Skip to content

Commit b9f4ea6

Browse files
dannykoppingdannykopping
committed
Self-review, appeasing CI
Signed-off-by: Danny Kopping <danny@coder.com>
1 parent 20e55d5 commit b9f4ea6

File tree

12 files changed

+106
-56
lines changed

12 files changed

+106
-56
lines changed

coderd/database/dbauthz/dbauthz.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1474,11 +1474,11 @@ func (q *querier) GetNotificationMessagesByStatus(ctx context.Context, arg datab
14741474
return q.db.GetNotificationMessagesByStatus(ctx, arg)
14751475
}
14761476

1477-
func (q *querier) GetNotificationTemplateById(ctx context.Context, id uuid.UUID) (database.NotificationTemplate, error) {
1477+
func (q *querier) GetNotificationTemplateByID(ctx context.Context, id uuid.UUID) (database.NotificationTemplate, error) {
14781478
if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceNotificationTemplate); err != nil {
14791479
return database.NotificationTemplate{}, err
14801480
}
1481-
return q.db.GetNotificationTemplateById(ctx, id)
1481+
return q.db.GetNotificationTemplateByID(ctx, id)
14821482
}
14831483

14841484
func (q *querier) GetNotificationTemplatesByKind(ctx context.Context, kind database.NotificationTemplateKind) ([]database.NotificationTemplate, error) {
@@ -3033,12 +3033,12 @@ func (q *querier) UpdateMemberRoles(ctx context.Context, arg database.UpdateMemb
30333033
return q.db.UpdateMemberRoles(ctx, arg)
30343034
}
30353035

3036-
func (q *querier) UpdateNotificationTemplateMethodById(ctx context.Context, arg database.UpdateNotificationTemplateMethodByIdParams) (database.NotificationTemplate, error) {
3036+
func (q *querier) UpdateNotificationTemplateMethodByID(ctx context.Context, arg database.UpdateNotificationTemplateMethodByIDParams) (database.NotificationTemplate, error) {
30373037
// TODO: how to restrict this to admins?
30383038
if err := q.authorizeContext(ctx, policy.ActionUpdate, rbac.ResourceNotificationTemplate); err != nil {
30393039
return database.NotificationTemplate{}, err
30403040
}
3041-
return q.db.UpdateNotificationTemplateMethodById(ctx, arg)
3041+
return q.db.UpdateNotificationTemplateMethodByID(ctx, arg)
30423042
}
30433043

30443044
func (q *querier) UpdateOAuth2ProviderAppByID(ctx context.Context, arg database.UpdateOAuth2ProviderAppByIDParams) (database.OAuth2ProviderApp, error) {

coderd/database/dbauthz/dbauthz_test.go

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ import (
1616
"cdr.dev/slog"
1717

1818
"github.com/coder/coder/v2/coderd/database/db2sdk"
19+
"github.com/coder/coder/v2/coderd/notifications"
1920
"github.com/coder/coder/v2/coderd/rbac/policy"
2021
"github.com/coder/coder/v2/codersdk"
2122

