LevelID -> OrganizationID

Emyrk · Emyrk · commit 19aba30b35ff · 2022-04-05T10:44:41.000-05:00
diff --git a/coderd/authz/authztest/iterator_test.go b/coderd/authz/authztest/iterator_test.go
@@ -59,12 +59,12 @@ func RandomPermission() authz.Permission {
 		authz.ActionDelete,
 	}
 	return authz.Permission{
-		Negate:       must(crand.Intn(2))%2 == 0,
-		Level:        authz.PermissionLevels[must(crand.Intn(len(authz.PermissionLevels)))],
-		LevelID:      uuid.New().String(),
-		ResourceType: authz.ResourceWorkspace,
-		ResourceID:   uuid.New().String(),
-		Action:       actions[must(crand.Intn(len(actions)))],
+		Negate:         must(crand.Intn(2))%2 == 0,
+		Level:          authz.PermissionLevels[must(crand.Intn(len(authz.PermissionLevels)))],
+		OrganizationID: uuid.New().String(),
+		ResourceType:   authz.ResourceWorkspace,
+		ResourceID:     uuid.New().String(),
+		Action:         actions[must(crand.Intn(len(actions)))],
 	}
 }
 
diff --git a/coderd/authz/authztest/level.go b/coderd/authz/authztest/level.go
@@ -56,7 +56,7 @@ func GroupedPermissions(perms Set) SetGroup {
 			groups[LevelSiteKey][m] = append(groups[LevelSiteKey][m], p)
 		case p.Level == authz.LevelOrg:
 			groups[LevelOrgAllKey][m] = append(groups[LevelOrgAllKey][m], p)
-			if p.LevelID == "" || p.LevelID == "*" {
+			if p.OrganizationID == "" || p.OrganizationID == "*" {
 				groups[LevelOrgKey][m] = append(groups[LevelOrgKey][m], p)
 			} else {
 				groups[LevelOrgMemKey][m] = append(groups[LevelOrgMemKey][m], p)
diff --git a/coderd/authz/authztest/level_test.go b/coderd/authz/authztest/level_test.go
@@ -19,11 +19,11 @@ func Test_GroupedPermissions(t *testing.T) {
 			for _, a := range []authz.Action{authz.ActionRead, authztest.OtherOption} {
 				if lvl == authz.LevelOrg {
 					set = append(set, &authz.Permission{
-						Negate:       s,
-						Level:        lvl,
-						LevelID:      "mem",
-						ResourceType: authz.ResourceWorkspace,
-						Action:       a,
+						Negate:         s,
+						Level:          lvl,
+						OrganizationID: "mem",
+						ResourceType:   authz.ResourceWorkspace,
+						Action:         a,
 					})
 					total++
 				}
diff --git a/coderd/authz/authztest/permissions.go b/coderd/authz/authztest/permissions.go
@@ -31,21 +31,21 @@ func AllPermissions() Set {
 					for _, a := range actions {
 						if l == authz.LevelOrg {
 							all = append(all, &authz.Permission{
-								Negate:       s,
-								Level:        l,
-								LevelID:      PermOrgID,
-								ResourceType: t,
-								ResourceID:   i,
-								Action:       a,
+								Negate:         s,
+								Level:          l,
+								OrganizationID: PermOrgID,
+								ResourceType:   t,
+								ResourceID:     i,
+								Action:         a,
 							})
 						}
 						all = append(all, &authz.Permission{
-							Negate:       s,
-							Level:        l,
-							LevelID:      "",
-							ResourceType: t,
-							ResourceID:   i,
-							Action:       a,
+							Negate:         s,
+							Level:          l,
+							OrganizationID: "",
+							ResourceType:   t,
+							ResourceID:     i,
+							Action:         a,
 						})
 					}
 				}
diff --git a/coderd/authz/authztest/set_test.go b/coderd/authz/authztest/set_test.go
@@ -49,21 +49,21 @@ func Test_Set(t *testing.T) {
 
 		set := authztest.Set{
 			&authz.Permission{
-				Negate:       false,
-				Level:        authz.LevelOrg,
-				LevelID:      "1234",
-				ResourceType: authz.ResourceWorkspace,
-				ResourceID:   "1234",
-				Action:       authz.ActionRead,
+				Negate:         false,
+				Level:          authz.LevelOrg,
+				OrganizationID: "1234",
+				ResourceType:   authz.ResourceWorkspace,
+				ResourceID:     "1234",
+				Action:         authz.ActionRead,
 			},
 			nil,
 			&authz.Permission{
-				Negate:       true,
-				Level:        authz.LevelSite,
-				LevelID:      "",
-				ResourceType: authz.ResourceWorkspace,
-				ResourceID:   "*",
-				Action:       authz.ActionRead,
+				Negate:         true,
+				Level:          authz.LevelSite,
+				OrganizationID: "",
+				ResourceType:   authz.ResourceWorkspace,
+				ResourceID:     "*",
+				Action:         authz.ActionRead,
 			},
 		}
 
diff --git a/coderd/authz/permission.go b/coderd/authz/permission.go
@@ -22,9 +22,9 @@ type Permission struct {
 	// Negate makes this a negative permission
 	Negate bool
 	Level  PermLevel
-	// LevelID is used for identifying a particular org.
+	// OrganizationID is used for identifying a particular org.
 	//	org:1234
-	LevelID string
+	OrganizationID string
 
