong)`
	`1040`	`+`
	`1041`	`+// nolint:gocritic // Must use owner to create user.`
	`1042`	`+user1,err:=client.CreateUserWithOrgs(ctx, codersdk.CreateUserRequestWithOrgs{`
	`1043`	`+Email:"coder@coder.com",`
	`1044`	`+Username:"coder",`
	`1045`	`+Password:"SomeStrongPassword!",`
	`1046`	`+OrganizationIDs: []uuid.UUID{user.OrganizationID},`
	`1047`	`+})`
	`1048`	`+require.NoError(t,err)`
	`1049`	`+require.Equal(t,codersdk.UserStatusDormant,user1.Status)`
	`1050`	`+version:=coderdtest.CreateTemplateVersion(t,client,user.OrganizationID,nil)`
	`1051`	`+template:=coderdtest.CreateTemplate(t,client,user.OrganizationID,version.ID)`
	`1052`	`+`
	`1053`	`+err=anotherClient.UpdateTemplateACL(ctx,template.ID, codersdk.UpdateTemplateACL{`
	`1054`	`+UserPerms:map[string]codersdk.TemplateRole{`
	`1055`	`+user1.ID.String():codersdk.TemplateRoleUse,`
	`1056`	`+},`
	`1057`	`+})`
	`1058`	`+require.NoError(t,err)`
	`1059`	`+`
	`1060`	`+acl,err:=anotherClient.TemplateACL(ctx,template.ID)`
	`1061`	`+require.NoError(t,err)`
	`1062`	`+require.Contains(t,acl.Users, codersdk.TemplateUser{`
	`1063`	`+User:user1,`
	`1064`	`+Role:codersdk.TemplateRoleUse,`
	`1065`	`+})`
	`1066`	`+})`
	`1067`	`+`
`1028`	`1068`	`// Test that we do not return suspended users.`
`1029`	`1069`	`t.Run("FilterSuspendedUsers",func(t*testing.T) {`
`1030`	`1070`	`t.Parallel()`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitef7fcf3

File tree

2 files changed

2 files changed

`‎coderd/database/modelqueries.go`

`‎enterprise/coderd/templates_test.go`

0 commit comments