Make action CRUD

Emyrk · Emyrk · commit 26ef1e6c0263 · 2022-04-05T10:43:00.000-05:00
Make negate bool default to positive permission
diff --git a/coderd/authz/action.go b/coderd/authz/action.go
@@ -4,8 +4,8 @@ package authz
 type Action string
 
 const (
-	ActionRead   = "read"
 	ActionCreate = "create"
-	ActionModify = "modify"
+	ActionRead   = "read"
+	ActionUpdate = "update"
 	ActionDelete = "delete"
 )
diff --git a/coderd/authz/authztest/iterator_test.go b/coderd/authz/authztest/iterator_test.go
@@ -55,11 +55,11 @@ func RandomPermission() authz.Permission {
 	actions := []authz.Action{
 		authz.ActionRead,
 		authz.ActionCreate,
-		authz.ActionModify,
+		authz.ActionUpdate,
 		authz.ActionDelete,
 	}
 	return authz.Permission{
-		Sign:         must(crand.Intn(2))%2 == 0,
+		Negate:       must(crand.Intn(2))%2 == 0,
 		Level:        authz.PermissionLevels[must(crand.Intn(len(authz.PermissionLevels)))],
 		LevelID:      uuid.New().String(),
 		ResourceType: authz.ResourceWorkspace,
diff --git a/coderd/authz/authztest/level_test.go b/coderd/authz/authztest/level_test.go
@@ -19,7 +19,7 @@ func Test_GroupedPermissions(t *testing.T) {
 			for _, a := range []authz.Action{authz.ActionRead, authztest.OtherOption} {
 				if lvl == authz.LevelOrg {
 					set = append(set, &authz.Permission{
-						Sign:         s,
+						Negate:       s,
 						Level:        lvl,
 						LevelID:      "mem",
 						ResourceType: authz.ResourceWorkspace,
@@ -28,7 +28,7 @@ func Test_GroupedPermissions(t *testing.T) {
 					total++
 				}
 				set = append(set, &authz.Permission{
-					Sign:         s,
+					Negate:       s,
 					Level:        lvl,
 					ResourceType: authz.ResourceWorkspace,
 					Action:       a,
diff --git a/coderd/authz/authztest/permissions.go b/coderd/authz/authztest/permissions.go
@@ -31,7 +31,7 @@ func AllPermissions() Set {
 					for _, a := range actions {
 						if l == authz.LevelOrg {
 							all = append(all, &authz.Permission{
-								Sign:         s,
+								Negate:       s,
 								Level:        l,
 								LevelID:      PermOrgID,
 								ResourceType: t,
@@ -40,7 +40,7 @@ func AllPermissions() Set {
 							})
 						}
 						all = append(all, &authz.Permission{
-							Sign:         s,
+							Negate:       s,
 							Level:        l,
 							LevelID:      "",
 							ResourceType: t,
@@ -62,8 +62,8 @@ func Impact(p *authz.Permission) PermissionSet {
 		p.Action == OtherOption {
 		return SetNeutral
 	}
-	if p.Sign {
-		return SetPositive
+	if p.Negate {
+		return SetNegative
 	}
-	return SetNegative
+	return SetPositive
 }
diff --git a/coderd/authz/authztest/set_test.go b/coderd/authz/authztest/set_test.go
@@ -49,7 +49,7 @@ func Test_Set(t *testing.T) {
 
 		set := authztest.Set{
 			&authz.Permission{
-				Sign:         true,
+				Negate:       false,
 				Level:        authz.LevelOrg,
 				LevelID:      "1234",
 				ResourceType: authz.ResourceWorkspace,
@@ -58,7 +58,7 @@ func Test_Set(t *testing.T) {
 			},
 			nil,
 			&authz.Permission{
-				Sign:         false,
+				Negate:       true,
 				Level:        authz.LevelSite,
 				LevelID:      "",
 				ResourceType: authz.ResourceWorkspace,
diff --git a/coderd/authz/permission.go b/coderd/authz/permission.go
@@ -7,22 +7,21 @@ import (
 	"golang.org/x/xerrors"
 )
 
-type permLevel string
+type PermLevel string
 
 const (
-	LevelWildcard permLevel = "*"
-	LevelSite     permLevel = "site"
-	LevelOrg      permLevel = "org"
-	LevelUser     permLevel = "user"
+	LevelWildcard PermLevel = "*"
+	LevelSite     PermLevel = "site"
+	LevelOrg      PermLevel = "org"
+	LevelUser     PermLevel = "user"
 )
 