@@ -2555,6 +2556,10 @@ func (s *MethodTestSuite) TestSystemFunctions() {
25552556
AgentID: uuid.New(),
25562557
}).Asserts(tpl, policy.ActionCreate)
25572558
}))
2559+
}
2560+
2561+
func (s *MethodTestSuite) TestNotifications() {
2562+
// System functions
25582563
s.Run("AcquireNotificationMessages", s.Subtest(func(db database.Store, check *expects) {
25592564
// TODO: update this test once we have a specific role for notifications
25602565
check.Args(database.AcquireNotificationMessagesParams{}).Asserts(rbac.ResourceSystem, policy.ActionUpdate)
@@ -2590,6 +2595,40 @@ func (s *MethodTestSuite) TestSystemFunctions() {
25902595
Limit: 10,
25912596
}).Asserts(rbac.ResourceSystem, policy.ActionRead)
25922597
}))
2598+
2599+
// Notification templates
2600+
s.Run("GetNotificationTemplateByID", s.Subtest(func(db database.Store, check *expects) {
2601+
user := dbgen.User(s.T(), db, database.User{})
2602+
check.Args(user.ID).Asserts(rbac.ResourceNotificationTemplate, policy.ActionRead).
2603+
Errors(dbmem.ErrUnimplemented)
2604+
}))
2605+
s.Run("GetNotificationTemplatesByKind", s.Subtest(func(db database.Store, check *expects) {
2606+
check.Args(database.NotificationTemplateKindSystem).
2607+
Asserts(rbac.ResourceNotificationTemplate, policy.ActionRead).
2608+
Errors(dbmem.ErrUnimplemented)
2609+
}))
2610+
s.Run("UpdateNotificationTemplateMethodByID", s.Subtest(func(db database.Store, check *expects) {
2611+
check.Args(database.UpdateNotificationTemplateMethodByIDParams{
2612+
Method: database.NullNotificationMethod{NotificationMethod: database.NotificationMethodWebhook, Valid: true},
2613+
ID: notifications.TemplateWorkspaceDormant,
2614+
}).Asserts(rbac.ResourceNotificationTemplate, policy.ActionUpdate).
2615+
Errors(dbmem.ErrUnimplemented)
2616+
}))
2617+
2618+
// Notification preferences
2619+
s.Run("GetUserNotificationPreferences", s.Subtest(func(db database.Store, check *expects) {
2620+
user := dbgen.User(s.T(), db, database.User{})
2621+
check.Args(user.ID).
2622+
Asserts(rbac.ResourceNotificationPreference.WithOwner(user.ID.String()), policy.ActionRead)
2623+
}))
2624+
s.Run("UpdateUserNotificationPreferences", s.Subtest(func(db database.Store, check *expects) {
2625+
user := dbgen.User(s.T(), db, database.User{})
2626+
check.Args(database.UpdateUserNotificationPreferencesParams{
2627+
UserID: user.ID,
2628+
NotificationTemplateIds: []uuid.UUID{notifications.TemplateWorkspaceAutoUpdated, notifications.TemplateWorkspaceDeleted},
2629+
Disableds: []bool{true, false},
2630+
}).Asserts(rbac.ResourceNotificationPreference.WithOwner(user.ID.String()), policy.ActionUpdate)
2631+
}))
25932632
}
25942633

25952634
func (s *MethodTestSuite) TestOAuth2ProviderApps() {

coderd/database/dbmem/dbmem.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2710,11 +2710,11 @@ func (q *FakeQuerier) GetNotificationMessagesByStatus(_ context.Context, arg dat
27102710
return out, nil
27112711
}
27122712

2713-
func (*FakeQuerier) GetNotificationTemplateById(_ context.Context, _ uuid.UUID) (database.NotificationTemplate, error) {
2713+
func (*FakeQuerier) GetNotificationTemplateByID(_ context.Context, _ uuid.UUID) (database.NotificationTemplate, error) {
27142714
return database.NotificationTemplate{}, ErrUnimplemented
27152715
}
27162716

2717-
func (q *FakeQuerier) GetNotificationTemplatesByKind(ctx context.Context, kind database.NotificationTemplateKind) ([]database.NotificationTemplate, error) {
2717+
func (*FakeQuerier) GetNotificationTemplatesByKind(_ context.Context, _ database.NotificationTemplateKind) ([]database.NotificationTemplate, error) {
27182718
return nil, ErrUnimplemented
27192719
}
27202720

@@ -7546,7 +7546,7 @@ func (q *FakeQuerier) UpdateMemberRoles(_ context.Context, arg database.UpdateMe
75467546
return database.OrganizationMember{}, sql.ErrNoRows
75477547
}
75487548

7549-
func (*FakeQuerier) UpdateNotificationTemplateMethodById(_ context.Context, _ database.UpdateNotificationTemplateMethodByIdParams) (database.NotificationTemplate, error) {
7549+
func (*FakeQuerier) UpdateNotificationTemplateMethodByID(_ context.Context, _ database.UpdateNotificationTemplateMethodByIDParams) (database.NotificationTemplate, error) {
75507550
return database.NotificationTemplate{}, ErrUnimplemented
75517551
}
75527552

coderd/database/dbmetrics/dbmetrics.go

Lines changed: 6 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/dbmock/dbmock.go

Lines changed: 12 additions & 12 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/querier.go

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries.sql.go

Lines changed: 7 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries/notifications.sql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -157,13 +157,13 @@ ON CONFLICT (user_id, notification_template_id) DO UPDATE
157157
SET disabled = EXCLUDED.disabled,
158158
updated_at = CURRENT_TIMESTAMP;
159159

160-
-- name: UpdateNotificationTemplateMethodById :one
160+
-- name: UpdateNotificationTemplateMethodByID :one
161161
UPDATE notification_templates
162162
SET method = sqlc.narg('method')::notification_method
163163
WHERE id = @id::uuid
164164
RETURNING *;
165165

