Skip to content

fix: No org admins until organizations are in the UI #5414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Dec 14, 2022
Merged

fix: No org admins until organizations are in the UI #5414

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c5c9752
fix: No org admins until organizations are in the UI
Emyrk Dec 14, 2022
702e9ce
Add migration
Emyrk Dec 14, 2022
7882580
Only affect admins
Emyrk Dec 14, 2022
44f860a
Update initial roles test
Emyrk Dec 14, 2022
d2ec7d7
Remove test that is no longer valid
Emyrk Dec 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Empty file added coderd/database/migrations/000086_no_org_admins.down.sql
View file
Open in desktop
Empty file.
6 changes: 6 additions & 0 deletions coderd/database/migrations/000086_no_org_admins.up.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
UPDATE
organization_members
SET
roles = ARRAY [] :: text[]
WHERE
'organization-admin:'||organization_id = ANY(roles);
6 changes: 5 additions & 1 deletion coderd/organizations.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,11 @@ func (api *API) postOrganizations(rw http.ResponseWriter, r *http.Request) {
CreatedAt: database.Now(),
UpdatedAt: database.Now(),
Roles: []string{
rbac.RoleOrgAdmin(organization.ID),
// TODO: When organizations are allowed to be created, we should
// come back to determining the default role of the person who
// creates the org. Until that happens, all users in an organization
// should be just regular members.
rbac.RoleOrgMember(organization.ID),
},
})
if err != nil {
Expand Down
6 changes: 5 additions & 1 deletion coderd/users.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1071,7 +1071,11 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create
return xerrors.Errorf("create organization: %w", err)
}
req.OrganizationID = organization.ID
orgRoles = append(orgRoles, rbac.RoleOrgAdmin(req.OrganizationID))
// TODO: When organizations are allowed to be created, we should
// come back to determining the default role of the person who
// creates the org. Until that happens, all users in an organization
// should be just regular members.
orgRoles = append(orgRoles, rbac.RoleOrgMember(req.OrganizationID))

_, err = tx.InsertAllUsersGroup(ctx, organization.ID)
if err != nil {
Expand Down
11 changes: 1 addition & 10 deletions coderd/users_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -817,15 +817,6 @@ func TestGrantSiteRoles(t *testing.T) {
Error: true,
StatusCode: http.StatusForbidden,
},
{
Name: "MemberAssignMember",
Client: member,
OrgID: first.OrganizationID,
AssignToUser: first.UserID.String(),
Roles: []string{},
Error: true,
StatusCode: http.StatusForbidden,
},
{
Name: "AdminUpdateOrgSelf",
Client: admin,
Expand Down Expand Up @@ -921,7 +912,7 @@ func TestInitialRoles(t *testing.T) {
}, "should be a member and admin")

require.ElementsMatch(t, roles.OrganizationRoles[first.OrganizationID], []string{
rbac.RoleOrgAdmin(first.OrganizationID),
rbac.RoleOrgMember(first.OrganizationID),
}, "should be a member and admin")
}

Expand Down