-var PermissionLevels = [4]permLevel{LevelWildcard, LevelSite, LevelOrg, LevelUser}
+var PermissionLevels = [4]PermLevel{LevelWildcard, LevelSite, LevelOrg, LevelUser}
 
 type Permission struct {
-	// Sign is positive or negative.
-	// True = Positive, False = negative
-	Sign  bool
-	Level permLevel
+	// Negate makes this a negative permission
+	Negate bool
+	Level  PermLevel
 	// LevelID is used for identifying a particular org.
 	//	org:1234
 	LevelID string
@@ -34,9 +33,9 @@ type Permission struct {
 
 // String returns the <level>.<resource_type>.<id>.<action> string formatted permission.
 func (p Permission) String() string {
-	sign := "-"
-	if p.Sign {
-		sign = "+"
+	sign := "+"
+	if p.Negate {
+		sign = "-"
 	}
 	levelID := ""
 	if p.LevelID != "" {
@@ -81,13 +80,13 @@ func ParsePermission(perm string) (Permission, error) {
 
 	switch sign {
 	case '+':
-		permission.Sign = true
 	case '-':
+		permission.Negate = true
 	default:
 		return Permission{}, xerrors.Errorf("sign must be +/-")
 	}
 
-	switch permLevel(strings.ToLower(levelParts[0])) {
+	switch PermLevel(strings.ToLower(levelParts[0])) {
 	case LevelWildcard:
 		permission.Level = LevelWildcard
 	case LevelSite:
diff --git a/coderd/authz/permission_test.go b/coderd/authz/permission_test.go
@@ -19,7 +19,7 @@ func Test_PermissionString(t *testing.T) {
 		{
 			Name: "BasicPositive",
 			Permission: authz.Permission{
-				Sign:         true,
+				Negate:       false,
 				Level:        authz.LevelSite,
 				LevelID:      "",
 				ResourceType: authz.ResourceWorkspace,
@@ -31,7 +31,7 @@ func Test_PermissionString(t *testing.T) {
 		{
 			Name: "BasicNegative",
 			Permission: authz.Permission{
-				Sign:         false,
+				Negate:       true,
 				Level:        authz.LevelUser,
 				LevelID:      "",
 				ResourceType: authz.ResourceDevURL,
@@ -43,14 +43,14 @@ func Test_PermissionString(t *testing.T) {
 		{
 			Name: "OrgID",
 			Permission: authz.Permission{
-				Sign:         false,
+				Negate:       true,
 				Level:        authz.LevelOrg,
 				LevelID:      "default",
 				ResourceType: authz.ResourceProject,
 				ResourceID:   "456",
-				Action:       authz.ActionModify,
+				Action:       authz.ActionUpdate,
 			},
-			Expected: "-org:default.project.456.modify",
+			Expected: "-org:default.project.456.update",
 		},
 	}
 
@@ -111,15 +111,15 @@ func Test_ParsePermissions(t *testing.T) {
 			Str:  "+org:1234.workspace.5678.read, -site.*.*.create",
 			Permissions: []authz.Permission{
 				{
-					Sign:         true,
+					Negate:       false,
 					Level:        "org",
 					LevelID:      "1234",
 					ResourceType: authz.ResourceWorkspace,
 					ResourceID:   "5678",
 					Action:       authz.ActionRead,
 				},
 				{
-					Sign:         false,
+					Negate:       true,
 					Level:        "site",
 					LevelID:      "",
 					ResourceType: "*",
diff --git a/coderd/authz/subject.go b/coderd/authz/subject.go
@@ -46,7 +46,7 @@ func (s SubjectTODO) OrgRoles(_ context.Context, orgID string) ([]Role, error) {
 		return []Role{{
 			Permissions: []Permission{
 				{
-					Sign:         false,
+					Negate:       true,
 					Level:        "*",
 					LevelID:      "",
 					ResourceType: "*",

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ func (s SubjectTODO) OrgRoles(_ context.Context, orgID string) ([]Role, error) {`
`46`	`46`	`return []Role{{`
`47`	`47`	`Permissions: []Permission{`
`48`	`48`	`{`
`49`		`- Sign: false,`
	`49`	`+ Negate: true,`
`50`	`50`	`Level: "*",`
`51`	`51`	`LevelID: "",`
`52`	`52`	`ResourceType: "*",`