166-
-- name: GetNotificationTemplateById :one
166+
-- name: GetNotificationTemplateByID :one
167167
SELECT *
168168
FROM notification_templates
169169
WHERE id = @id::uuid;

coderd/rbac/object_gen.go

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/rbac/policy/policy.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -263,8 +263,8 @@ var RBACPermissions = map[string]PermissionDefinition{
263263
},
264264
"notification_preference": {
265265
Actions: map[Action]ActionDefinition{
266-
ActionRead: actDef("read own notification preferences"),
267-
ActionUpdate: actDef("update own notification preferences"),
266+
ActionRead: actDef("read notification preferences"),
267+
ActionUpdate: actDef("update notification preferences"),
268268
},
269269
},
270270
}

coderd/rbac/roles_test.go

Lines changed: 25 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -591,6 +591,8 @@ func TestRolePermissions(t *testing.T) {
591591
},
592592
},
593593
{
594+
// Any owner/admin across may access any users' preferences
595+
// Members may not access other members' preferences
594596
Name: "NotificationPreferencesOwn",
595597
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate},
596598
Resource: rbac.ResourceNotificationPreference.WithOwner(currentUser.String()),
@@ -605,6 +607,7 @@ func TestRolePermissions(t *testing.T) {
605607
},
606608
},
607609
{
610+
// Any owner/admin may access notification templates
608611
Name: "NotificationTemplates",
609612
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate},
610613
Resource: rbac.ResourceNotificationTemplate,
@@ -618,6 +621,23 @@ func TestRolePermissions(t *testing.T) {
618621
},
619622
},
620623
},
624+
{
625+
// Notification preferences are currently not organization-scoped
626+
// Any owner/admin may access any users' preferences
627+
// Members may not access other members' preferences
628+
Name: "NotificationPreferencesOtherUser",
629+
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate},
630+
Resource: rbac.ResourceNotificationPreference.InOrg(orgID).WithOwner(uuid.NewString()), // some other user
631+
AuthorizeMap: map[bool][]hasAuthSubjects{
632+
true: {orgAdmin, owner},
633+
false: {
634+
memberMe, templateAdmin, orgUserAdmin, userAdmin,
635+
orgAuditor, orgTemplateAdmin,
636+
otherOrgMember, otherOrgAuditor, otherOrgUserAdmin, otherOrgTemplateAdmin,
637+
otherOrgAdmin, orgMemberMe,
638+
},
639+
},
640+
},
621641
// AnyOrganization tests
622642
{
623643
Name: "CreateOrgMember",
@@ -659,6 +679,9 @@ func TestRolePermissions(t *testing.T) {
659679
},
660680
},
661681
{
682+
// Notification preferences are currently not organization-scoped
683+
// Any owner/admin across any organization may access any users' preferences
684+
// Members may access their own preferences
662685
Name: "NotificationPreferencesAnyOrg",
663686
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate},
664687
Resource: rbac.ResourceNotificationPreference.AnyOrganization().WithOwner(currentUser.String()),
@@ -672,20 +695,8 @@ func TestRolePermissions(t *testing.T) {
672695
},
673696
},
674697
{
675-
Name: "NotificationPreferencesOtherUser",
676-
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate},
677-
Resource: rbac.ResourceNotificationPreference.InOrg(orgID).WithOwner(uuid.NewString()), // some other user
678-
AuthorizeMap: map[bool][]hasAuthSubjects{
679-
true: {orgAdmin, owner},
680-
false: {
681-
memberMe, templateAdmin, orgUserAdmin, userAdmin,
682-
orgAuditor, orgTemplateAdmin,
683-
otherOrgMember, otherOrgAuditor, otherOrgUserAdmin, otherOrgTemplateAdmin,
684-
otherOrgAdmin, orgMemberMe,
685-
},
686-
},
687-
},
688-
{
698+
// Notification templates are currently not organization-scoped
699+
// Any owner/admin across any organization may access notification templates
689700
Name: "NotificationTemplateAnyOrg",
690701
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate},
691702
Resource: rbac.ResourceNotificationPreference.AnyOrganization(),

site/src/api/rbacresources_gen.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -56,8 +56,8 @@ export const RBACResourceActions: Partial<
5656
read: "read licenses",
5757
},
5858
notification_preference: {
59-
read: "read own notification preferences",
60-
update: "update own notification preferences",
59+
read: "read notification preferences",
60+
update: "update notification preferences",
6161
},
6262
notification_template: {
6363
read: "read notification templates",

0 commit comments

Comments
 (0)