@@ -254,6 +254,59 @@ func TestCreateUserWorkspace(t *testing.T) {
254254 t .Run ("ForAnotherUser" , func (t * testing.T ) {
255255 t .Parallel ()
256256
257+ owner , first := coderdenttest .New (t , & coderdenttest.Options {
258+ Options : & coderdtest.Options {
259+ IncludeProvisionerDaemon : true ,
260+ },
261+ LicenseOptions : & coderdenttest.LicenseOptions {
262+ Features : license.Features {
263+ codersdk .FeatureCustomRoles : 1 ,
264+ codersdk .FeatureTemplateRBAC : 1 ,
265+ },
266+ },
267+ })
268+ ctx := testutil .Context (t , testutil .WaitShort )
269+ //nolint:gocritic // using owner to setup roles
270+ r , err := owner .CreateOrganizationRole (ctx , codersdk.Role {
271+ Name : "creator" ,
272+ OrganizationID : first .OrganizationID .String (),
273+ DisplayName : "Creator" ,
274+ OrganizationPermissions : codersdk .CreatePermissions (map [codersdk.RBACResource ][]codersdk.RBACAction {
275+ codersdk .ResourceWorkspace : {codersdk .ActionCreate , codersdk .ActionWorkspaceStart , codersdk .ActionUpdate , codersdk .ActionRead },
276+ codersdk .ResourceOrganizationMember : {codersdk .ActionRead },
277+ }),
278+ })
279+ require .NoError (t , err )
280+
281+ // use admin for setting up test
282+ admin , adminID := coderdtest .CreateAnotherUser (t , owner , first .OrganizationID , rbac .RoleTemplateAdmin ())
283+
284+ // try the test action with this user & custom role
285+ creator , _ := coderdtest .CreateAnotherUser (t , owner , first .OrganizationID , rbac .RoleMember (), rbac.RoleIdentifier {
286+ Name : r .Name ,
287+ OrganizationID : first .OrganizationID ,
288+ })
289+
290+ template , _ := coderdtest .DynamicParameterTemplate (t , admin , first .OrganizationID , coderdtest.DynamicParameterTemplateParams {})
291+
292+ ctx = testutil .Context (t , testutil .WaitLong * 1000 ) // Reset the context to avoid timeouts.
293+
294+ wrk , err := creator .CreateUserWorkspace (ctx , adminID .ID .String (), codersdk.CreateWorkspaceRequest {
295+ TemplateID : template .ID ,
296+ Name : "workspace" ,
297+ })
298+ require .NoError (t , err )
299+ coderdtest .AwaitWorkspaceBuildJobCompleted (t , admin , wrk .LatestBuild .ID )
300+
301+ _ , err = creator .WorkspaceByOwnerAndName (ctx , adminID .Username , wrk .Name , codersdk.WorkspaceOptions {
302+ IncludeDeleted : false ,
303+ })
304+ require .NoError (t , err )
305+ })
306+
307+ t .Run ("ForANonOrgMember" , func (t * testing.T ) {
308+ t .Parallel ()
309+
257310 owner , first := coderdenttest .New (t , & coderdenttest.Options {
258311 Options : & coderdtest.Options {
259312 IncludeProvisionerDaemon : true ,
@@ -279,23 +332,24 @@ func TestCreateUserWorkspace(t *testing.T) {
279332 })
280333 require .NoError (t , err )
281334
282- secondOrg := coderdenttest .CreateOrganization (t , owner , coderdenttest.CreateOrganizationOptions {})
283-
284335 // user to make the workspace for, **note** the user is not a member of the first org.
285336 // This is strange, but technically valid. The creator can create a workspace for
286337 // this user in this org, even though the user cannot access the workspace.
338+ secondOrg := coderdenttest .CreateOrganization (t , owner , coderdenttest.CreateOrganizationOptions {})
287339 _ , forUser := coderdtest .CreateAnotherUser (t , owner , secondOrg .ID )
288340
289- // Need an admin to make the template
290- admin , _ := coderdtest .CreateAnotherUser (t , owner , first .OrganizationID , rbac .ScopedRoleOrgTemplateAdmin (first .OrganizationID ))
291-
292341 // try the test action with this user & custom role
293- creator , _ := coderdtest .CreateAnotherUser (t , owner , first .OrganizationID , rbac .RoleMember (), rbac.RoleIdentifier {
294- Name : r .Name ,
295- OrganizationID : first .OrganizationID ,
296- })
342+ creator , _ := coderdtest .CreateAnotherUser (t , owner , first .OrganizationID , rbac .RoleMember (),
343+ rbac .RoleTemplateAdmin (), // Need site wide access to make workspace for non-org
344+ rbac.RoleIdentifier {
345+ Name : r .Name ,
346+ OrganizationID : first .OrganizationID ,
347+ },
348+ )
297349
298- template , _ := coderdtest .DynamicParameterTemplate (t , admin , first .OrganizationID , coderdtest.DynamicParameterTemplateParams {})
350+ version := coderdtest .CreateTemplateVersion (t , creator , first .OrganizationID , nil )
351+ coderdtest .AwaitTemplateVersionJobCompleted (t , creator , version .ID )
352+ template := coderdtest .CreateTemplate (t , creator , first .OrganizationID , version .ID )
299353
300354 ctx = testutil .Context (t , testutil .WaitLong * 1000 ) // Reset the context to avoid timeouts.
301355
0 commit comments