Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

chore: include custom roles in list org roles#13336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
Emyrk merged 8 commits intomainfromstevenmasley/list_org_roles
May 23, 2024

Conversation

Emyrk
Copy link
Member

@EmyrkEmyrk commentedMay 21, 2024
edited
Loading

What this does

This moves the role list command to the organization subcommands, we are not going to do custom site wide roles at this time.

Listing org roles now includes custom org roles.

Role naming

In the rbac rego policy, role names across different scopes are deconflicted withrolenName:scopeID. The API uses aname field and anorganizationID field, which is more intuitive for users.

This PR handles this translation for custom roles.

Cli command

Moves site-wide cli -> org cli. Org wide roles coming first, so removing site wide in favor of org.

The previous cli command was for site wide-roles. It was decided to do custom org roles first, so moving the site cli command to org scope, and removing the site wide cli command for now.

$ coder organizations roles showNAME                DISPLAY NAME        SITE PERMISSIONS  ORG PERMISSIONS  USER PERMISSIONS  BUILT INorganization-admin  Organization Admin  0 permissions     1 organizations  0 permissionstrue

Future work

Implementing an api for submitting custom org roles and using them. This is just the foundation to assert they exist when I add the "edit roles" api.

Comment on lines +26 to +39
const expectedRole = "test-role"
dbgen.CustomRole(t, db, database.CustomRole{
Name: expectedRole,
DisplayName: "Expected",
SitePermissions: nil,
OrgPermissions: nil,
UserPermissions: nil,
OrganizationID: uuid.NullUUID{
UUID: owner.OrganizationID,
Valid: true,
},
})
Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

API to make custom org roles does not exist yet. I'll circle back to this when I get org role editing in.

It's a chicken and the egg problem

Comment on lines +11 to +14
-- Case insensitive lookup with org_id appended (if non-null).
-- This will return just the name if org_id is null. It'll append
-- the org_id if not null
concat(name, NULLIF(concat(':', organization_id), ':')) ILIKE ANY(@lookup_roles :: text [])
Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

This logic is not ideal, but it removes a good chunk of logic in the APIKey middlewhere, which is where this argument is exclusively used atm.

I would prefer to do some tuple lookup, where the parameter is something like:

typeRoleLookupstruct {NamestringOrganizationIDstring}typeLookUp []RoleLookup

I am unsure if sqlc can support this. So this is what it will look like for now.

@EmyrkEmyrk marked this pull request as ready for reviewMay 21, 2024 22:45
@EmyrkEmyrk requested a review fromjohnstcnMay 21, 2024 22:45
Copy link
Member

@johnstcnjohnstcn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

For some reason theroles command isn't recognised for me?

./scripts/coder-dev.sh roles Encountered an error running "coder", see "coder --help" for more informationerror: unrecognized subcommand "roles"

There appears to have been no change to the CLI docs as well; is this intentional?

@Emyrk
Copy link
MemberAuthor

Emyrk commentedMay 23, 2024
edited
Loading

For some reason theroles command isn't recognised for me?

./scripts/coder-dev.sh roles Encountered an error running "coder", see "coder --help" for more informationerror: unrecognized subcommand "roles"

There appears to have been no change to the CLI docs as well; is this intentional?

Here is the merge for theroles command, which I removed in the PR and moved toorganizations. Egcoder organization roles show

#13303

Cli docs are not updated as this is not a shipped feature. This is going to ship with multi-org, which is still underway. I don't think it is worth adding docs until the custom roles story is complete, which is still a few PRs away.

@EmyrkEmyrkforce-pushed thestevenmasley/list_org_roles branch from655a30a toa0e5aefCompareMay 23, 2024 04:18
@EmyrkEmyrk requested a review fromjohnstcnMay 23, 2024 06:15
@EmyrkEmyrk merged commit1b4ca00 intomainMay 23, 2024
31 checks passed
@EmyrkEmyrk deleted the stevenmasley/list_org_roles branchMay 23, 2024 17:55
@github-actionsgithub-actionsbot locked and limited conversation to collaboratorsMay 23, 2024
Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.
Reviewers

@johnstcnjohnstcnjohnstcn approved these changes

Assignees

@EmyrkEmyrk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

2 participants
@Emyrk@johnstcn
[8]ページ先頭
©2009-2025 Movatter.jp