Skip to content

Commit 32ecf33

Browse files
EmyrkEmyrk
committed
add unit test for lack of template access
1 parent ee4f8d3 commit 32ecf33

File tree

2 files changed

+53
-2
lines changed

2 files changed

+53
-2
lines changed

coderd/workspaces.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -453,7 +453,7 @@ func createWorkspace(
453453
templateID := req.TemplateID
454454
if templateID == uuid.Nil {
455455
templateVersion, err := api.Database.GetTemplateVersionByID(ctx, req.TemplateVersionID)
456-
if errors.Is(err, sql.ErrNoRows) {
456+
if httpapi.Is404Error(err) {
457457
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
458458
Message: fmt.Sprintf("Template version %q doesn't exist.", templateID.String()),
459459
Validations: []codersdk.ValidationError{{
@@ -487,7 +487,7 @@ func createWorkspace(
487487
}
488488

489489
template, err := api.Database.GetTemplateByID(ctx, templateID)
490-
if errors.Is(err, sql.ErrNoRows) {
490+
if httpapi.Is404Error(err) {
491491
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
492492
Message: fmt.Sprintf("Template %q doesn't exist.", templateID.String()),
493493
Validations: []codersdk.ValidationError{{

enterprise/coderd/workspaces_test.go

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -135,6 +135,57 @@ func TestCreateWorkspace(t *testing.T) {
135135
_, err = client1.CreateWorkspace(ctx, user.OrganizationID, user1.ID.String(), req)
136136
require.Error(t, err)
137137
})
138+
139+
t.Run("NoTemplateAccess", func(t *testing.T) {
140+
t.Parallel()
141+
ownerClient, owner := coderdenttest.New(t, &coderdenttest.Options{
142+
Options: &coderdtest.Options{
143+
IncludeProvisionerDaemon: true,
144+
},
145+
LicenseOptions: &coderdenttest.LicenseOptions{
146+
Features: license.Features{
147+
codersdk.FeatureTemplateRBAC: 1,
148+
},
149+
}})
150+
151+
templateAdmin, _ := coderdtest.CreateAnotherUser(t, ownerClient, owner.OrganizationID, rbac.RoleTemplateAdmin())
152+
user, _ := coderdtest.CreateAnotherUser(t, ownerClient, owner.OrganizationID, rbac.RoleMember())
153+
154+
version := coderdtest.CreateTemplateVersion(t, templateAdmin, owner.OrganizationID, nil)
155+
coderdtest.AwaitTemplateVersionJobCompleted(t, templateAdmin, version.ID)
156+
template := coderdtest.CreateTemplate(t, templateAdmin, owner.OrganizationID, version.ID)
157+
158+
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
159+
defer cancel()
160+
161+
// Remove everyone access
162+
err := templateAdmin.UpdateTemplateACL(ctx, template.ID, codersdk.UpdateTemplateACL{
163+
UserPerms: map[string]codersdk.TemplateRole{},
164+
GroupPerms: map[string]codersdk.TemplateRole{
165+
owner.OrganizationID.String(): codersdk.TemplateRoleDeleted,
166+
},
167+
})
168+
require.NoError(t, err)
169+
170+
// Test "everyone" access is revoked to the regular user
171+
_, err = user.Template(ctx, template.ID)
172+
require.Error(t, err)
173+
var apiErr *codersdk.Error
174+
require.ErrorAs(t, err, &apiErr)
175+
require.Equal(t, http.StatusNotFound, apiErr.StatusCode())
176+
177+
_, err = user.CreateUserWorkspace(ctx, codersdk.Me, codersdk.CreateWorkspaceRequest{
178+
TemplateID: template.ID,
179+
Name: "random",
180+
AutostartSchedule: ptr.Ref("CRON_TZ=US/Central 30 9 * * 1-5"),
181+
TTLMillis: ptr.Ref((8 * time.Hour).Milliseconds()),
182+
AutomaticUpdates: codersdk.AutomaticUpdatesNever,
183+
})
184+
require.Error(t, err)
185+
require.ErrorAs(t, err, &apiErr)
186+
require.Equal(t, http.StatusBadRequest, apiErr.StatusCode())
187+
require.Contains(t, apiErr.Message, "doesn't exist")
188+
})
138189
}
139190

140191
func TestCreateUserWorkspace(t *testing.T) {

0 commit comments

Comments
 (0)