Skip to content

Commit 4035f9a

Browse files
code-ashercode-asher
committed
fix: include suspended and dormant users in acl query
This fixes two issues: 1. When you add a dormant/suspended user, you would not get any feedback in the UI because they were filtered out. 2. They were also filtered out when we created the audit log, so although users were added there is no record of it.
1 parent b36d979 commit 4035f9a

File tree

3 files changed

+44
-9
lines changed

3 files changed

+44
-9
lines changed

coderd/database/dbmem/dbmem.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9884,7 +9884,7 @@ func (q *FakeQuerier) GetTemplateUserRoles(_ context.Context, id uuid.UUID) ([]d
98849884
continue
98859885
}
98869886

9887-
if user.Deleted || user.Status == database.UserStatusSuspended {
9887+
if user.Deleted {
98889888
continue
98899889
}
98909890

coderd/database/modelqueries.go

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -165,9 +165,7 @@ func (q *sqlQuerier) GetTemplateUserRoles(ctx context.Context, id uuid.UUID) ([]
165165
ON
166166
users.id::text = perms.key
167167
WHERE
168-
users.deleted = false
169-
AND
170-
users.status = 'active';
168+
users.deleted = false;
171169
`
172170

173171
var tus []TemplateUser

enterprise/coderd/templates_test.go

Lines changed: 42 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -846,21 +846,52 @@ func TestTemplateACL(t *testing.T) {
846846
}})
847847
anotherClient, _ := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleTemplateAdmin())
848848

849+
// Create an active user.
849850
_, user2 := coderdtest.CreateAnotherUser(t, client, user.OrganizationID)
850-
_, user3 := coderdtest.CreateAnotherUser(t, client, user.OrganizationID)
851-
version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
852-
template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
853851

852+
// Create a dormant user.
854853
ctx := testutil.Context(t, testutil.WaitLong)
854+
user3, err := client.CreateUserWithOrgs(ctx, codersdk.CreateUserRequestWithOrgs{
855+
Email: "coder@coder.com",
856+
Username: "coder",
857+
Password: "SomeStrongPassword!",
858+
OrganizationIDs: []uuid.UUID{user.OrganizationID},
859+
})
860+
require.NoError(t, err)
861+
require.Equal(t, codersdk.UserStatusDormant, user3.Status)
855862

856-
err := anotherClient.UpdateTemplateACL(ctx, template.ID, codersdk.UpdateTemplateACL{
863+
// Create a suspended user.
864+
user4, err := client.CreateUserWithOrgs(ctx, codersdk.CreateUserRequestWithOrgs{
865+
Email: "coder2@coder.com",
866+
Username: "coder2",
867+
Password: "SomeStrongPassword!",
868+
OrganizationIDs: []uuid.UUID{user.OrganizationID},
869+
})
870+
require.NoError(t, err)
871+
872+
user4, err = client.UpdateUserStatus(ctx, user4.ID.String(), codersdk.UserStatusSuspended)
873+
require.NoError(t, err)
874+
require.Equal(t, codersdk.UserStatusSuspended, user4.Status)
875+
876+
// Create a user to delete.
877+
_, user5 := coderdtest.CreateAnotherUser(t, client, user.OrganizationID)
878+
879+
version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
880+
template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
881+
882+
err = anotherClient.UpdateTemplateACL(ctx, template.ID, codersdk.UpdateTemplateACL{
857883
UserPerms: map[string]codersdk.TemplateRole{
858884
user2.ID.String(): codersdk.TemplateRoleUse,
859885
user3.ID.String(): codersdk.TemplateRoleAdmin,
886+
user4.ID.String(): codersdk.TemplateRoleUse,
887+
user5.ID.String(): codersdk.TemplateRoleUse,
860888
},
861889
})
862890
require.NoError(t, err)
863891

892+
err = client.DeleteUser(ctx, user5.ID)
893+
require.NoError(t, err)
894+
864895
acl, err := anotherClient.TemplateACL(ctx, template.ID)
865896
require.NoError(t, err)
866897

@@ -874,9 +905,15 @@ func TestTemplateACL(t *testing.T) {
874905
Role: codersdk.TemplateRoleAdmin,
875906
}
876907

877-
require.Len(t, acl.Users, 2)
908+
templateUser4 := codersdk.TemplateUser{
909+
User: user4,
910+
Role: codersdk.TemplateRoleUse,
911+
}
912+
913+
require.Len(t, acl.Users, 3)
878914
require.Contains(t, acl.Users, templateUser2)
879915
require.Contains(t, acl.Users, templateUser3)
916+
require.Contains(t, acl.Users, templateUser4)
880917
})
881918

882919
t.Run("everyoneGroup", func(t *testing.T) {

0 commit comments

Comments
 (0)