@@ -5,10 +5,13 @@ import (
55 "fmt"
66 "testing"
77
8+ "github.com/google/uuid"
89 "github.com/stretchr/testify/require"
910
1011 "github.com/coder/coder/v2/cli/clitest"
1112 "github.com/coder/coder/v2/coderd/coderdtest"
13+ "github.com/coder/coder/v2/coderd/database"
14+ "github.com/coder/coder/v2/coderd/database/dbgen"
1215 "github.com/coder/coder/v2/coderd/rbac"
1316 "github.com/coder/coder/v2/codersdk"
1417 "github.com/coder/coder/v2/enterprise/coderd/coderdenttest"
@@ -185,3 +188,102 @@ func TestShowOrganizations(t *testing.T) {
185188 pty .ExpectMatch (orgs ["bar" ].ID .String ())
186189 })
187190}
191+
192+ func TestUpdateOrganizationRoles (t * testing.T ) {
193+ t .Parallel ()
194+
195+ t .Run ("JSON" , func (t * testing.T ) {
196+ ownerClient , db , owner := coderdenttest .NewWithDatabase (t , & coderdenttest.Options {
197+ LicenseOptions : & coderdenttest.LicenseOptions {
198+ Features : license.Features {
199+ codersdk .FeatureCustomRoles : 1 ,
200+ },
201+ },
202+ })
203+ client , _ := coderdtest .CreateAnotherUser (t , ownerClient , owner .OrganizationID , rbac .RoleOwner ())
204+
205+ // Create a role in the DB with no permissions
206+ const expectedRole = "test-role"
207+ dbgen .CustomRole (t , db , database.CustomRole {
208+ Name : expectedRole ,
209+ DisplayName : "Expected" ,
210+ SitePermissions : nil ,
211+ OrgPermissions : nil ,
212+ UserPermissions : nil ,
213+ OrganizationID : uuid.NullUUID {
214+ UUID : owner .OrganizationID ,
215+ Valid : true ,
216+ },
217+ })
218+
219+ // Update the new role via JSON
220+ ctx := testutil .Context (t , testutil .WaitMedium )
221+ inv , root := clitest .New (t , "organization" , "roles" , "update" , "--stdin" )
222+ inv .Stdin = bytes .NewBufferString (fmt .Sprintf (`{
223+ "name": "test-role",
224+ "organization_id": "%s",
225+ "display_name": "",
226+ "site_permissions": [],
227+ "organization_permissions": [
228+ {
229+ "resource_type": "workspace",
230+ "action": "read"
231+ }
232+ ],
233+ "user_permissions": [],
234+ "assignable": false,
235+ "built_in": false
236+ }` , owner .OrganizationID .String ()))
237+
238+ //nolint:gocritic // only owners can edit roles
239+ clitest .SetupConfig (t , client , root )
240+
241+ buf := new (bytes.Buffer )
242+ inv .Stdout = buf
243+ err := inv .WithContext (ctx ).Run ()
244+ require .NoError (t , err )
245+ require .Contains (t , buf .String (), "test-role" )
246+ require .Contains (t , buf .String (), "1 permissions" )
247+ })
248+
249+ t .Run ("InvalidRole" , func (t * testing.T ) {
250+ t .Parallel ()
251+
252+ ownerClient , _ , owner := coderdenttest .NewWithDatabase (t , & coderdenttest.Options {
253+ LicenseOptions : & coderdenttest.LicenseOptions {
254+ Features : license.Features {
255+ codersdk .FeatureCustomRoles : 1 ,
256+ },
257+ },
258+ })
259+ client , _ := coderdtest .CreateAnotherUser (t , ownerClient , owner .OrganizationID , rbac .RoleOwner ())
260+
261+ // Update the new role via JSON
262+ ctx := testutil .Context (t , testutil .WaitMedium )
263+ inv , root := clitest .New (t , "organization" , "roles" , "update" , "--stdin" )
264+ inv .Stdin = bytes .NewBufferString (fmt .Sprintf (`{
265+ "name": "test-role",
266+ "organization_id": "%s",
267+ "display_name": "",
268+ "site_permissions": [],
269+ "organization_permissions": [
270+ {
271+ "resource_type": "workspace",
272+ "action": "read"
273+ }
274+ ],
275+ "user_permissions": [],
276+ "assignable": false,
277+ "built_in": false
278+ }` , owner .OrganizationID .String ()))
279+
280+ //nolint:gocritic // only owners can edit roles
281+ clitest .SetupConfig (t , client , root )
282+
283+ buf := new (bytes.Buffer )
284+ inv .Stdout = buf
285+ err := inv .WithContext (ctx ).Run ()
286+ require .Error (t , err )
287+ require .ErrorContains (t , err , "The role test-role does not exist exists." )
288+ })
289+ }
0 commit comments