Skip to content

Commit b91903e

Browse files
EmyrkEmyrk
committed
Fix unit test
1 parent 99d6f50 commit b91903e

File tree

2 files changed

+13
-9
lines changed

2 files changed

+13
-9
lines changed

coderd/coderd_test.go

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -220,6 +220,7 @@ func TestAuthorizeAllEndpoints(t *testing.T) {
220220

221221
// Some quick reused objects
222222
workspaceRBACObj := rbac.ResourceWorkspace.InOrg(organization.ID).WithOwner(workspace.OwnerID.String())
223+
workspaceExecObj := rbac.ResourceWorkspaceExecution.InOrg(organization.ID).WithOwner(workspace.OwnerID.String())
223224

224225
// skipRoutes allows skipping routes from being checked.
225226
skipRoutes := map[string]string{
@@ -268,7 +269,6 @@ func TestAuthorizeAllEndpoints(t *testing.T) {
268269
"GET:/api/v2/workspaceagents/me/wireguardlisten": {NoAuthorize: true},
269270
"POST:/api/v2/workspaceagents/me/keys": {NoAuthorize: true},
270271
"GET:/api/v2/workspaceagents/{workspaceagent}/iceservers": {NoAuthorize: true},
271-
"GET:/api/v2/workspaceagents/{workspaceagent}/turn": {NoAuthorize: true},
272272
"GET:/api/v2/workspaceagents/{workspaceagent}/derp": {NoAuthorize: true},
273273

274274
// These endpoints have more assertions. This is good, add more endpoints to assert if you can!
@@ -331,12 +331,16 @@ func TestAuthorizeAllEndpoints(t *testing.T) {
331331
AssertObject: workspaceRBACObj,
332332
},
333333
"GET:/api/v2/workspaceagents/{workspaceagent}/dial": {
334-
AssertAction: rbac.ActionUpdate,
335-
AssertObject: workspaceRBACObj,
334+
AssertAction: rbac.ActionCreate,
335+
AssertObject: workspaceExecObj,
336+
},
337+
"GET:/api/v2/workspaceagents/{workspaceagent}/turn": {
338+
AssertAction: rbac.ActionCreate,
339+
AssertObject: workspaceExecObj,
336340
},
337341
"GET:/api/v2/workspaceagents/{workspaceagent}/pty": {
338-
AssertAction: rbac.ActionUpdate,
339-
AssertObject: workspaceRBACObj,
342+
AssertAction: rbac.ActionCreate,
343+
AssertObject: workspaceExecObj,
340344
},
341345
"GET:/api/v2/workspaces/": {
342346
StatusCode: http.StatusOK,

coderd/workspaceagents.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ func (api *API) workspaceAgentDial(rw http.ResponseWriter, r *http.Request) {
7070

7171
workspaceAgent := httpmw.WorkspaceAgentParam(r)
7272
workspace := httpmw.WorkspaceParam(r)
73-
if !api.Authorize(r, rbac.ActionUpdate, workspace.ExecutionRBAC()) {
73+
if !api.Authorize(r, rbac.ActionCreate, workspace.ExecutionRBAC()) {
7474
httpapi.ResourceNotFound(rw)
7575
return
7676
}
@@ -305,7 +305,7 @@ func (api *API) workspaceAgentICEServers(rw http.ResponseWriter, _ *http.Request
305305
// workspaceAgentTurn proxies a WebSocket connection to the TURN server.
306306
func (api *API) workspaceAgentTurn(rw http.ResponseWriter, r *http.Request) {
307307
workspace := httpmw.WorkspaceParam(r)
308-
if !api.Authorize(r, rbac.ActionUpdate, workspace.ExecutionRBAC()) {
308+
if !api.Authorize(r, rbac.ActionCreate, workspace.ExecutionRBAC()) {
309309
httpapi.ResourceNotFound(rw)
310310
return
311311
}
@@ -370,7 +370,7 @@ func (api *API) workspaceAgentPTY(rw http.ResponseWriter, r *http.Request) {
370370

371371
workspaceAgent := httpmw.WorkspaceAgentParam(r)
372372
workspace := httpmw.WorkspaceParam(r)
373-
if !api.Authorize(r, rbac.ActionUpdate, workspace.ExecutionRBAC()) {
373+
if !api.Authorize(r, rbac.ActionCreate, workspace.ExecutionRBAC()) {
374374
httpapi.ResourceNotFound(rw)
375375
return
376376
}
@@ -484,7 +484,7 @@ func (api *API) postWorkspaceAgentWireguardPeer(rw http.ResponseWriter, r *http.
484484
workspace = httpmw.WorkspaceParam(r)
485485
)
486486

487-
if !api.Authorize(r, rbac.ActionUpdate, workspace.ExecutionRBAC()) {
487+
if !api.Authorize(r, rbac.ActionCreate, workspace.ExecutionRBAC()) {
488488
httpapi.ResourceNotFound(rw)
489489
return
490490
}

0 commit comments

Comments
 (0)