cli work to show role complete

Emyrk · Emyrk · commit 1ebdd6f83ce8 · 2024-05-16T14:40:04.000-05:00
diff --git a/coderd/roles.go b/coderd/roles.go
@@ -31,8 +31,7 @@ func (api *API) AssignableSiteRoles(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	roles := rbac.SiteRoles()
-	customRoles, err := api.Database.CustomRoles(ctx, database.CustomRolesParams{
+	dbCustomRoles, err := api.Database.CustomRoles(ctx, database.CustomRolesParams{
 		// Only site wide custom roles to be included
 		ExcludeOrgRoles: true,
 	})
@@ -41,14 +40,15 @@ func (api *API) AssignableSiteRoles(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	for _, customRole := range customRoles {
+	customRoles := make([]rbac.Role, 0, len(dbCustomRoles))
+	for _, customRole := range dbCustomRoles {
 		rbacRole, err := rolestore.ConvertDBRole(customRole)
 		if err == nil {
-			roles = append(roles, rbacRole)
+			customRoles = append(customRoles, rbacRole)
 		}
 	}
 
-	httpapi.Write(ctx, rw, http.StatusOK, assignableRoles(actorRoles.Roles, roles))
+	httpapi.Write(ctx, rw, http.StatusOK, assignableRoles(actorRoles.Roles, rbac.SiteRoles(), customRoles))
 }
 
 // assignableOrgRoles returns all org wide roles that can be assigned.
@@ -72,10 +72,10 @@ func (api *API) assignableOrgRoles(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	roles := rbac.OrganizationRoles(organization.ID)
-	httpapi.Write(ctx, rw, http.StatusOK, assignableRoles(actorRoles.Roles, roles))
+	httpapi.Write(ctx, rw, http.StatusOK, assignableRoles(actorRoles.Roles, roles, []rbac.Role{}))
 }
 
-func assignableRoles(actorRoles rbac.ExpandableRoles, roles []rbac.Role) []codersdk.AssignableRoles {
+func assignableRoles(actorRoles rbac.ExpandableRoles, roles []rbac.Role, customRoles []rbac.Role) []codersdk.AssignableRoles {
 	assignable := make([]codersdk.AssignableRoles, 0)
 	for _, role := range roles {
 		// The member role is implied, and not assignable.
@@ -87,6 +87,15 @@ func assignableRoles(actorRoles rbac.ExpandableRoles, roles []rbac.Role) []coder
 		assignable = append(assignable, codersdk.AssignableRoles{
 			Role:       db2sdk.Role(role),
 			Assignable: rbac.CanAssignRole(actorRoles, role.Name),
+			BuiltIn:    true,
+		})
+	}
+
+	for _, role := range customRoles {
+		assignable = append(assignable, codersdk.AssignableRoles{
+			Role:       db2sdk.Role(role),
+			Assignable: rbac.CanAssignRole(actorRoles, role.Name),
+			BuiltIn:    false,
 		})
 	}
 	return assignable
diff --git a/codersdk/roles.go b/codersdk/roles.go
@@ -19,8 +19,10 @@ type SlimRole struct {
 }
 
 type AssignableRoles struct {
-	Role
-	Assignable bool `json:"assignable"`
+	Role       `table:"r,recursive_inline"`
+	Assignable bool `json:"assignable" table:"assignable"`
+	// BuiltIn roles are immutable
+	BuiltIn bool `json:"built_in" table:"built_in"`
 }
 
 // Permission is the format passed into the rego.
@@ -33,12 +35,12 @@ type Permission struct {
 
 // Role is a longer form of SlimRole used to edit custom roles.
 type Role struct {
-	Name            string       `json:"name"`
-	DisplayName     string       `json:"display_name"`
-	SitePermissions []Permission `json:"site_permissions"`
+	Name            string       `json:"name" table:"name,default_sort"`
+	DisplayName     string       `json:"display_name" table:"display_name"`
+	SitePermissions []Permission `json:"site_permissions" table:"site_permissions"`
 	// map[<org_id>] -> Permissions
-	OrganizationPermissions map[string][]Permission `json:"organization_permissions"`
-	UserPermissions         []Permission            `json:"user_permissions"`
+	OrganizationPermissions map[string][]Permission `json:"organization_permissions" table:"org_permissions"`
+	UserPermissions         []Permission            `json:"user_permissions" table:"user_permissions"`
 }
 
