Skip to content

Commit c162c0f

Browse files
sreyasreya
authored
fix: omit users for 'Everyone' group in response (#5937)
1 parent 69fce04 commit c162c0f

File tree

7 files changed

+26
-90
lines changed

7 files changed

+26
-90
lines changed

coderd/database/databasefake/databasefake.go

-18
Original file line numberDiff line numberDiff line change
@@ -4051,24 +4051,6 @@ func (q *fakeQuerier) GetGroupsByOrganizationID(_ context.Context, organizationI
40514051
return groups, nil
40524052
}
40534053

4054-
func (q *fakeQuerier) GetAllOrganizationMembers(_ context.Context, organizationID uuid.UUID) ([]database.User, error) {
4055-
q.mutex.RLock()
4056-
defer q.mutex.RUnlock()
4057-
4058-
var users []database.User
4059-
for _, member := range q.organizationMembers {
4060-
if member.OrganizationID == organizationID {
4061-
for _, user := range q.users {
4062-
if user.ID == member.UserID {
4063-
users = append(users, user)
4064-
}
4065-
}
4066-
}
4067-
}
4068-
4069-
return users, nil
4070-
}
4071-
40724054
func (q *fakeQuerier) DeleteGroupByID(_ context.Context, id uuid.UUID) error {
40734055
q.mutex.Lock()
40744056
defer q.mutex.Unlock()

coderd/database/querier.go

-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries.sql.go

-49
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries/groups.sql

-12
Original file line numberDiff line numberDiff line change
@@ -36,18 +36,6 @@ AND
3636
AND
3737
users.deleted = 'false';
3838

39-
-- name: GetAllOrganizationMembers :many
40-
SELECT
41-
users.*
42-
FROM
43-
users
44-
JOIN
45-
organization_members
46-
ON
47-
users.id = organization_members.user_id
48-
WHERE
49-
organization_members.organization_id = $1;
50-
5139
-- name: GetGroupsByOrganizationID :many
5240
SELECT
5341
*

enterprise/coderd/groups_test.go

+20
Original file line numberDiff line numberDiff line change
@@ -605,6 +605,26 @@ func TestGroup(t *testing.T) {
605605
require.NotContains(t, group.Members, user1)
606606
require.Contains(t, group.Members, user2)
607607
})
608+
609+
t.Run("everyoneGroupReturnsEmpty", func(t *testing.T) {
610+
t.Parallel()
611+
612+
client := coderdenttest.New(t, nil)
613+
user := coderdtest.CreateFirstUser(t, client)
614+
615+
_ = coderdenttest.AddLicense(t, client, coderdenttest.LicenseOptions{
616+
Features: license.Features{
617+
codersdk.FeatureTemplateRBAC: 1,
618+
},
619+
})
620+
ctx, _ := testutil.Context(t)
621+
// The 'Everyone' group always has an ID that matches the organization ID.
622+
group, err := client.Group(ctx, user.OrganizationID)
623+
require.NoError(t, err)
624+
require.Len(t, group.Members, 0)
625+
require.Equal(t, "Everyone", group.Name)
626+
require.Equal(t, user.OrganizationID, group.OrganizationID)
627+
})
608628
}
609629

610630
// TODO: test auth.

enterprise/coderd/templates.go

+1-6
Original file line numberDiff line numberDiff line change
@@ -78,16 +78,11 @@ func (api *API) templateACL(rw http.ResponseWriter, r *http.Request) {
7878
for _, group := range dbGroups {
7979
var members []database.User
8080

81-
if group.Name == database.AllUsersGroup {
82-
members, err = api.Database.GetAllOrganizationMembers(ctx, group.OrganizationID)
83-
} else {
84-
members, err = api.Database.GetGroupMembers(ctx, group.ID)
85-
}
81+
members, err = api.Database.GetGroupMembers(ctx, group.ID)
8682
if err != nil {
8783
httpapi.InternalServerError(rw, err)
8884
return
8985
}
90-
9186
groups = append(groups, codersdk.TemplateGroup{
9287
Group: convertGroup(group.Group, members),
9388
Role: convertToTemplateRole(group.Actions),

enterprise/coderd/templates_test.go

+5-4
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@ func TestTemplateACL(t *testing.T) {
6666
require.Contains(t, acl.Users, templateUser3)
6767
})
6868

69-
t.Run("allUsersGroup", func(t *testing.T) {
69+
t.Run("everyoneGroup", func(t *testing.T) {
7070
t.Parallel()
7171
client := coderdenttest.New(t, nil)
7272
user := coderdtest.CreateFirstUser(t, client)
@@ -76,7 +76,8 @@ func TestTemplateACL(t *testing.T) {
7676
},
7777
})
7878

79-
_, user1 := coderdtest.CreateAnotherUserWithUser(t, client, user.OrganizationID)
79+
// Create a user to assert they aren't returned in the response.
80+
_, _ = coderdtest.CreateAnotherUserWithUser(t, client, user.OrganizationID)
8081
version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
8182
template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
8283

@@ -87,8 +88,8 @@ func TestTemplateACL(t *testing.T) {
8788
require.NoError(t, err)
8889

8990
require.Len(t, acl.Groups, 1)
90-
require.Len(t, acl.Groups[0].Members, 2)
91-
require.Contains(t, acl.Groups[0].Members, user1)
91+
// We don't return members for the 'Everyone' group.
92+
require.Len(t, acl.Groups[0].Members, 0)
9293
require.Len(t, acl.Users, 0)
9394
})
9495

0 commit comments

Comments
 (0)