Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

refactor: Return DisplayName and Name in the roles endpoint#1328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
BrunoQuaresma merged 2 commits intomainfrombq/return-role-display-name
May 6, 2022
Merged
Show file tree
Hide file tree
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 17 additions & 12 deletionscoderd/rbac/builtin.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -51,7 +51,8 @@ var (
// admin grants all actions to all resources.
admin: func(_ string) Role {
return Role{
Name: admin,
Name: admin,
DisplayName: "Admin",
Site: permissions(map[Object][]Action{
ResourceWildcard: {WildcardSymbol},
}),
Expand All@@ -61,7 +62,8 @@ var (
// member grants all actions to all resources owned by the user
member: func(_ string) Role {
return Role{
Name: member,
Name: member,
DisplayName: "Member",
User: permissions(map[Object][]Action{
ResourceWildcard: {WildcardSymbol},
}),
Expand All@@ -73,7 +75,8 @@ var (
// TODO: Finish the auditor as we add resources.
auditor: func(_ string) Role {
return Role{
Name: "auditor",
Name: "auditor",
DisplayName: "Auditor",
Site: permissions(map[Object][]Action{
// Should be able to read all template details, even in orgs they
// are not in.
Expand All@@ -86,7 +89,8 @@ var (
// organization scope.
orgAdmin: func(organizationID string) Role {
return Role{
Name: roleName(orgAdmin, organizationID),
Name: roleName(orgAdmin, organizationID),
DisplayName: "Organization Admin",
Org: map[string][]Permission{
organizationID: {
{
Expand All@@ -104,7 +108,8 @@ var (
// in an organization.
orgMember: func(organizationID string) Role {
return Role{
Name: roleName(orgMember, organizationID),
Name: roleName(orgMember, organizationID),
DisplayName: "Organization Member",
Org: map[string][]Permission{
organizationID: {},
},
Expand DownExpand Up@@ -151,11 +156,11 @@ func IsOrgRole(roleName string) (string, bool) {
//
// This should be a list in a database, but until then we build
// the list from the builtins.
func OrganizationRoles(organizationID uuid.UUID) []string {
var roles []string
func OrganizationRoles(organizationID uuid.UUID) []Role {
var roles []Role
for _, roleF := range builtInRoles {
role := roleF(organizationID.String()).Name
_, scope, err := roleSplit(role)
role := roleF(organizationID.String())
_, scope, err := roleSplit(role.Name)
if err != nil {
// This should never happen
continue
Expand All@@ -172,8 +177,8 @@ func OrganizationRoles(organizationID uuid.UUID) []string {
//
// This should be a list in a database, but until then we build
// the list from the builtins.
func SiteRoles() []string {
var roles []string
func SiteRoles() []Role {
var roles []Role
for _, roleF := range builtInRoles {
role := roleF("random")
_, scope, err := roleSplit(role.Name)
Expand All@@ -182,7 +187,7 @@ func SiteRoles() []string {
continue
}
if scope == "" {
roles = append(roles, role.Name)
roles = append(roles, role)
}
}
return roles
Expand Down
16 changes: 14 additions & 2 deletionscoderd/rbac/builtin_test.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -65,19 +65,31 @@ func TestIsOrgRole(t *testing.T) {
func TestListRoles(t *testing.T) {
t.Parallel()

siteRoles := rbac.SiteRoles()
siteRoleNames := make([]string, 0, len(siteRoles))
for _, role := range siteRoles {
siteRoleNames = append(siteRoleNames, role.Name)
}

// If this test is ever failing, just update the list to the roles
// expected from the builtin set.
require.ElementsMatch(t, []string{
"admin",
"member",
"auditor",
},
rbac.SiteRoles())
siteRoleNames)

orgID := uuid.New()
orgRoles := rbac.OrganizationRoles(orgID)
orgRoleNames := make([]string, 0, len(orgRoles))
for _, role := range orgRoles {
orgRoleNames = append(orgRoleNames, role.Name)
}

require.ElementsMatch(t, []string{
fmt.Sprintf("organization-admin:%s", orgID.String()),
fmt.Sprintf("organization-member:%s", orgID.String()),
},
rbac.OrganizationRoles(orgID))
orgRoleNames)
}
5 changes: 3 additions & 2 deletionscoderd/rbac/role.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -17,8 +17,9 @@ type Permission struct {
// Users of this package should instead **only** use the role names, and
// this package will expand the role names into their json payloads.
type Role struct {
Name string `json:"name"`
Site []Permission `json:"site"`
Name string `json:"name"`
DisplayName string `json:"display_name"`
Site []Permission `json:"site"`
// Org is a map of orgid to permissions. We represent orgid as a string.
// We scope the organizations in the role so we can easily combine all the
// roles.
Expand Down
5 changes: 3 additions & 2 deletionscoderd/roles.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -4,6 +4,7 @@ import (
"net/http"

"github.com/coder/coder/coderd/httpmw"
"github.com/coder/coder/codersdk"

"github.com/coder/coder/coderd/httpapi"
"github.com/coder/coder/coderd/rbac"
Expand All@@ -14,7 +15,7 @@ func (*api) assignableSiteRoles(rw http.ResponseWriter, _ *http.Request) {
// TODO: @emyrk in the future, allow granular subsets of roles to be returned based on the
// role of the user.
roles := rbac.SiteRoles()
httpapi.Write(rw, http.StatusOK, roles)
httpapi.Write(rw, http.StatusOK,codersdk.ConvertRoles(roles))
}

