Skip to content

Commit cb91471

Browse files
EmyrkEmyrk
committed
chore: implement deleting custom roles
1 parent 43cbd73 commit cb91471

File tree

15 files changed

+444
-1
lines changed

15 files changed

+444
-1
lines changed

coderd/apidoc/docs.go

+45
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/apidoc/swagger.json

+41
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/dbauthz/dbauthz.go

+14
Original file line numberDiff line numberDiff line change
@@ -958,6 +958,20 @@ func (q *querier) DeleteCoordinator(ctx context.Context, id uuid.UUID) error {
958958
return q.db.DeleteCoordinator(ctx, id)
959959
}
960960

961+
func (q *querier) DeleteCustomRole(ctx context.Context, arg database.DeleteCustomRoleParams) error {
962+
if arg.OrganizationID.UUID != uuid.Nil {
963+
if err := q.authorizeContext(ctx, policy.ActionDelete, rbac.ResourceAssignOrgRole.InOrg(arg.OrganizationID.UUID)); err != nil {
964+
return err
965+
}
966+
} else {
967+
if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceAssignRole); err != nil {
968+
return err
969+
}
970+
}
971+
972+
return q.db.DeleteCustomRole(ctx, arg)
973+
}
974+
961975
func (q *querier) DeleteExternalAuthLink(ctx context.Context, arg database.DeleteExternalAuthLinkParams) error {
962976
return fetchAndExec(q.log, q.auth, policy.ActionUpdatePersonal, func(ctx context.Context, arg database.DeleteExternalAuthLinkParams) (database.ExternalAuthLink, error) {
963977
//nolint:gosimple

coderd/database/dbmem/dbmem.go

+19
Original file line numberDiff line numberDiff line change
@@ -1379,6 +1379,25 @@ func (*FakeQuerier) DeleteCoordinator(context.Context, uuid.UUID) error {
13791379
return ErrUnimplemented
13801380
}
13811381

1382+
func (q *FakeQuerier) DeleteCustomRole(_ context.Context, arg database.DeleteCustomRoleParams) error {
1383+
err := validateDatabaseType(arg)
1384+
if err != nil {
1385+
return err
1386+
}
1387+
1388+
q.mutex.RLock()
1389+
defer q.mutex.RUnlock()
1390+
1391+
initial := len(q.data.customRoles)
1392+
q.data.customRoles = slices.DeleteFunc(q.data.customRoles, func(role database.CustomRole) bool {
1393+
return role.OrganizationID.UUID == arg.OrganizationID.UUID && role.Name == arg.Name
1394+
})
1395+
if initial == len(q.data.customRoles) {
1396+
return sql.ErrNoRows
1397+
}
1398+
return nil
1399+
}
1400+
13821401
func (q *FakeQuerier) DeleteExternalAuthLink(_ context.Context, arg database.DeleteExternalAuthLinkParams) error {
13831402
err := validateDatabaseType(arg)
13841403
if err != nil {

coderd/database/dbmetrics/dbmetrics.go

+7
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/dbmock/dbmock.go

+14
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/querier.go

+1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries.sql.go

+18
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries/roles.sql

+7
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,13 @@ WHERE
2525
END
2626
;
2727

28+
-- name: DeleteCustomRole :exec
29+
DELETE FROM
30+
custom_roles
31+
WHERE
32+
name = lower(@name)
33+
AND organization_id = @organization_id
34+
;
2835

2936
-- name: UpsertCustomRole :one
3037
INSERT INTO

coderd/httpapi/httpapi.go

+13-1
Original file line numberDiff line numberDiff line change
@@ -106,12 +106,24 @@ func Is404Error(err error) bool {
106106
return false
107107
}
108108

109+
// This tests for dbauthz.IsNotAuthorizedError and rbac.IsUnauthorizedError.
110+
if IsUnauthorizedError(err) {
111+
return true
112+
}
113+
return xerrors.Is(err, sql.ErrNoRows)
114+
}
115+
116+
func IsUnauthorizedError(err error) bool {
117+
if err == nil {
118+
return false
119+
}
120+
109121
// This tests for dbauthz.IsNotAuthorizedError and rbac.IsUnauthorizedError.
110122
var unauthorized httpapiconstraints.IsUnauthorizedError
111123
if errors.As(err, &unauthorized) && unauthorized.IsUnauthorized() {
112124
return true
113125
}
114-
return xerrors.Is(err, sql.ErrNoRows)
126+
return false
115127
}
116128

117129
// Convenience error functions don't take contexts since their responses are

codersdk/roles.go

+14
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,20 @@ func (c *Client) PatchOrganizationRole(ctx context.Context, organizationID uuid.
8787
return role, json.NewDecoder(res.Body).Decode(&role)
8888
}
8989

90+
// DeleteOrganizationRole will delete a custom organization role
91+
func (c *Client) DeleteOrganizationRole(ctx context.Context, organizationID uuid.UUID, roleName string) error {
92+
res, err := c.Request(ctx, http.MethodDelete,
93+
fmt.Sprintf("/api/v2/organizations/%s/members/roles/%s", organizationID.String(), roleName), nil)
94+
if err != nil {
95+
return err
96+
}
97+
defer res.Body.Close()
98+
if res.StatusCode != http.StatusNoContent {
99+
return ReadBodyAsError(res)
100+
}
101+
return nil
102+
}
103+
90104
// ListSiteRoles lists all assignable site wide roles.
91105
func (c *Client) ListSiteRoles(ctx context.Context) ([]AssignableRoles, error) {
92106
res, err := c.Request(ctx, http.MethodGet, "/api/v2/users/roles", nil)

0 commit comments

Comments
 (0)