Skip to content

Commit a32d61f

Browse files
Emyrkhugodutka
Emyrk
authored and
hugodutka
committed
Use rbac objects directly
1 parent 0ed5f10 commit a32d61f

File tree

1 file changed

+8
-6
lines changed

1 file changed

+8
-6
lines changed

coderd/database/dbauthz/dbauthz_test.go

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1840,21 +1840,21 @@ func (s *MethodTestSuite) TestUser() {
18401840
s.Run("InsertGitSSHKey", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
18411841
u := testutil.Fake(s.T(), faker, database.User{})
18421842
arg := database.InsertGitSSHKeyParams{UserID: u.ID}
1843-
dbm.EXPECT().InsertGitSSHKey(gomock.Any(), arg).Return(database.GitSSHKey{}, nil).AnyTimes()
1843+
dbm.EXPECT().InsertGitSSHKey(gomock.Any(), arg).Return(database.GitSSHKey{UserID: u.ID}, nil).AnyTimes()
18441844
check.Args(arg).Asserts(u, policy.ActionUpdatePersonal)
18451845
}))
18461846
s.Run("UpdateGitSSHKey", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
18471847
key := testutil.Fake(s.T(), faker, database.GitSSHKey{})
18481848
arg := database.UpdateGitSSHKeyParams{UserID: key.UserID, UpdatedAt: key.UpdatedAt}
18491849
dbm.EXPECT().GetGitSSHKey(gomock.Any(), key.UserID).Return(key, nil).AnyTimes()
18501850
dbm.EXPECT().UpdateGitSSHKey(gomock.Any(), arg).Return(key, nil).AnyTimes()
1851-
check.Args(arg).Asserts(rbac.ResourceUserObject(key.UserID), policy.ActionUpdatePersonal).Returns(key)
1851+
check.Args(arg).Asserts(key, policy.ActionUpdatePersonal).Returns(key)
18521852
}))
18531853
s.Run("GetExternalAuthLink", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
18541854
link := testutil.Fake(s.T(), faker, database.ExternalAuthLink{})
18551855
arg := database.GetExternalAuthLinkParams{ProviderID: link.ProviderID, UserID: link.UserID}
18561856
dbm.EXPECT().GetExternalAuthLink(gomock.Any(), arg).Return(link, nil).AnyTimes()
1857-
check.Args(arg).Asserts(rbac.ResourceUserObject(link.UserID), policy.ActionReadPersonal).Returns(link)
1857+
check.Args(arg).Asserts(link, policy.ActionReadPersonal).Returns(link)
18581858
}))
18591859
s.Run("InsertExternalAuthLink", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
18601860
u := testutil.Fake(s.T(), faker, database.User{})
@@ -1867,21 +1867,21 @@ func (s *MethodTestSuite) TestUser() {
18671867
arg := database.UpdateExternalAuthLinkRefreshTokenParams{OAuthRefreshToken: "", OAuthRefreshTokenKeyID: "", ProviderID: link.ProviderID, UserID: link.UserID, UpdatedAt: link.UpdatedAt}
18681868
dbm.EXPECT().GetExternalAuthLink(gomock.Any(), database.GetExternalAuthLinkParams{ProviderID: link.ProviderID, UserID: link.UserID}).Return(link, nil).AnyTimes()
18691869
dbm.EXPECT().UpdateExternalAuthLinkRefreshToken(gomock.Any(), arg).Return(nil).AnyTimes()
1870-
check.Args(arg).Asserts(rbac.ResourceUserObject(link.UserID), policy.ActionUpdatePersonal)
1870+
check.Args(arg).Asserts(link, policy.ActionUpdatePersonal)
18711871
}))
18721872
s.Run("UpdateExternalAuthLink", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
18731873
link := testutil.Fake(s.T(), faker, database.ExternalAuthLink{})
18741874
arg := database.UpdateExternalAuthLinkParams{ProviderID: link.ProviderID, UserID: link.UserID, OAuthAccessToken: link.OAuthAccessToken, OAuthRefreshToken: link.OAuthRefreshToken, OAuthExpiry: link.OAuthExpiry, UpdatedAt: link.UpdatedAt}
18751875
dbm.EXPECT().GetExternalAuthLink(gomock.Any(), database.GetExternalAuthLinkParams{ProviderID: link.ProviderID, UserID: link.UserID}).Return(link, nil).AnyTimes()
18761876
dbm.EXPECT().UpdateExternalAuthLink(gomock.Any(), arg).Return(link, nil).AnyTimes()
1877-
check.Args(arg).Asserts(rbac.ResourceUserObject(link.UserID), policy.ActionUpdatePersonal).Returns(link)
1877+
check.Args(arg).Asserts(link, policy.ActionUpdatePersonal).Returns(link)
18781878
}))
18791879
s.Run("UpdateUserLink", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
18801880
link := testutil.Fake(s.T(), faker, database.UserLink{})
18811881
arg := database.UpdateUserLinkParams{OAuthAccessToken: link.OAuthAccessToken, OAuthRefreshToken: link.OAuthRefreshToken, OAuthExpiry: link.OAuthExpiry, UserID: link.UserID, LoginType: link.LoginType, Claims: database.UserLinkClaims{}}
18821882
dbm.EXPECT().GetUserLinkByUserIDLoginType(gomock.Any(), database.GetUserLinkByUserIDLoginTypeParams{UserID: link.UserID, LoginType: link.LoginType}).Return(link, nil).AnyTimes()
18831883
dbm.EXPECT().UpdateUserLink(gomock.Any(), arg).Return(link, nil).AnyTimes()
1884-
check.Args(arg).Asserts(rbac.ResourceUserObject(link.UserID), policy.ActionUpdatePersonal).Returns(link)
1884+
check.Args(arg).Asserts(link, policy.ActionUpdatePersonal).Returns(link)
18851885
}))
18861886
s.Run("UpdateUserRoles", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
18871887
u := testutil.Fake(s.T(), faker, database.User{RBACRoles: []string{codersdk.RoleTemplateAdmin}})
@@ -1952,6 +1952,7 @@ func (s *MethodTestSuite) TestUser() {
19521952
dbm.EXPECT().UpdateCustomRole(gomock.Any(), arg).Return(database.CustomRole{}, nil).AnyTimes()
19531953
check.Args(arg).Asserts(
19541954
rbac.ResourceAssignOrgRole.InOrg(orgID), policy.ActionUpdate,
1955+
// Escalation checks
19551956
rbac.ResourceTemplate.InOrg(orgID), policy.ActionCreate,
19561957
rbac.ResourceTemplate.InOrg(orgID), policy.ActionRead,
19571958
)
@@ -1989,6 +1990,7 @@ func (s *MethodTestSuite) TestUser() {
19891990
dbm.EXPECT().InsertCustomRole(gomock.Any(), arg).Return(database.CustomRole{}, nil).AnyTimes()
19901991
check.Args(arg).Asserts(
19911992
rbac.ResourceAssignOrgRole.InOrg(orgID), policy.ActionCreate,
1993+
// Escalation checks
19921994
rbac.ResourceTemplate.InOrg(orgID), policy.ActionCreate,
19931995
rbac.ResourceTemplate.InOrg(orgID), policy.ActionRead,
19941996
)

0 commit comments

Comments
 (0)