// assignableSiteRoles returns all site wide roles that can be assigned.
Expand All@@ -23,5 +24,5 @@ func (*api) assignableOrgRoles(rw http.ResponseWriter, r *http.Request) {
// role of the user.
organization := httpmw.OrganizationParam(r)
roles := rbac.OrganizationRoles(organization.ID)
httpapi.Write(rw, http.StatusOK, roles)
httpapi.Write(rw, http.StatusOK,codersdk.ConvertRoles(roles))
}
26 changes: 13 additions & 13 deletionscoderd/roles_test.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -45,68 +45,68 @@ func TestListRoles(t *testing.T) {
testCases := []struct {
Name string
Client *codersdk.Client
APICall func() ([]string, error)
ExpectedRoles []string
APICall func() ([]codersdk.Role, error)
ExpectedRoles []codersdk.Role
AuthorizedError string
}{
{
Name: "MemberListSite",
APICall: func() ([]string, error) {
APICall: func() ([]codersdk.Role, error) {
x, err := member.ListSiteRoles(ctx)
return x, err
},
AuthorizedError: unauth,
},
{
Name: "OrgMemberListOrg",
APICall: func() ([]string, error) {
APICall: func() ([]codersdk.Role, error) {
return member.ListOrganizationRoles(ctx, admin.OrganizationID)
},
AuthorizedError: unauth,
},
{
Name: "NonOrgMemberListOrg",
APICall: func() ([]string, error) {
APICall: func() ([]codersdk.Role, error) {
return member.ListOrganizationRoles(ctx, otherOrg.ID)
},
AuthorizedError: notMember,
},
// Org admin
{
Name: "OrgAdminListSite",
APICall: func() ([]string, error) {
APICall: func() ([]codersdk.Role, error) {
return orgAdmin.ListSiteRoles(ctx)
},
AuthorizedError: unauth,
},
{
Name: "OrgAdminListOrg",
APICall: func() ([]string, error) {
APICall: func() ([]codersdk.Role, error) {
return orgAdmin.ListOrganizationRoles(ctx, admin.OrganizationID)
},
ExpectedRoles: rbac.OrganizationRoles(admin.OrganizationID),
ExpectedRoles:codersdk.ConvertRoles(rbac.OrganizationRoles(admin.OrganizationID)),
},
{
Name: "OrgAdminListOtherOrg",
APICall: func() ([]string, error) {
APICall: func() ([]codersdk.Role, error) {
return orgAdmin.ListOrganizationRoles(ctx, otherOrg.ID)
},
AuthorizedError: notMember,
},
// Admin
{
Name: "AdminListSite",
APICall: func() ([]string, error) {
APICall: func() ([]codersdk.Role, error) {
return client.ListSiteRoles(ctx)
},
ExpectedRoles: rbac.SiteRoles(),
ExpectedRoles:codersdk.ConvertRoles(rbac.SiteRoles()),
},
{
Name: "AdminListOrg",
APICall: func() ([]string, error) {
APICall: func() ([]codersdk.Role, error) {
return client.ListOrganizationRoles(ctx, admin.OrganizationID)
},
ExpectedRoles: rbac.OrganizationRoles(admin.OrganizationID),
ExpectedRoles:codersdk.ConvertRoles(rbac.OrganizationRoles(admin.OrganizationID)),
},
}

Expand Down
8 changes: 4 additions & 4 deletionscoderd/users.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -361,10 +361,10 @@ func (api *api) putUserSuspend(rw http.ResponseWriter, r *http.Request) {
}

func (api *api) putUserPassword(rw http.ResponseWriter, r *http.Request) {
var (
user = httpmw.UserParam(r)
params codersdk.UpdateUserPasswordRequest
)
var (
user = httpmw.UserParam(r)
params codersdk.UpdateUserPasswordRequest
)
if !httpapi.Read(rw, r, &params) {
return
}
Expand Down
25 changes: 21 additions & 4 deletionscodersdk/roles.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -6,12 +6,18 @@ import (
"fmt"
"net/http"

"github.com/coder/coder/coderd/rbac"
"github.com/google/uuid"
)

type Role struct {
Name string `json:"name"`
DisplayName string `json:"display_name"`
}

// ListSiteRoles lists all available site wide roles.
// This is not user specific.
func (c *Client) ListSiteRoles(ctx context.Context) ([]string, error) {
func (c *Client) ListSiteRoles(ctx context.Context) ([]Role, error) {
res, err := c.request(ctx, http.MethodGet, "/api/v2/users/roles", nil)
if err != nil {
return nil, err
Expand All@@ -20,13 +26,13 @@ func (c *Client) ListSiteRoles(ctx context.Context) ([]string, error) {
if res.StatusCode != http.StatusOK {
return nil, readBodyAsError(res)
}
var roles []string
var roles []Role
return roles, json.NewDecoder(res.Body).Decode(&roles)
}

// ListOrganizationRoles lists all available roles for a given organization.
// This is not user specific.
func (c *Client) ListOrganizationRoles(ctx context.Context, org uuid.UUID) ([]string, error) {
func (c *Client) ListOrganizationRoles(ctx context.Context, org uuid.UUID) ([]Role, error) {
res, err := c.request(ctx, http.MethodGet, fmt.Sprintf("/api/v2/organizations/%s/members/roles/", org.String()), nil)
if err != nil {
return nil, err
Expand All@@ -35,6 +41,17 @@ func (c *Client) ListOrganizationRoles(ctx context.Context, org uuid.UUID) ([]st
if res.StatusCode != http.StatusOK {
return nil, readBodyAsError(res)
}
var roles []string
var roles []Role
return roles, json.NewDecoder(res.Body).Decode(&roles)
}

func ConvertRoles(roles []rbac.Role) []Role {
converted := make([]Role, 0, len(roles))
for _, role := range roles {
converted = append(converted, Role{
DisplayName: role.DisplayName,
Name: role.Name,
})
}
return converted
}
[8]ページ先頭
©2009-2025 Movatter.jp