authzquery: implement group and system methods

johnstcn · johnstcn · commit d1cfa7388ced · 2023-02-03T10:29:07.000Z
- Use new dbgen methods for tests in system.go
- Implement panicky methods in group.go
- nit: rename Metadatums to Metadata 8-)
diff --git a/coderd/authzquery/group.go b/coderd/authzquery/group.go
@@ -23,11 +23,24 @@ func (q *AuthzQuerier) DeleteGroupMemberFromGroup(ctx context.Context, arg datab
 }
 
 func (q *AuthzQuerier) InsertUserGroupsByName(ctx context.Context, arg database.InsertUserGroupsByNameParams) error {
-	panic("not implemented")
+	// This will add the user to all named groups. This counts as updating a group.
+	// NOTE: instead of checking if the user has permission to update each group, we instead
+	// check if the user has permission to update *a* group in the org.
+	fetch := func(ctx context.Context, arg database.InsertUserGroupsByNameParams) (rbac.Objecter, error) {
+		return rbac.ResourceGroup.InOrg(arg.OrganizationID), nil
+	}
+	return authorizedUpdate(q.logger, q.authorizer, fetch, q.database.InsertUserGroupsByName)(ctx, arg)
 }
 
 func (q *AuthzQuerier) DeleteGroupMembersByOrgAndUser(ctx context.Context, arg database.DeleteGroupMembersByOrgAndUserParams) error {
-	panic("not implemented")
+	// This will remove the user from all groups in the org. This counts as updating a group.
+	// Authorizing this 100% correctly requires fetching all groups in the org, and checking if the user is a member.
+	// If so, we then need to check if the caller has permission to update those groups.
+	// This is prohibitively expensive, so we instead check if the caller has permission to update *a* group in the org.
+	fetch := func(ctx context.Context, arg database.DeleteGroupMembersByOrgAndUserParams) (rbac.Objecter, error) {
+		return rbac.ResourceGroup.InOrg(arg.OrganizationID), nil
+	}
+	return authorizedUpdate(q.logger, q.authorizer, fetch, q.database.DeleteGroupMembersByOrgAndUser)(ctx, arg)
 }
 
 func (q *AuthzQuerier) GetGroupByID(ctx context.Context, id uuid.UUID) (database.Group, error) {
diff --git a/coderd/authzquery/system_test.go b/coderd/authzquery/system_test.go
@@ -161,8 +161,7 @@ func (suite *MethodTestSuite) TestSystemFunctions() {
 	})
 	suite.Run("GetWorkspaceAppsCreatedAfter", func() {
 		suite.RunMethodTest(func(t *testing.T, db database.Store) MethodCase {
-			// TODO: Implement this
-			//_ = dbgen.WorkspaceApp(t, db, database.WorkspaceApp{CreatedAt: time.Now().Add(-time.Hour)})
+			_ = dbgen.WorkspaceApp(t, db, database.WorkspaceApp{CreatedAt: time.Now().Add(-time.Hour)})
 			return methodCase(inputs(time.Now()), asserts())
 		})
 	})
@@ -174,8 +173,7 @@ func (suite *MethodTestSuite) TestSystemFunctions() {
 	})
 	suite.Run("GetWorkspaceResourceMetadataCreatedAfter", func() {
 		suite.RunMethodTest(func(t *testing.T, db database.Store) MethodCase {
-			// TODO: Implement this
-			//_ = dbgen.database.WorkspaceResourceMetadatum(t, db, database.WorkspaceResourceMetadatum{CreatedAt: time.Now().Add(-time.Hour)})
+			_ = dbgen.WorkspaceResourceMetadata(t, db, database.WorkspaceResourceMetadatum{})
 			return methodCase(inputs(time.Now()), asserts())
 		})
 	})
@@ -186,8 +184,7 @@ func (suite *MethodTestSuite) TestSystemFunctions() {
 	})
 	suite.Run("GetParameterSchemasCreatedAfter", func() {
 		suite.RunMethodTest(func(t *testing.T, db database.Store) MethodCase {
-			// TODO: Implement this
-			//schema := dbgen.ParameterSchema(t, db, database.ParameterSchema{CreatedAt: time.Now().Add(-time.Hour)})
+			_ = dbgen.ParameterSchema(t, db, database.ParameterSchema{CreatedAt: time.Now().Add(-time.Hour)})
 			return methodCase(inputs(time.Now()), asserts())
 		})
 	})
diff --git a/coderd/database/dbgen/generator.go b/coderd/database/dbgen/generator.go
@@ -314,7 +314,7 @@ func WorkspaceResource(t *testing.T, db database.Store, orig database.WorkspaceR
 	return resource
 }
 
-func WorkspaceResourceMetadatums(t *testing.T, db database.Store, seed database.WorkspaceResourceMetadatum) []database.WorkspaceResourceMetadatum {
+func WorkspaceResourceMetadata(t *testing.T, db database.Store, seed database.WorkspaceResourceMetadatum) []database.WorkspaceResourceMetadatum {
 	meta, err := db.InsertWorkspaceResourceMetadata(context.Background(), database.InsertWorkspaceResourceMetadataParams{
 		WorkspaceResourceID: takeFirst(seed.WorkspaceResourceID, uuid.New()),
 		Key:                 []string{takeFirst(seed.Key, namesgenerator.GetRandomName(1))},
diff --git a/coderd/database/dbgen/generator_test.go b/coderd/database/dbgen/generator_test.go
@@ -68,10 +68,10 @@ func TestGenerator(t *testing.T) {
 		require.Equal(t, exp, must(db.GetWorkspaceAppsByAgentID(context.Background(), exp.AgentID))[0])
 	})
 
-	t.Run("WorkspaceResourceMetadatum", func(t *testing.T) {
+	t.Run("WorkspaceResourceMetadata", func(t *testing.T) {
 		t.Parallel()
 		db := dbfake.New()
-		exp := dbgen.WorkspaceResourceMetadatums(t, db, database.WorkspaceResourceMetadatum{})
+		exp := dbgen.WorkspaceResourceMetadata(t, db, database.WorkspaceResourceMetadatum{})
 		require.Equal(t, exp, must(db.GetWorkspaceResourceMetadataByResourceIDs(context.Background(), []uuid.UUID{exp[0].WorkspaceResourceID})))
 	})
 

Original file line number	Diff line number	Diff line change
`@@ -314,7 +314,7 @@ func WorkspaceResource(t *testing.T, db database.Store, orig database.WorkspaceR`
`314`	`314`	`return resource`
`315`	`315`	`}`
`316`	`316`
`317`		`-func WorkspaceResourceMetadatums(t *testing.T, db database.Store, seed database.WorkspaceResourceMetadatum) []database.WorkspaceResourceMetadatum {`
	`317`	`+func WorkspaceResourceMetadata(t *testing.T, db database.Store, seed database.WorkspaceResourceMetadatum) []database.WorkspaceResourceMetadatum {`
`318`	`318`	`meta, err := db.InsertWorkspaceResourceMetadata(context.Background(), database.InsertWorkspaceResourceMetadataParams{`
`319`	`319`	`WorkspaceResourceID: takeFirst(seed.WorkspaceResourceID, uuid.New()),`
`320`	`320`	`Key: []string{takeFirst(seed.Key, namesgenerator.GetRandomName(1))},`