From 9893360b376fc72fa57a4b39f57c5d759d52a47a Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Mon, 6 Nov 2023 12:58:56 +0000 Subject: [PATCH] fix: allow users to use quiet hours endpoint --- coderd/database/dbauthz/dbauthz.go | 10 +++++++--- enterprise/coderd/users_test.go | 20 ++++++++++++-------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/coderd/database/dbauthz/dbauthz.go b/coderd/database/dbauthz/dbauthz.go index e9f4acc0a763a..86ead4322d3ca 100644 --- a/coderd/database/dbauthz/dbauthz.go +++ b/coderd/database/dbauthz/dbauthz.go @@ -2653,10 +2653,14 @@ func (q *querier) UpdateUserProfile(ctx context.Context, arg database.UpdateUser } func (q *querier) UpdateUserQuietHoursSchedule(ctx context.Context, arg database.UpdateUserQuietHoursScheduleParams) (database.User, error) { - fetch := func(ctx context.Context, arg database.UpdateUserQuietHoursScheduleParams) (database.User, error) { - return q.db.GetUserByID(ctx, arg.ID) + u, err := q.db.GetUserByID(ctx, arg.ID) + if err != nil { + return database.User{}, err + } + if err := q.authorizeContext(ctx, rbac.ActionUpdate, u.UserDataRBACObject()); err != nil { + return database.User{}, err } - return updateWithReturn(q.log, q.auth, fetch, q.db.UpdateUserQuietHoursSchedule)(ctx, arg) + return q.db.UpdateUserQuietHoursSchedule(ctx, arg) } // UpdateUserRoles updates the site roles of a user. The validation for this function include more than diff --git a/enterprise/coderd/users_test.go b/enterprise/coderd/users_test.go index e88a3e4df55f3..1c90570c1ffc1 100644 --- a/enterprise/coderd/users_test.go +++ b/enterprise/coderd/users_test.go @@ -37,7 +37,7 @@ func TestUserQuietHours(t *testing.T) { dv.UserQuietHoursSchedule.DefaultSchedule.Set(defaultQuietHoursSchedule) dv.Experiments.Set(string(codersdk.ExperimentTemplateAutostopRequirement)) - client, user := coderdenttest.New(t, &coderdenttest.Options{ + adminClient, adminUser := coderdenttest.New(t, &coderdenttest.Options{ Options: &coderdtest.Options{ DeploymentValues: dv, }, @@ -49,6 +49,10 @@ func TestUserQuietHours(t *testing.T) { }, }) + // Do it with another user to make sure that we're not hitting RBAC + // errors. + client, user := coderdtest.CreateAnotherUser(t, adminClient, adminUser.OrganizationID) + // Get quiet hours for a user that doesn't have them set. ctx := testutil.Context(t, testutil.WaitLong) sched1, err := client.UserQuietHoursSchedule(ctx, codersdk.Me) @@ -72,7 +76,7 @@ func TestUserQuietHours(t *testing.T) { require.NoError(t, err) } - sched2, err := client.UpdateUserQuietHoursSchedule(ctx, user.UserID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{ + sched2, err := client.UpdateUserQuietHoursSchedule(ctx, user.ID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{ Schedule: customQuietHoursSchedule, }) require.NoError(t, err) @@ -83,7 +87,7 @@ func TestUserQuietHours(t *testing.T) { require.WithinDuration(t, customScheduleParsed.Next(time.Now()), sched2.Next, 15*time.Second) // Get quiet hours for a user that has them set. - sched3, err := client.UserQuietHoursSchedule(ctx, user.UserID.String()) + sched3, err := client.UserQuietHoursSchedule(ctx, user.ID.String()) require.NoError(t, err) require.Equal(t, customScheduleParsed.String(), sched3.RawSchedule) require.True(t, sched3.UserSet) @@ -92,33 +96,33 @@ func TestUserQuietHours(t *testing.T) { require.WithinDuration(t, customScheduleParsed.Next(time.Now()), sched3.Next, 15*time.Second) // Try setting a garbage schedule. - _, err = client.UpdateUserQuietHoursSchedule(ctx, user.UserID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{ + _, err = client.UpdateUserQuietHoursSchedule(ctx, user.ID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{ Schedule: "garbage", }) require.Error(t, err) require.ErrorContains(t, err, "parse daily schedule") // Try setting a non-daily schedule. - _, err = client.UpdateUserQuietHoursSchedule(ctx, user.UserID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{ + _, err = client.UpdateUserQuietHoursSchedule(ctx, user.ID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{ Schedule: "CRON_TZ=America/Chicago 0 0 * * 1", }) require.Error(t, err) require.ErrorContains(t, err, "parse daily schedule") // Try setting a schedule with a timezone that doesn't exist. - _, err = client.UpdateUserQuietHoursSchedule(ctx, user.UserID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{ + _, err = client.UpdateUserQuietHoursSchedule(ctx, user.ID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{ Schedule: "CRON_TZ=Deans/House 0 0 * * *", }) require.Error(t, err) require.ErrorContains(t, err, "parse daily schedule") // Try setting a schedule with more than one time. - _, err = client.UpdateUserQuietHoursSchedule(ctx, user.UserID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{ + _, err = client.UpdateUserQuietHoursSchedule(ctx, user.ID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{ Schedule: "CRON_TZ=America/Chicago 0 0,12 * * *", }) require.Error(t, err) require.ErrorContains(t, err, "more than one time") - _, err = client.UpdateUserQuietHoursSchedule(ctx, user.UserID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{ + _, err = client.UpdateUserQuietHoursSchedule(ctx, user.ID.String(), codersdk.UpdateUserQuietHoursScheduleRequest{ Schedule: "CRON_TZ=America/Chicago 0-30 0 * * *", }) require.Error(t, err)