Skip to content

Commit 8061685

Browse files
dannykoppingdannykopping
committed
Self-review, appeasing CI
Signed-off-by: Danny Kopping <danny@coder.com>
1 parent 20e55d5 commit 8061685

File tree

5 files changed

+70
-20
lines changed

5 files changed

+70
-20
lines changed

coderd/database/dbauthz/dbauthz_test.go

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ import (
1616
"cdr.dev/slog"
1717

1818
"github.com/coder/coder/v2/coderd/database/db2sdk"
19+
"github.com/coder/coder/v2/coderd/notifications"
1920
"github.com/coder/coder/v2/coderd/rbac/policy"
2021
"github.com/coder/coder/v2/codersdk"
2122

@@ -2555,6 +2556,10 @@ func (s *MethodTestSuite) TestSystemFunctions() {
25552556
AgentID: uuid.New(),
25562557
}).Asserts(tpl, policy.ActionCreate)
25572558
}))
2559+
}
2560+
2561+
func (s *MethodTestSuite) TestNotifications() {
2562+
// System functions
25582563
s.Run("AcquireNotificationMessages", s.Subtest(func(db database.Store, check *expects) {
25592564
// TODO: update this test once we have a specific role for notifications
25602565
check.Args(database.AcquireNotificationMessagesParams{}).Asserts(rbac.ResourceSystem, policy.ActionUpdate)
@@ -2590,6 +2595,40 @@ func (s *MethodTestSuite) TestSystemFunctions() {
25902595
Limit: 10,
25912596
}).Asserts(rbac.ResourceSystem, policy.ActionRead)
25922597
}))
2598+
2599+
// Notification templates
2600+
s.Run("GetNotificationTemplateById", s.Subtest(func(db database.Store, check *expects) {
2601+
user := dbgen.User(s.T(), db, database.User{})
2602+
check.Args(user.ID).Asserts(rbac.ResourceNotificationTemplate, policy.ActionRead).
2603+
Errors(dbmem.ErrUnimplemented)
2604+
}))
2605+
s.Run("GetNotificationTemplatesByKind", s.Subtest(func(db database.Store, check *expects) {
2606+
check.Args(database.NotificationTemplateKindSystem).
2607+
Asserts(rbac.ResourceNotificationTemplate, policy.ActionRead).
2608+
Errors(dbmem.ErrUnimplemented)
2609+
}))
2610+
s.Run("UpdateNotificationTemplateMethodById", s.Subtest(func(db database.Store, check *expects) {
2611+
check.Args(database.UpdateNotificationTemplateMethodByIdParams{
2612+
Method: database.NullNotificationMethod{NotificationMethod: database.NotificationMethodWebhook, Valid: true},
2613+
ID: notifications.TemplateWorkspaceDormant,
2614+
}).Asserts(rbac.ResourceNotificationTemplate, policy.ActionUpdate).
2615+
Errors(dbmem.ErrUnimplemented)
2616+
}))
2617+
2618+
// Notification preferences
2619+
s.Run("GetUserNotificationPreferences", s.Subtest(func(db database.Store, check *expects) {
2620+
user := dbgen.User(s.T(), db, database.User{})
2621+
check.Args(user.ID).
2622+
Asserts(rbac.ResourceNotificationPreference.WithOwner(user.ID.String()), policy.ActionRead)
2623+
}))
2624+
s.Run("UpdateUserNotificationPreferences", s.Subtest(func(db database.Store, check *expects) {
2625+
user := dbgen.User(s.T(), db, database.User{})
2626+
check.Args(database.UpdateUserNotificationPreferencesParams{
2627+
UserID: user.ID,
2628+
NotificationTemplateIds: []uuid.UUID{notifications.TemplateWorkspaceAutoUpdated, notifications.TemplateWorkspaceDeleted},
2629+
Disableds: []bool{true, false},
2630+
}).Asserts(rbac.ResourceNotificationPreference.WithOwner(user.ID.String()), policy.ActionUpdate)
2631+
}))
25932632
}
25942633

