Add invalid role test

Emyrk · Emyrk · commit 2ca822f7a815 · 2024-05-31T10:41:23.000-05:00
diff --git a/enterprise/cli/organization_test.go b/enterprise/cli/organization_test.go
@@ -62,4 +62,51 @@ func TestEditOrganizationRoles(t *testing.T) {
 		require.NoError(t, err)
 		require.Contains(t, buf.String(), "new-role")
 	})
+
+	t.Run("InvalidRole", func(t *testing.T) {
+		t.Parallel()
+
+		dv := coderdtest.DeploymentValues(t)
+		dv.Experiments = []string{string(codersdk.ExperimentCustomRoles)}
+		client, owner := coderdenttest.New(t, &coderdenttest.Options{
+			Options: &coderdtest.Options{
+				DeploymentValues: dv,
+			},
+			LicenseOptions: &coderdenttest.LicenseOptions{
+				Features: license.Features{
+					codersdk.FeatureCustomRoles: 1,
+				},
+			},
+		})
+
+		ctx := testutil.Context(t, testutil.WaitMedium)
+		inv, root := clitest.New(t, "organization", "roles", "edit", "--stdin")
+		inv.Stdin = bytes.NewBufferString(fmt.Sprintf(`{
+    "name": "new-role",
+    "organization_id": "%s",
+    "display_name": "",
+    "site_permissions": [
+		{
+		  "resource_type": "workspace",
+		  "action": "read"
+		}
+	],
+    "organization_permissions": [
+		{
+		  "resource_type": "workspace",
+		  "action": "read"
+		}
+    ],
+    "user_permissions": [],
+    "assignable": false,
+    "built_in": false
+  }`, owner.OrganizationID.String()))
+		//nolint:gocritic // only owners can edit roles
+		clitest.SetupConfig(t, client, root)
+
+		buf := new(bytes.Buffer)
+		inv.Stdout = buf
+		err := inv.WithContext(ctx).Run()
+		require.ErrorContains(t, err, "not allowed to assign site wide permissions for an organization role")
+	})
 }
