Skip to content

Commit bb5acb0

Browse files
deansheatherdeansheather
authored
fix: allow users to use quiet hours endpoint (#10547)
1 parent 95e5419 commit bb5acb0

File tree

2 files changed

+19
-11
lines changed

2 files changed

+19
-11
lines changed

coderd/database/dbauthz/dbauthz.go

+7-3
Original file line numberDiff line numberDiff line change
@@ -2653,10 +2653,14 @@ func (q *querier) UpdateUserProfile(ctx context.Context, arg database.UpdateUser
26532653
}
26542654

26552655
func (q *querier) UpdateUserQuietHoursSchedule(ctx context.Context, arg database.UpdateUserQuietHoursScheduleParams) (database.User, error) {
2656-
fetch := func(ctx context.Context, arg database.UpdateUserQuietHoursScheduleParams) (database.User, error) {
2657-
return q.db.GetUserByID(ctx, arg.ID)
2656+
u, err := q.db.GetUserByID(ctx, arg.ID)
2657+
if err != nil {
2658+
return database.User{}, err
2659+
}
2660+
if err := q.authorizeContext(ctx, rbac.ActionUpdate, u.UserDataRBACObject()); err != nil {
2661+
return database.User{}, err
26582662
}
2659-
return updateWithReturn(q.log, q.auth, fetch, q.db.UpdateUserQuietHoursSchedule)(ctx, arg)
2663+
return q.db.UpdateUserQuietHoursSchedule(ctx, arg)
26602664
}
26612665

26622666
// UpdateUserRoles updates the site roles of a user. The validation for this function include more than

enterprise/coderd/users_test.go

+12-8
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ func TestUserQuietHours(t *testing.T) {
3737
dv.UserQuietHoursSchedule.DefaultSchedule.Set(defaultQuietHoursSchedule)
3838
dv.Experiments.Set(string(codersdk.ExperimentTemplateAutostopRequirement))
3939

40-
client, user := coderdenttest.New(t, &coderdenttest.Options{
40+
adminClient, adminUser := coderdenttest.New(t, &coderdenttest.Options{
4141
Options: &coderdtest.Options{
4242
DeploymentValues: dv,
4343
},
@@ -49,6 +49,10 @@ func TestUserQuietHours(t *testing.T) {
4949
},
5050
})
5151

52+
// Do it with another user to make sure that we're not hitting RBAC
53+
// errors.
54+
client, user := coderdtest.CreateAnotherUser(t, adminClient, adminUser.OrganizationID)
55+
5256
// Get quiet hours for a user that doesn't have them set.
5357
ctx := testutil.Context(t, testutil.WaitLong)
5458
sched1, err := client.UserQuietHoursSchedule(ctx, codersdk.Me)
@@ -72,7 +76,7 @@ func TestUserQuietHours(t *testing.T) {
7276
require.NoError(t, err)
7377
}
7478

75-
sched2, err := client.UpdateUserQuietHoursSchedule(ctx, user.UserID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{
79+
sched2, err := client.UpdateUserQuietHoursSchedule(ctx, user.ID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{
7680
Schedule: customQuietHoursSchedule,
7781
})
7882
require.NoError(t, err)
@@ -83,7 +87,7 @@ func TestUserQuietHours(t *testing.T) {
8387
require.WithinDuration(t, customScheduleParsed.Next(time.Now()), sched2.Next, 15*time.Second)
8488

8589
// Get quiet hours for a user that has them set.
86-
sched3, err := client.UserQuietHoursSchedule(ctx, user.UserID.String())
90+
sched3, err := client.UserQuietHoursSchedule(ctx, user.ID.String())
8791
require.NoError(t, err)
8892
require.Equal(t, customScheduleParsed.String(), sched3.RawSchedule)
8993
require.True(t, sched3.UserSet)
@@ -92,33 +96,33 @@ func TestUserQuietHours(t *testing.T) {
9296
require.WithinDuration(t, customScheduleParsed.Next(time.Now()), sched3.Next, 15*time.Second)
9397

9498
// Try setting a garbage schedule.
95-
_, err = client.UpdateUserQuietHoursSchedule(ctx, user.UserID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{
99+
_, err = client.UpdateUserQuietHoursSchedule(ctx, user.ID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{
96100
Schedule: "garbage",
97101
})
98102
require.Error(t, err)
99103
require.ErrorContains(t, err, "parse daily schedule")
100104

101105
// Try setting a non-daily schedule.
102-
_, err = client.UpdateUserQuietHoursSchedule(ctx, user.UserID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{
106+
_, err = client.UpdateUserQuietHoursSchedule(ctx, user.ID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{
103107
Schedule: "CRON_TZ=America/Chicago 0 0 * * 1",
104108
})
105109
require.Error(t, err)
106110
require.ErrorContains(t, err, "parse daily schedule")
107111

108112
// Try setting a schedule with a timezone that doesn't exist.
109-
_, err = client.UpdateUserQuietHoursSchedule(ctx, user.UserID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{
113+
_, err = client.UpdateUserQuietHoursSchedule(ctx, user.ID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{
110114
Schedule: "CRON_TZ=Deans/House 0 0 * * *",
111115
})
112116
require.Error(t, err)
113117
require.ErrorContains(t, err, "parse daily schedule")
114118

115119
// Try setting a schedule with more than one time.
116-
_, err = client.UpdateUserQuietHoursSchedule(ctx, user.UserID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{
120+
_, err = client.UpdateUserQuietHoursSchedule(ctx, user.ID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{
117121
Schedule: "CRON_TZ=America/Chicago 0 0,12 * * *",
118122
})
119123
require.Error(t, err)
120124
require.ErrorContains(t, err, "more than one time")
121-
_, err = client.UpdateUserQuietHoursSchedule(ctx, user.UserID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{
125+
_, err = client.UpdateUserQuietHoursSchedule(ctx, user.ID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{
122126
Schedule: "CRON_TZ=America/Chicago 0-30 0 * * *",
123127
})
124128
require.Error(t, err)

0 commit comments

Comments
 (0)