25952634
func (s *MethodTestSuite) TestOAuth2ProviderApps() {

coderd/rbac/object_gen.go

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/rbac/policy/policy.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -263,8 +263,8 @@ var RBACPermissions = map[string]PermissionDefinition{
263263
},
264264
"notification_preference": {
265265
Actions: map[Action]ActionDefinition{
266-
ActionRead: actDef("read own notification preferences"),
267-
ActionUpdate: actDef("update own notification preferences"),
266+
ActionRead: actDef("read notification preferences"),
267+
ActionUpdate: actDef("update notification preferences"),
268268
},
269269
},
270270
}

coderd/rbac/roles_test.go

Lines changed: 25 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -591,6 +591,8 @@ func TestRolePermissions(t *testing.T) {
591591
},
592592
},
593593
{
594+
// Any owner/admin across may access any users' preferences
595+
// Members may not access other members' preferences
594596
Name: "NotificationPreferencesOwn",
595597
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate},
596598
Resource: rbac.ResourceNotificationPreference.WithOwner(currentUser.String()),
@@ -605,6 +607,7 @@ func TestRolePermissions(t *testing.T) {
605607
},
606608
},
607609
{
610+
// Any owner/admin may access notification templates
608611
Name: "NotificationTemplates",
609612
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate},
610613
Resource: rbac.ResourceNotificationTemplate,
@@ -618,6 +621,23 @@ func TestRolePermissions(t *testing.T) {
618621
},
619622
},
620623
},
624+
{
625+
// Notification preferences are currently not organization-scoped
626+
// Any owner/admin may access any users' preferences
627+
// Members may not access other members' preferences
628+
Name: "NotificationPreferencesOtherUser",
629+
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate},
630+
Resource: rbac.ResourceNotificationPreference.InOrg(orgID).WithOwner(uuid.NewString()), // some other user
631+
AuthorizeMap: map[bool][]hasAuthSubjects{
632+
true: {orgAdmin, owner},
633+
false: {
634+
memberMe, templateAdmin, orgUserAdmin, userAdmin,
635+
orgAuditor, orgTemplateAdmin,
636+
otherOrgMember, otherOrgAuditor, otherOrgUserAdmin, otherOrgTemplateAdmin,
637+
otherOrgAdmin, orgMemberMe,
638+
},
639+
},
640+
},
621641
// AnyOrganization tests
622642
{
623643
Name: "CreateOrgMember",
@@ -659,6 +679,9 @@ func TestRolePermissions(t *testing.T) {
659679
},
660680
},
661681
{
682+
// Notification preferences are currently not organization-scoped
683+
// Any owner/admin across any organization may access any users' preferences
684+
// Members may access their own preferences
662685
Name: "NotificationPreferencesAnyOrg",
663686
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate},
664687
Resource: rbac.ResourceNotificationPreference.AnyOrganization().WithOwner(currentUser.String()),
@@ -672,20 +695,8 @@ func TestRolePermissions(t *testing.T) {
672695
},
673696
},
674697
{
675-
Name: "NotificationPreferencesOtherUser",
676-
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate},
677-
Resource: rbac.ResourceNotificationPreference.InOrg(orgID).WithOwner(uuid.NewString()), // some other user
678-
AuthorizeMap: map[bool][]hasAuthSubjects{
679-
true: {orgAdmin, owner},
680-
false: {
681-
memberMe, templateAdmin, orgUserAdmin, userAdmin,
682-
orgAuditor, orgTemplateAdmin,
683-
otherOrgMember, otherOrgAuditor, otherOrgUserAdmin, otherOrgTemplateAdmin,
684-
otherOrgAdmin, orgMemberMe,
685-
},
686-
},
687-
},
688-
{
698+
// Notification templates are currently not organization-scoped
699+
// Any owner/admin across any organization may access notification templates
689700
Name: "NotificationTemplateAnyOrg",
690701
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate},
691702
Resource: rbac.ResourceNotificationPreference.AnyOrganization(),

site/src/api/rbacresources_gen.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -56,8 +56,8 @@ export const RBACResourceActions: Partial<
5656
read: "read licenses",
5757
},
5858
notification_preference: {
59-
read: "read own notification preferences",
60-
update: "update own notification preferences",
59+
read: "read notification preferences",
60+
update: "update notification preferences",
6161
},
6262
notification_template: {
6363
read: "read notification templates",

0 commit comments

Comments
 (0)