User proper rbac errors in unit test

Emyrk · Emyrk · commit bbe4f18410be · 2023-02-10T12:06:04.000-06:00
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -325,7 +325,6 @@ func New(options *Options) *API {
 				DisableSessionExpiryRefresh: options.DeploymentConfig.DisableSessionExpiryRefresh.Value,
 				Optional:                    true,
 			}),
-			// TODO: We should remove this auth context after middleware.
 			httpmw.AsAuthzSystem(
 				// Redirect to the login page if the user tries to open an app with
 				// "me" as the username and they are not logged in.
diff --git a/coderd/database/dbauthz/setup_test.go b/coderd/database/dbauthz/setup_test.go
@@ -201,7 +201,7 @@ func (s *MethodTestSuite) NoActorErrorTest(callMethod func(ctx context.Context)
 // Asserts that the error returned is a NotAuthorizedError.
 func (s *MethodTestSuite) NotAuthorizedErrorTest(ctx context.Context, az *coderdtest.FakeAuthorizer, callMethod func(ctx context.Context) ([]reflect.Value, error)) {
 	s.Run("NotAuthorized", func() {
-		az.AlwaysReturn = xerrors.New("Always fail authz")
+		az.AlwaysReturn = rbac.ForbiddenWithInternal(xerrors.New("Always fail authz"), rbac.Subject{}, "", rbac.Object{}, nil)
 
 		// If we have assertions, that means the method should FAIL
 		// if RBAC will disallow the request. The returned error should
@@ -211,6 +211,7 @@ func (s *MethodTestSuite) NotAuthorizedErrorTest(ctx context.Context, az *coderd
 		// This is unfortunate, but if we are using `Filter` the error returned will be nil. So filter out
 		// any case where the error is nil and the response is an empty slice.
 		if err != nil || !hasEmptySliceResponse(resp) {
+			s.ErrorContainsf(err, "unauthorized", "error string should have a good message")
 			s.Errorf(err, "method should an error with disallow authz")
 			s.ErrorIsf(err, sql.ErrNoRows, "error should match sql.ErrNoRows")
 			s.ErrorAs(err, &dbauthz.NotAuthorizedError{}, "error should be NotAuthorizedError")
