chore: add unit test to execercise the bug

Emyrk · Emyrk · commit 7d2768201ba0 · 2024-08-14T16:05:08.000-05:00
diff --git a/coderd/database/dbmem/dbmem.go b/coderd/database/dbmem/dbmem.go
@@ -3325,13 +3325,21 @@ func (q *FakeQuerier) GetQuotaAllowanceForUser(_ context.Context, userID uuid.UU
 			}
 		}
 	}
-	// Grab the quota for the Everyone group.
-	for _, group := range q.groups {
-		if group.ID == group.OrganizationID {
-			sum += int64(group.QuotaAllowance)
-			break
+
+	// Grab the quota for the Everyone group iff the user is a member of
+	// said organization.
+	for _, mem := range q.organizationMembers {
+		if mem.UserID != userID {
+			continue
 		}
+
+		group, err := q.getGroupByIDNoLock(context.Background(), mem.OrganizationID)
+		if err != nil {
+			return -1, xerrors.Errorf("failed to get everyone group for org %q", mem.OrganizationID.String())
+		}
+		sum += int64(group.QuotaAllowance)
 	}
+
 	return sum, nil
 }
 
diff --git a/enterprise/coderd/workspacequota_test.go b/enterprise/coderd/workspacequota_test.go
@@ -233,6 +233,50 @@ func TestWorkspaceQuota(t *testing.T) {
 		verifyQuota(ctx, t, client, 4, 4)
 		require.Equal(t, codersdk.WorkspaceStatusRunning, build.Status)
 	})
+
+	// Ensures allowance from everyone groups only counts if you are an org member.
+	// This was a bug where the group "Everyone" was being counted for all users,
+	// regardless of membership.
+	t.Run("AllowanceEveryone", func(t *testing.T) {
+		t.Parallel()
+
+		dv := coderdtest.DeploymentValues(t)
+		dv.Experiments = []string{string(codersdk.ExperimentMultiOrganization)}
+		owner, first := coderdenttest.New(t, &coderdenttest.Options{
+			Options: &coderdtest.Options{
+				DeploymentValues: dv,
+			},
+			LicenseOptions: &coderdenttest.LicenseOptions{
+				Features: license.Features{
+					codersdk.FeatureTemplateRBAC:          1,
+					codersdk.FeatureMultipleOrganizations: 1,
+				},
+			},
+		})
+		member, _ := coderdtest.CreateAnotherUser(t, owner, first.OrganizationID)
+
+		// Create a second organization
+		second := coderdenttest.CreateOrganization(t, owner, coderdenttest.CreateOrganizationOptions{})
+
+		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+		defer cancel()
+
+		// update everyone quotas
+		_, err := owner.PatchGroup(ctx, first.OrganizationID, codersdk.PatchGroupRequest{
+			QuotaAllowance: ptr.Ref(30),
+		})
+		require.NoError(t, err)
+
+		_, err = owner.PatchGroup(ctx, second.ID, codersdk.PatchGroupRequest{
+			QuotaAllowance: ptr.Ref(15),
+		})
+		require.NoError(t, err)
+
+		verifyQuota(ctx, t, member, 0, 30)
+		// This currently reports the total site wide quotas. We might want to
+		// org scope this api call in the future.
+		verifyQuota(ctx, t, owner, 0, 45)
+	})
 }
 
 func planWithCost(cost int32) []*proto.Response {

Original file line number	Diff line number	Diff line change
`@@ -3325,13 +3325,21 @@ func (q *FakeQuerier) GetQuotaAllowanceForUser(_ context.Context, userID uuid.UU`
`3325`	`3325`	`}`
`3326`	`3326`	`}`
`3327`	`3327`	`}`
`3328`		`- // Grab the quota for the Everyone group.`
`3329`		`- for _, group := range q.groups {`
`3330`		`- if group.ID == group.OrganizationID {`
`3331`		`- sum += int64(group.QuotaAllowance)`
`3332`		`- break`
	`3328`	`+`
	`3329`	`+ // Grab the quota for the Everyone group iff the user is a member of`
	`3330`	`+ // said organization.`
	`3331`	`+ for _, mem := range q.organizationMembers {`
	`3332`	`+ if mem.UserID != userID {`
	`3333`	`+ continue`
`3333`	`3334`	`}`
	`3335`	`+`
	`3336`	`+ group, err := q.getGroupByIDNoLock(context.Background(), mem.OrganizationID)`
	`3337`	`+ if err != nil {`
	`3338`	`+ return -1, xerrors.Errorf("failed to get everyone group for org %q", mem.OrganizationID.String())`
	`3339`	`+ }`
	`3340`	`+ sum += int64(group.QuotaAllowance)`
`3334`	`3341`	`}`
	`3342`	`+`
`3335`	`3343`	`return sum, nil`
`3336`	`3344`	`}`
`3337`	`3345`