Drop unused resources & roles

Emyrk · Emyrk · commit d9f761d5fe1a · 2022-04-11T10:07:12.000-05:00
diff --git a/coderd/authz/authz_test.go b/coderd/authz/authz_test.go
@@ -60,7 +60,18 @@ func TestAuthorizeDomain(t *testing.T) {
 
 	user = authz.SubjectTODO{
 		UserID: "me",
-		Roles:  []authz.Role{authz.RoleDenyAll},
+		Roles: []authz.Role{{
+			Name: "deny-all",
+			// List out deny permissions explicitly
+			Site: []authz.Permission{
+				{
+					Negate:       true,
+					ResourceType: authz.Wildcard,
+					ResourceID:   authz.Wildcard,
+					Action:       authz.Wildcard,
+				},
+			},
+		}},
 	}
 
 	testAuthorize(t, "DeletedMember", user, []authTestCase{
diff --git a/coderd/authz/resources.go b/coderd/authz/resources.go
@@ -6,9 +6,7 @@ type ResourceType string
 const (
 	ResourceWorkspace ResourceType = "workspace"
 	ResourceTemplate  ResourceType = "template"
-	ResourceDevURL    ResourceType = "devurl"
 	ResourceUser      ResourceType = "user"
-	ResourceAuditLogs ResourceType = "audit-logs"
 )
 
 func (z ResourceType) All() Object {
diff --git a/coderd/authz/role.go b/coderd/authz/role.go
@@ -51,26 +51,13 @@ var (
 	RoleSiteAuditor = Role{
 		Name: "auditor",
 		Site: permissions(map[ResourceType][]Action{
-			ResourceAuditLogs: {ActionRead},
+			// TODO: @emyrk when audit logs are added, add back a read perm
+			//ResourceAuditLogs: {ActionRead},
 			// Should be able to read user details to associate with logs.
 			// Without this the user-id in logs is not very helpful
 			ResourceUser: {ActionRead},
 		}),
 	}
-
-	// RoleDenyAll is a role that denies everything everywhere.
-	RoleDenyAll = Role{
-		Name: "deny-all",
-		// List out deny permissions explicitly
-		Site: []Permission{
-			{
-				Negate:       true,
-				ResourceType: Wildcard,
-				ResourceID:   Wildcard,
-				Action:       Wildcard,
-			},
-		},
-	}
 )
 
 func RoleOrgDenyAll(orgID string) Role {

Original file line number	Diff line number	Diff line change
`@@ -6,9 +6,7 @@ type ResourceType string`
`6`	`6`	`const (`
`7`	`7`	`ResourceWorkspace ResourceType = "workspace"`
`8`	`8`	`ResourceTemplate ResourceType = "template"`
`9`		`- ResourceDevURL ResourceType = "devurl"`
`10`	`9`	`ResourceUser ResourceType = "user"`
`11`		`- ResourceAuditLogs ResourceType = "audit-logs"`
`12`	`10`	`)`
`13`	`11`
`14`	`12`	`func (z ResourceType) All() Object {`