groups changes

sreya · sreya · commit afe328bafbda · 2022-09-26T19:21:53.000Z
diff --git a/coderd/database/databasefake/databasefake.go b/coderd/database/databasefake/databasefake.go
@@ -1001,7 +1001,6 @@ func (q *fakeQuerier) UpdateTemplateMetaByID(_ context.Context, arg database.Upd
 		tpl.Icon = arg.Icon
 		tpl.MaxTtl = arg.MaxTtl
 		tpl.MinAutostartInterval = arg.MinAutostartInterval
-		tpl.IsPrivate = arg.IsPrivate
 		q.templates[idx] = tpl
 		return tpl, nil
 	}
@@ -1766,7 +1765,6 @@ func (q *fakeQuerier) InsertTemplate(_ context.Context, arg database.InsertTempl
 		MaxTtl:               arg.MaxTtl,
 		MinAutostartInterval: arg.MinAutostartInterval,
 		CreatedBy:            arg.CreatedBy,
-		IsPrivate:            arg.IsPrivate,
 	}
 	template = template.SetUserACL(database.UserACL{})
 	q.templates = append(q.templates, template)
diff --git a/coderd/database/dump.sql b/coderd/database/dump.sql
diff --git a/coderd/database/migrations/000054_template_acl.up.sql b/coderd/database/migrations/000054_template_acl.up.sql
@@ -1,7 +1,7 @@
 BEGIN;
 
 ALTER TABLE templates ADD COLUMN user_acl jsonb NOT NULL default '{}';
-ALTER TABLE templates ADD COLUMN is_private boolean NOT NULL default 'false';
+ALTER TABLE templates ADD COLUMN group_acl jsonb NOT NULL default '{}';
 
 CREATE TYPE template_role AS ENUM (
 	'read',
diff --git a/coderd/database/modelmethods.go b/coderd/database/modelmethods.go
@@ -10,6 +10,9 @@ import (
 // UserACL is a map of user_ids to permissions.
 type UserACL map[string]TemplateRole
 
+// Group is a map of user_ids to permissions.
+type GroupACL map[string]TemplateRole
+
 func (u UserACL) Actions() map[string][]rbac.Action {
 	aclRBAC := make(map[string][]rbac.Action, len(u))
 	for k, v := range u {
@@ -33,6 +36,8 @@ func (t Template) UserACL() UserACL {
 	return acl
 }
 
+func (t Template) GroupACL() Gr
+
 func (t Template) SetUserACL(acl UserACL) Template {
 	raw, err := json.Marshal(acl)
 	if err != nil {
@@ -69,9 +74,6 @@ func (s APIKeyScope) ToRBAC() rbac.Scope {
 
 func (t Template) RBACObject() rbac.Object {
 	obj := rbac.ResourceTemplate
-	if t.IsPrivate {
-		obj = rbac.ResourceTemplatePrivate
-	}
 	return obj.InOrg(t.OrganizationID).WithACLUserList(t.UserACL().Actions())
 }
 
diff --git a/coderd/database/models.go b/coderd/database/models.go
diff --git a/coderd/database/queries.sql.go b/coderd/database/queries.sql.go
diff --git a/coderd/database/queries/templates.sql b/coderd/database/queries/templates.sql
@@ -68,11 +68,10 @@ INSERT INTO
 		max_ttl,
 		min_autostart_interval,
 		created_by,
-		icon,
-		is_private
+		icon
 	)
 VALUES
-	($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13) RETURNING *;
+	($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12) RETURNING *;
 
