Skip to content

feat: Allow user to cancel workspace jobs #5115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 19 commits into from
Nov 21, 2022
Merged

feat: Allow user to cancel workspace jobs #5115

Changes from 1 commit
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
4dcbf5c
Add database column allow_user_cancel_workspace_jobs
mtojek Nov 17, 2022
400413e
Adjust API
mtojek Nov 17, 2022
7f8dcaa
site: typesGenerated.ts
mtojek Nov 17, 2022
3f76534
Expose template.allow_ in Workspaces API
mtojek Nov 17, 2022
64b8bf3
Fix: site tests
mtojek Nov 17, 2022
73431c9
Fix: make fmt/prettier
mtojek Nov 17, 2022
ba5c06b
Fix: enterprise
mtojek Nov 17, 2022
9be6b1f
Database tests
mtojek Nov 17, 2022
8579883
Add CLI tests
mtojek Nov 17, 2022
3fe5bef
Add checkbox
mtojek Nov 17, 2022
9a303b5
i18n
mtojek Nov 17, 2022
ba443eb
Logic: block cancelling
mtojek Nov 18, 2022
7d36b2d
Unit tests for conditional cancel
mtojek Nov 18, 2022
472fee8
Fix: message
mtojek Nov 18, 2022
056894a
Merge branch 'main' into 5035-allow-user-cancel
mtojek Nov 18, 2022
4ec5aab
Address PR comment
mtojek Nov 18, 2022
c215f5a
Address PR comments
mtojek Nov 21, 2022
69c544f
Merge branch 'main' into 5035-allow-user-cancel
mtojek Nov 21, 2022
4e5ee76
Fix: make
mtojek Nov 21, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Logic: block cancelling
  • Loading branch information
@mtojek
mtojek committed Nov 18, 2022
commit ba443ebdb22856c1fb17345fa11c4783515b87be
37 changes: 37 additions & 0 deletions coderd/workspacebuilds.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,11 @@ import (
"github.com/coder/coder/codersdk"
)

var (
errTemplateNotExists = xerrors.New("No template exists for this workspace")
errUserNotExists = xerrors.New("User does not exist")
)

func (api *API) workspaceBuild(rw http.ResponseWriter, r *http.Request) {
ctx := r.Context()
workspaceBuild := httpmw.WorkspaceBuildParam(r)
Expand Down Expand Up @@ -599,6 +604,21 @@ func (api *API) patchCancelWorkspaceBuild(rw http.ResponseWriter, r *http.Reques
return
}

valid, err := api.verifyUserCanCancelWorkspaceBuilds(ctx, httpmw.APIKey(r).UserID, workspace.TemplateID)
if err != nil {
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: Both errors returned by verify seem like known states and caused by a user doing a nonsense request (vs. server making a mistake), maybe unauthorized would be a good response?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unauthorized might be misleading while debugging potential customer issues. In theory, we don't expect an invalid user or an invalid template, and it doesn't look possible that the user passes it, hence an internal error.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good points. After a second look I agree, didn't look closely enough at the inputs at first. 👍🏻

Message: "Internal error verifying permission to cancel workspace build.",
Detail: err.Error(),
})
return
}
if !valid {
httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{
Message: "User is not allowed cancel workspace builds. Owner role is required.",
})
return
}

job, err := api.Database.GetProvisionerJobByID(ctx, workspaceBuild.JobID)
if err != nil {
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
Expand Down Expand Up @@ -646,6 +666,23 @@ func (api *API) patchCancelWorkspaceBuild(rw http.ResponseWriter, r *http.Reques
})
}

func (api *API) verifyUserCanCancelWorkspaceBuilds(ctx context.Context, userID uuid.UUID, templateID uuid.UUID) (bool, error) {
template, err := api.Database.GetTemplateByID(ctx, templateID)
if err != nil {
return false, errTemplateNotExists
}

if template.AllowUserCancelWorkspaceJobs {
return true, nil // all users can cancel workspace builds
}

user, err := api.Database.GetUserByID(ctx, userID)
if err != nil {
return false, errUserNotExists
}
return slices.Contains(user.RBACRoles, rbac.RoleOwner()), nil // only user with "owner" role can cancel workspace builds
}

func (api *API) workspaceBuildResources(rw http.ResponseWriter, r *http.Request) {
ctx := r.Context()
workspaceBuild := httpmw.WorkspaceBuildParam(r)
Expand Down