 	ResourceType ResourceType
 	ResourceID   string
@@ -38,8 +38,8 @@ func (p Permission) String() string {
 		sign = "-"
 	}
 	levelID := ""
-	if p.LevelID != "" {
-		levelID = ":" + p.LevelID
+	if p.OrganizationID != "" {
+		levelID = ":" + p.OrganizationID
 	}
 
 	return fmt.Sprintf("%s%s%s.%s.%s.%s",
@@ -100,7 +100,7 @@ func ParsePermission(perm string) (Permission, error) {
 	}
 
 	if len(levelParts) > 1 {
-		permission.LevelID = levelParts[1]
+		permission.OrganizationID = levelParts[1]
 	}
 
 	// might want to check if these are valid resource types and actions.
diff --git a/coderd/authz/permission_test.go b/coderd/authz/permission_test.go
@@ -19,36 +19,36 @@ func Test_PermissionString(t *testing.T) {
 		{
 			Name: "BasicPositive",
 			Permission: authz.Permission{
-				Negate:       false,
-				Level:        authz.LevelSite,
-				LevelID:      "",
-				ResourceType: authz.ResourceWorkspace,
-				ResourceID:   "*",
-				Action:       authz.ActionRead,
+				Negate:         false,
+				Level:          authz.LevelSite,
+				OrganizationID: "",
+				ResourceType:   authz.ResourceWorkspace,
+				ResourceID:     "*",
+				Action:         authz.ActionRead,
 			},
 			Expected: "+site.workspace.*.read",
 		},
 		{
 			Name: "BasicNegative",
 			Permission: authz.Permission{
-				Negate:       true,
-				Level:        authz.LevelUser,
-				LevelID:      "",
-				ResourceType: authz.ResourceDevURL,
-				ResourceID:   "1234",
-				Action:       authz.ActionCreate,
+				Negate:         true,
+				Level:          authz.LevelUser,
+				OrganizationID: "",
+				ResourceType:   authz.ResourceDevURL,
+				ResourceID:     "1234",
+				Action:         authz.ActionCreate,
 			},
 			Expected: "-user.devurl.1234.create",
 		},
 		{
 			Name: "OrgID",
 			Permission: authz.Permission{
-				Negate:       true,
-				Level:        authz.LevelOrg,
-				LevelID:      "default",
-				ResourceType: authz.ResourceProject,
-				ResourceID:   "456",
-				Action:       authz.ActionUpdate,
+				Negate:         true,
+				Level:          authz.LevelOrg,
+				OrganizationID: "default",
+				ResourceType:   authz.ResourceProject,
+				ResourceID:     "456",
+				Action:         authz.ActionUpdate,
 			},
 			Expected: "-org:default.project.456.update",
 		},
@@ -111,20 +111,20 @@ func Test_ParsePermissions(t *testing.T) {
 			Str:  "+org:1234.workspace.5678.read, -site.*.*.create",
 			Permissions: []authz.Permission{
 				{
-					Negate:       false,
-					Level:        "org",
-					LevelID:      "1234",
-					ResourceType: authz.ResourceWorkspace,
-					ResourceID:   "5678",
-					Action:       authz.ActionRead,
+					Negate:         false,
+					Level:          "org",
+					OrganizationID: "1234",
+					ResourceType:   authz.ResourceWorkspace,
+					ResourceID:     "5678",
+					Action:         authz.ActionRead,
 				},
 				{
-					Negate:       true,
-					Level:        "site",
-					LevelID:      "",
-					ResourceType: "*",
-					ResourceID:   "*",
-					Action:       authz.ActionCreate,
+					Negate:         true,
+					Level:          "site",
+					OrganizationID: "",
+					ResourceType:   "*",
+					ResourceID:     "*",
+					Action:         authz.ActionCreate,
 				},
 			},
 		},
diff --git a/coderd/authz/subject.go b/coderd/authz/subject.go
@@ -46,12 +46,12 @@ func (s SubjectTODO) OrgRoles(_ context.Context, orgID string) ([]Role, error) {
 		return []Role{{
 			Permissions: []Permission{
 				{
-					Negate:       true,
-					Level:        "*",
-					LevelID:      "",
-					ResourceType: "*",
-					ResourceID:   "*",
-					Action:       "*",
+					Negate:         true,
+					Level:          "*",
+					OrganizationID: "",
+					ResourceType:   "*",
+					ResourceID:     "*",
+					Action:         "*",
 				},
 			},
 		}}, nil

Original file line number	Diff line number	Diff line change
`@@ -59,12 +59,12 @@ func RandomPermission() authz.Permission {`
`59`	`59`	`authz.ActionDelete,`
`60`	`60`	`}`
`61`	`61`	`return authz.Permission{`
`62`		`- Negate: must(crand.Intn(2))%2 == 0,`
`63`		`- Level: authz.PermissionLevels[must(crand.Intn(len(authz.PermissionLevels)))],`
`64`		`- LevelID: uuid.New().String(),`
`65`		`- ResourceType: authz.ResourceWorkspace,`
`66`		`- ResourceID: uuid.New().String(),`
`67`		`- Action: actions[must(crand.Intn(len(actions)))],`
	`62`	`+ Negate: must(crand.Intn(2))%2 == 0,`
	`63`	`+ Level: authz.PermissionLevels[must(crand.Intn(len(authz.PermissionLevels)))],`
	`64`	`+ OrganizationID: uuid.New().String(),`
	`65`	`+ ResourceType: authz.ResourceWorkspace,`
	`66`	`+ ResourceID: uuid.New().String(),`
	`67`	`+ Action: actions[must(crand.Intn(len(actions)))],`
`68`	`68`	`}`
`69`	`69`	`}`
`70`	`70`