 -- name: UpdateTemplateActiveVersionByID :exec
 UPDATE
@@ -101,8 +100,7 @@ SET
 	max_ttl = $4,
 	min_autostart_interval = $5,
 	name = $6,
-	icon = $7,
-	is_private = $8
+	icon = $7
 WHERE
 	id = $1
 RETURNING
diff --git a/coderd/database/sqlc.yaml b/coderd/database/sqlc.yaml
@@ -40,3 +40,4 @@ rename:
   ids: IDs
   jwt: JWT
   user_acl: userACL
+  group_acl: userACL
diff --git a/coderd/rbac/builtin.go b/coderd/rbac/builtin.go
@@ -108,8 +108,7 @@ var (
 				Name:        templateAdmin,
 				DisplayName: "Template Admin",
 				Site: permissions(map[string][]Action{
-					ResourceTemplate.Type:        {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-					ResourceTemplatePrivate.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+					ResourceTemplate.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
 					// CRUD all files, even those they did not upload.
 					ResourceFile.Type:      {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
 					ResourceWorkspace.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
diff --git a/coderd/rbac/object.go b/coderd/rbac/object.go
@@ -62,10 +62,6 @@ var (
 		Type: "group",
 	}
 
-	ResourceTemplatePrivate = Object{
-		Type: "template_private",
-	}
-
 	ResourceFile = Object{
 		Type: "file",
 	}
diff --git a/coderd/templates.go b/coderd/templates.go
@@ -262,7 +262,6 @@ func (api *API) postTemplateByOrganization(rw http.ResponseWriter, r *http.Reque
 			MaxTtl:               int64(maxTTL),
 			MinAutostartInterval: int64(minAutostartInterval),
 			CreatedBy:            apiKey.UserID,
-			IsPrivate:            createTemplate.IsPrivate,
 		})
 		if err != nil {
 			return xerrors.Errorf("insert template: %s", err)
@@ -533,8 +532,7 @@ func (api *API) patchTemplateMeta(rw http.ResponseWriter, r *http.Request) {
 			req.Icon == template.Icon &&
 			req.MaxTTLMillis == time.Duration(template.MaxTtl).Milliseconds() &&
 			req.MinAutostartIntervalMillis == time.Duration(template.MinAutostartInterval).Milliseconds() &&
-			len(req.UserPerms) == 0 &&
-			(req.IsPrivate == nil || req.IsPrivate != nil && *req.IsPrivate == template.IsPrivate) {
+			len(req.UserPerms) == 0 {
 			return nil
 		}
 
@@ -544,7 +542,6 @@ func (api *API) patchTemplateMeta(rw http.ResponseWriter, r *http.Request) {
 		icon := req.Icon
 		maxTTL := time.Duration(req.MaxTTLMillis) * time.Millisecond
 		minAutostartInterval := time.Duration(req.MinAutostartIntervalMillis) * time.Millisecond
-		isPrivate := template.IsPrivate
 
 		if name == "" {
 			name = template.Name
@@ -555,9 +552,6 @@ func (api *API) patchTemplateMeta(rw http.ResponseWriter, r *http.Request) {
 		if minAutostartInterval == 0 {
 			minAutostartInterval = time.Duration(template.MinAutostartInterval)
 		}
-		if req.IsPrivate != nil {
-			isPrivate = *req.IsPrivate
-		}
 
 		if len(req.UserPerms) > 0 {
 			userACL := template.UserACL()
@@ -585,7 +579,6 @@ func (api *API) patchTemplateMeta(rw http.ResponseWriter, r *http.Request) {
 			Icon:                 icon,
 			MaxTtl:               int64(maxTTL),
 			MinAutostartInterval: int64(minAutostartInterval),
-			IsPrivate:            isPrivate,
 		})
 		if err != nil {
 			return err
@@ -876,7 +869,6 @@ func (api *API) convertTemplate(
 		CreatedByID:                template.CreatedBy,
 		CreatedByName:              createdByName,
 		UserRoles:                  convertTemplateACL(template.UserACL()),
-		IsPrivate:                  template.IsPrivate,
 	}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -62,10 +62,6 @@ var (`
`62`	`62`	`Type: "group",`
`63`	`63`	`}`
`64`	`64`
`65`		`- ResourceTemplatePrivate = Object{`
`66`		`- Type: "template_private",`
`67`		`- }`
`68`		`-`
`69`	`65`	`ResourceFile = Object{`
`70`	`66`	`Type: "file",`
`71`	`67`	`}`