fix AuthzUserSubject to include member and org member role

Emyrk · Emyrk · commit dd08f2f6ab08 · 2023-12-07T12:40:42.000-06:00
diff --git a/coderd/coderdtest/coderdtest.go b/coderd/coderdtest/coderdtest.go
@@ -617,11 +617,15 @@ func CreateAnotherUserMutators(t testing.TB, client *codersdk.Client, organizati
 }
 
 // AuthzUserSubject does not include the user's groups.
-func AuthzUserSubject(user codersdk.User) rbac.Subject {
+func AuthzUserSubject(user codersdk.User, orgID uuid.UUID) rbac.Subject {
 	roles := make(rbac.RoleNames, 0, len(user.Roles))
+	// Member role is always implied
+	roles = append(roles, rbac.RoleMember())
 	for _, r := range user.Roles {
 		roles = append(roles, r.Name)
 	}
+	// We assume only 1 org exists
+	roles = append(roles, rbac.RoleOrgMember(orgID))
 
 	return rbac.Subject{
 		ID:     user.ID.String(),
diff --git a/coderd/templates_test.go b/coderd/templates_test.go
@@ -560,7 +560,7 @@ func TestPatchTemplateMeta(t *testing.T) {
 		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
 		defer cancel()
 		// nolint:gocritic // Setting up unit test data
-		err := db.UpdateTemplateAccessControlByID(dbauthz.As(ctx, coderdtest.AuthzUserSubject(tplAdmin)), database.UpdateTemplateAccessControlByIDParams{
+		err := db.UpdateTemplateAccessControlByID(dbauthz.As(ctx, coderdtest.AuthzUserSubject(tplAdmin, user.OrganizationID)), database.UpdateTemplateAccessControlByIDParams{
 			ID:                   template.ID,
 			RequireActiveVersion: false,
 			Deprecated:           "Some deprecated message",
diff --git a/coderd/workspaceagents_test.go b/coderd/workspaceagents_test.go
@@ -912,10 +912,12 @@ func TestWorkspaceAgentReportStats(t *testing.T) {
 		require.NoError(t, err)
 
 		// nolint:gocritic // using db directly over creating a delete job
-		err = db.UpdateWorkspaceDeletedByID(dbauthz.As(context.Background(), coderdtest.AuthzUserSubject(admin)), database.UpdateWorkspaceDeletedByIDParams{
-			ID:      newWorkspace.ID,
-			Deleted: true,
-		})
+		err = db.UpdateWorkspaceDeletedByID(dbauthz.As(context.Background(),
+			coderdtest.AuthzUserSubject(admin, ownerUser.OrganizationID)),
+			database.UpdateWorkspaceDeletedByIDParams{
+				ID:      newWorkspace.ID,
+				Deleted: true,
+			})
 		require.NoError(t, err)
 
 		_, err = agentClient.PostStats(context.Background(), &agentsdk.Stats{
