Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitf7d22ea

Browse files
committed
chore: refactor, remove organiation_id from org_member roles
Organization member's table is already scoped to an organization.Rolename should avoid having the org_id appended
1 parent0ea89a3 commitf7d22ea

File tree

8 files changed

+33
-9
lines changed

8 files changed

+33
-9
lines changed

‎coderd/coderdtest/coderdtest.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -663,6 +663,7 @@ func CreateFirstUser(t testing.TB, client *codersdk.Client) codersdk.CreateFirst
663663
}
664664

665665
// CreateAnotherUser creates and authenticates a new user.
666+
// Roles can include org scoped roles with 'roleName:<organization_id>'
666667
funcCreateAnotherUser(t testing.TB,client*codersdk.Client,organizationID uuid.UUID,roles...string) (*codersdk.Client, codersdk.User) {
667668
returncreateAnotherUserRetry(t,client,organizationID,5,roles)
668669
}
@@ -754,6 +755,8 @@ func createAnotherUserRetry(t testing.TB, client *codersdk.Client, organizationI
754755
for_,roleName:=rangeroles {
755756
roleName:=roleName
756757
orgID,ok:=rbac.IsOrgRole(roleName)
758+
roleName,_,err=rbac.RoleSplit(roleName)
759+
require.NoError(t,err,"split org role name")
757760
ifok {
758761
orgRoles[orgID]=append(orgRoles[orgID],roleName)
759762
}else {

‎coderd/database/dbauthz/dbauthz.go

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2847,8 +2847,15 @@ func (q *querier) UpdateMemberRoles(ctx context.Context, arg database.UpdateMemb
28472847
return database.OrganizationMember{},err
28482848
}
28492849

2850+
// The 'rbac' package expects role names to be scoped.
2851+
// Convert the argument roles for validation.
2852+
scopedGranted:=make([]string,0,len(arg.GrantedRoles))
2853+
for_,grantedRole:=rangearg.GrantedRoles {
2854+
scopedGranted=append(scopedGranted,rbac.RoleName(grantedRole,arg.OrgID.String()))
2855+
}
2856+
28502857
// The org member role is always implied.
2851-
impliedTypes:=append(arg.GrantedRoles,rbac.RoleOrgMember(arg.OrgID))
2858+
impliedTypes:=append(scopedGranted,rbac.RoleOrgMember(arg.OrgID))
28522859
added,removed:=rbac.ChangeRoleSet(member.Roles,impliedTypes)
28532860
err=q.canAssignRoles(ctx,&arg.OrgID,added,removed)
28542861
iferr!=nil {

‎coderd/database/dbmem/dbmem.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1997,7 +1997,9 @@ func (q *FakeQuerier) GetAuthorizationUserRoles(_ context.Context, userID uuid.U
19971997

19981998
for_,mem:=rangeq.organizationMembers {
19991999
ifmem.UserID==userID {
2000-
roles=append(roles,mem.Roles...)
2000+
for_,orgRole:=rangemem.Roles {
2001+
roles=append(roles,orgRole+":"+mem.OrganizationID.String())
2002+
}
20012003
roles=append(roles,"organization-member:"+mem.OrganizationID.String())
20022004
}
20032005
}

‎coderd/database/dump.sql

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
ALTERTABLE ONLY organization_members ALTER COLUMN rolesSET DEFAULT'{organization-member}';
Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
-- The default was 'organization-member', but we imply that in the
2+
-- 'GetAuthorizationUserRoles' query.
3+
ALTERTABLE ONLY organization_members ALTER COLUMN rolesSET DEFAULT'{}';
4+
5+
-- No one should be using organization roles yet. If they are, the names in the
6+
-- database are now incorrect. Just remove them all.
7+
UPDATE organization_membersSET roles='{}';

‎coderd/database/queries.sql.go

Lines changed: 5 additions & 3 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/database/queries/users.sql

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -227,12 +227,14 @@ SELECT
227227
array_append(users.rbac_roles,'member'),
228228
(
229229
SELECT
230-
array_agg(org_roles)
230+
-- The roles are returned as a flat array, org scoped and site side.
231+
-- Concatenating the organization id scopes the organization roles.
232+
array_agg(org_roles||':'||organization_members.organization_id::text)
231233
FROM
232234
organization_members,
233-
-- All org_members get theorg-member role for their orgs
235+
-- All org_members get theorganization-member role for their orgs
234236
unnest(
235-
array_append(roles,'organization-member:'||organization_members.organization_id::text)
237+
array_append(roles,'organization-member')
236238
)AS org_roles
237239
WHERE
238240
user_id=users.id

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp