Skip to content

Commit a043f92

Browse files
ssncferreirassncferreira
committed
fix: role permissions tests
1 parent 2ba15c5 commit a043f92

File tree

2 files changed

+44
-35
lines changed

2 files changed

+44
-35
lines changed

coderd/database/dbauthz/dbauthz.go

Lines changed: 35 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -530,9 +530,9 @@ func As(ctx context.Context, actor rbac.Subject) context.Context {
530530
// running the insertFunc. The insertFunc is expected to return the object that
531531
// was inserted.
532532
func insert[
533-
ObjectType any,
534-
ArgumentType any,
535-
Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
533+
ObjectType any,
534+
ArgumentType any,
535+
Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
536536
](
537537
logger slog.Logger,
538538
authorizer rbac.Authorizer,
@@ -543,9 +543,9 @@ Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
543543
}
544544

545545
func insertWithAction[
546-
ObjectType any,
547-
ArgumentType any,
548-
Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
546+
ObjectType any,
547+
ArgumentType any,
548+
Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
549549
](
550550
logger slog.Logger,
551551
authorizer rbac.Authorizer,
@@ -572,10 +572,10 @@ Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
572572
}
573573

574574
func deleteQ[
575-
ObjectType rbac.Objecter,
576-
ArgumentType any,
577-
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
578-
Delete func(ctx context.Context, arg ArgumentType) error,
575+
ObjectType rbac.Objecter,
576+
ArgumentType any,
577+
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
578+
Delete func(ctx context.Context, arg ArgumentType) error,
579579
](
580580
logger slog.Logger,
581581
authorizer rbac.Authorizer,
@@ -587,10 +587,10 @@ Delete func(ctx context.Context, arg ArgumentType) error,
587587
}
588588

589589
func updateWithReturn[
590-
ObjectType rbac.Objecter,
591-
ArgumentType any,
592-
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
593-
UpdateQuery func(ctx context.Context, arg ArgumentType) (ObjectType, error),
590+
ObjectType rbac.Objecter,
591+
ArgumentType any,
592+
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
593+
UpdateQuery func(ctx context.Context, arg ArgumentType) (ObjectType, error),
594594
](
595595
logger slog.Logger,
596596
authorizer rbac.Authorizer,
@@ -601,10 +601,10 @@ UpdateQuery func(ctx context.Context, arg ArgumentType) (ObjectType, error),
601601
}
602602

603603
func update[
604-
ObjectType rbac.Objecter,
605-
ArgumentType any,
606-
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
607-
Exec func(ctx context.Context, arg ArgumentType) error,
604+
ObjectType rbac.Objecter,
605+
ArgumentType any,
606+
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
607+
Exec func(ctx context.Context, arg ArgumentType) error,
608608
](
609609
logger slog.Logger,
610610
authorizer rbac.Authorizer,
@@ -622,9 +622,9 @@ Exec func(ctx context.Context, arg ArgumentType) error,
622622
// user cannot read the resource. This is because the resource details are
623623
// required to run a proper authorization check.
624624
func fetchWithAction[
625-
ArgumentType any,
626-
ObjectType rbac.Objecter,
627-
DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
625+
ArgumentType any,
626+
ObjectType rbac.Objecter,
627+
DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
628628
](
629629
logger slog.Logger,
630630
authorizer rbac.Authorizer,
@@ -655,9 +655,9 @@ DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
655655
}
656656

657657
func fetch[
658-
ArgumentType any,
659-
ObjectType rbac.Objecter,
660-
DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
658+
ArgumentType any,
659+
ObjectType rbac.Objecter,
660+
DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
661661
](
662662
logger slog.Logger,
663663
authorizer rbac.Authorizer,
@@ -670,10 +670,10 @@ DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
670670
// from SQL 'exec' functions which only return an error.
671671
// See fetchAndQuery for more information.
672672
func fetchAndExec[
673-
ObjectType rbac.Objecter,
674-
ArgumentType any,
675-
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
676-
Exec func(ctx context.Context, arg ArgumentType) error,
673+
ObjectType rbac.Objecter,
674+
ArgumentType any,
675+
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
676+
Exec func(ctx context.Context, arg ArgumentType) error,
677677
](
678678
logger slog.Logger,
679679
authorizer rbac.Authorizer,
@@ -696,10 +696,10 @@ Exec func(ctx context.Context, arg ArgumentType) error,
696696
// **before** the query runs. The returns from the fetch are only used to
697697
// assert rbac. The final return of this function comes from the Query function.
698698
func fetchAndQuery[
699-
ObjectType rbac.Objecter,
700-
ArgumentType any,
701-
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
702-
Query func(ctx context.Context, arg ArgumentType) (ObjectType, error),
699+
ObjectType rbac.Objecter,
700+
ArgumentType any,
701+
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
702+
Query func(ctx context.Context, arg ArgumentType) (ObjectType, error),
703703
](
704704
logger slog.Logger,
705705
authorizer rbac.Authorizer,
@@ -733,9 +733,9 @@ Query func(ctx context.Context, arg ArgumentType) (ObjectType, error),
733733
// fetchWithPostFilter is like fetch, but works with lists of objects.
734734
// SQL filters are much more optimal.
735735
func fetchWithPostFilter[
736-
ArgumentType any,
737-
ObjectType rbac.Objecter,
738-
DatabaseFunc func(ctx context.Context, arg ArgumentType) ([]ObjectType, error),
736+
ArgumentType any,
737+
ObjectType rbac.Objecter,
738+
DatabaseFunc func(ctx context.Context, arg ArgumentType) ([]ObjectType, error),
739739
](
740740
authorizer rbac.Authorizer,
741741
action policy.Action,

coderd/rbac/roles_test.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -496,6 +496,15 @@ func TestRolePermissions(t *testing.T) {
496496
false: {setOtherOrg, userAdmin, templateAdmin, memberMe, orgTemplateAdmin, orgUserAdmin, orgAuditor},
497497
},
498498
},
499+
{
500+
Name: "PrebuiltWorkspace",
501+
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate, policy.ActionDelete},
502+
Resource: rbac.ResourcePrebuiltWorkspace.WithID(uuid.New()).InOrg(orgID).WithOwner(memberMe.Actor.ID),
503+
AuthorizeMap: map[bool][]hasAuthSubjects{
504+
true: {owner, orgAdmin, orgMemberMe, templateAdmin, orgTemplateAdmin},
505+
false: {setOtherOrg, userAdmin, memberMe, orgUserAdmin, orgAuditor},
506+
},
507+
},
499508
// Some admin style resources
500509
{
501510
Name: "Licenses",

0 commit comments

Comments
 (0)