dbauthz and dbmem impls

coder · aslilac · May 21, 2024 · May 15, 2024 · May 15, 2024 · May 15, 2024
commit 06378e4851828d217d15e85359644c03d244c8eb
diff --git a/coderd/database/dbauthz/dbauthz.go b/coderd/database/dbauthz/dbauthz.go
@@ -21,7 +21,7 @@
 	"github.com/coder/coder/v2/coderd/database"
 	"github.com/coder/coder/v2/coderd/database/dbtime"
 	"github.com/coder/coder/v2/coderd/httpapi/httpapiconstraints"
 	"github.com/coder/coder/v2/coderd/rbac"
 	"github.com/coder/coder/v2/coderd/util/slice"
 	"github.com/coder/coder/v2/provisionersdk"
 )
@@ -115,7 +115,7 @@
 func New(db database.Store, authorizer rbac.Authorizer, logger slog.Logger, acs *atomic.Pointer[AccessControlStore]) database.Store {
 	// If the underlying db store is already a querier, return it.
 	// Do not double wrap.
 	if slices.Contains(db.Wrappers(), wrapname) {
 		return db
 	}
 	return &querier{
@@ -420,7 +420,7 @@
 		}

 		// Authorize the action
 		err = authorizer.Authorize(ctx, act, action, object.RBACObject())
 		if err != nil {
 			return empty, logNotAuthorizedError(ctx, logger, err)
 		}
@@ -914,6 +914,10 @@
 	return q.db.DeleteOldWorkspaceAgentStats(ctx)
 }
 
+func (q *querier) DeleteOrganization(ctx context.Context, id uuid.UUID) error {
+	return deleteQ[database.Organization](q.log, q.auth, q.db.GetOrganizationByID, q.db.DeleteOrganization)(ctx, id)
+}
+
 func (q *querier) DeleteReplicasUpdatedBefore(ctx context.Context, updatedAt time.Time) error {
 	if err := q.authorizeContext(ctx, policy.ActionDelete, rbac.ResourceSystem); err != nil {
 		return err
@@ -2754,7 +2758,10 @@
 }
 
 func (q *querier) UpdateOrganization(ctx context.Context, arg database.UpdateOrganizationParams) (database.Organization, error) {
-	panic("not implemented")
+	fetch := func(ctx context.Context, arg database.UpdateOrganizationParams) (database.Organization, error) {
+		return q.db.GetOrganizationByID(ctx, arg.ID)
+	}
+	return updateWithReturn(q.log, q.auth, fetch, q.db.UpdateOrganization)(ctx, arg)
 }
 
 func (q *querier) UpdateProvisionerDaemonLastSeenAt(ctx context.Context, arg database.UpdateProvisionerDaemonLastSeenAtParams) error {

diff --git a/coderd/database/dbmem/dbmem.go b/coderd/database/dbmem/dbmem.go
@@ -1573,6 +1573,16 @@ func (q *FakeQuerier) DeleteOldWorkspaceAgentStats(_ context.Context) error {
 	return nil
 }
 
+func (q *FakeQuerier) DeleteOrganization(ctx context.Context, id uuid.UUID) error {
+	for i, org := range q.organizations {
+		if org.ID == id {
+			q.organizations = append(q.organizations[:i], q.organizations[i+1:]...)
+			return nil
+		}
+	}
+	return sql.ErrNoRows
+}
+
 func (q *FakeQuerier) DeleteReplicasUpdatedBefore(_ context.Context, before time.Time) error {
 	q.mutex.Lock()
 	defer q.mutex.Unlock()
@@ -7149,7 +7159,14 @@ func (q *FakeQuerier) UpdateOrganization(ctx context.Context, arg database.Updat
 		return database.Organization{}, err
 	}
 
-	panic("not implemented")
+	for i, org := range q.organizations {
+		if org.ID == arg.ID {
+			org.Name = arg.Name
+			q.organizations[i] = org
+			return org, nil
+		}
+	}
+	return database.Organization{}, sql.ErrNoRows
 }
 
 func (q *FakeQuerier) UpdateProvisionerDaemonLastSeenAt(_ context.Context, arg database.UpdateProvisionerDaemonLastSeenAtParams) error {

diff --git a/coderd/database/dbmetrics/dbmetrics.go b/coderd/database/dbmetrics/dbmetrics.go
diff --git a/coderd/database/dbmock/dbmock.go b/coderd/database/dbmock/dbmock.go
diff --git a/coderd/database/querier.go b/coderd/database/querier.go
diff --git a/coderd/database/queries.sql.go b/coderd/database/queries.sql.go
diff --git a/coderd/database/queries/organizations.sql b/coderd/database/queries/organizations.sql
@@ -54,7 +54,6 @@ VALUES
 	-- If no organizations exist, and this is the first, make it the default.
 	($1, $2, $3, $4, $5, (SELECT TRUE FROM organizations LIMIT 1) IS NULL) RETURNING *;
 
-
 -- name: UpdateOrganization :one
 UPDATE
 	organizations
@@ -64,3 +63,10 @@ SET
 WHERE
 	id = $1
 RETURNING *;
+
+-- name: DeleteOrganization :exec
+DELETE FROM
+	organizations
+WHERE
+	id = $1 AND
+	is_default = false;
diff --git a/coderd/organizations.go b/coderd/organizations.go
@@ -129,7 +129,6 @@ func (api *API) postOrganizations(rw http.ResponseWriter, r *http.Request) {
 // @Router /organizations/{organization} [patch]
 func (api *API) patchOrganization(rw http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
-	apiKey := httpmw.APIKey(r)
 
 	var req codersdk.PatchOrganizationRequest
 	if !httpapi.Read(ctx, rw, r, &req) {

diff --git a/coderd/rbac/object.go b/coderd/rbac/object.go
@@ -1,7 +1,7 @@
 package rbac

 import (
 	"fmt"

 	"github.com/google/uuid"

@@ -36,10 +36,10 @@
 func (z Object) ValidAction(action policy.Action) error {
 	perms, ok := policy.RBACPermissions[z.Type]
 	if !ok {
-		return fmt.Errorf("invalid type %q", z.Type)
+		return xerrors.Errorf("invalid type %q", z.Type)
 	}
 	if _, ok := perms.Actions[action]; !ok {
-		return fmt.Errorf("invalid action %q for type %q", action, z.Type)
+		return xerrors.Errorf("invalid action %q for type %q", action, z.Type)
 	}
 
 	return nil

diff --git a/coderd/rbac/roles_test.go b/coderd/rbac/roles_test.go
@@ -359,7 +359,7 @@ func TestRolePermissions(t *testing.T) {
 		},
 		// Some admin style resources
 		{
-			Name:     "Licences",
+			Name:     "Licenses",
 			Actions:  []policy.Action{policy.ActionCreate, policy.ActionRead, policy.ActionDelete},
 			Resource: rbac.ResourceLicense,
 			AuthorizeMap: map[bool][]authSubject{