 // PatchRole will upsert a custom site wide role
diff --git a/enterprise/cli/rolescmd.go b/enterprise/cli/rolescmd.go
@@ -1,6 +1,16 @@
 package cli
 
-import "github.com/coder/serpent"
+import (
+	"fmt"
+	"slices"
+	"strings"
+
+	"golang.org/x/xerrors"
+
+	"github.com/coder/coder/v2/cli/cliui"
+	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/serpent"
+)
 
 // **NOTE** Only covers site wide roles at present. Org scoped roles maybe
 // should be nested under some command that scopes to an org??
@@ -13,21 +23,131 @@ func (r *RootCmd) roles() *serpent.Command {
 		Handler: func(inv *serpent.Invocation) error {
 			return inv.Command.HelpHandler(inv)
 		},
-		Hidden:   true,
-		Children: []*serpent.Command{},
+		Hidden: true,
+		Children: []*serpent.Command{
+			r.showRole(),
+			r.editRole(),
+		},
+	}
+	return cmd
+}
+
+func (r *RootCmd) editRole() *serpent.Command {
+	formatter := roleFormatter()
+
+	client := new(codersdk.Client)
+	cmd := &serpent.Command{
+		Use:   "edit <role_name>",
+		Short: "Edit a role",
+		Middleware: serpent.Chain(
+			serpent.RequireNArgs(1),
+			r.InitClient(client),
+		),
+		Handler: func(inv *serpent.Invocation) error {
+			ctx := inv.Context()
+			roles, err := client.ListSiteRoles(ctx)
+			if err != nil {
+				return xerrors.Errorf("listing roles: %w", err)
+			}
+
+			// Make sure the role actually exists first
+			var role codersdk.AssignableRoles
+			for _, r := range roles {
+				if strings.EqualFold(inv.Args[0], r.Name) {
+					role = r
+					break
+				}
+			}
+
+			// TODO: Allow role creation
+			if role.Name == "" {
+				return xerrors.Errorf("role %q not found", inv.Args[0])
+			}
+
+			return nil
+		},
 	}
+
+	formatter.AttachOptions(&cmd.Options)
 	return cmd
 }
 
+type assignableRolesTableRow struct {
+	Name            string `table:"name,default_sort"`
+	DisplayName     string `table:"display_name"`
+	SitePermissions string ` table:"site_permissions"`
+	// map[<org_id>] -> Permissions
+	OrganizationPermissions string `table:"org_permissions"`
+	UserPermissions         string `table:"user_permissions"`
+	Assignable              bool   `table:"assignable"`
+	BuiltIn                 bool   `table:"built_in"`
+}
+
 func (r *RootCmd) showRole() *serpent.Command {
+	formatter := roleFormatter()
+
+	client := new(codersdk.Client)
 	cmd := &serpent.Command{
-		Use:   "show",
+		Use:   "show [role_names ...]",
 		Short: "Show role(s)",
-		Handler: func(i *serpent.Invocation) error {
+		Middleware: serpent.Chain(
+			r.InitClient(client),
+		),
+		Handler: func(inv *serpent.Invocation) error {
+			ctx := inv.Context()
+			roles, err := client.ListSiteRoles(ctx)
+			if err != nil {
+				return xerrors.Errorf("listing roles: %w", err)
+			}
+
+			if len(inv.Args) > 0 {
+				// filter roles
+				filtered := make([]codersdk.AssignableRoles, 0)
+				for _, role := range roles {
+					if slices.ContainsFunc(inv.Args, func(s string) bool {
+						return strings.EqualFold(s, role.Name)
+					}) {
+						filtered = append(filtered, role)
+					}
+				}
+				roles = filtered
+			}
 
+			out, err := formatter.Format(inv.Context(), roles)
+			if err != nil {
+				return err
+			}
+
+			_, err = fmt.Fprintln(inv.Stdout, out)
 			return nil
 		},
 	}
+	formatter.AttachOptions(&cmd.Options)
 
 	return cmd
 }
+
+func roleFormatter() *cliui.OutputFormatter {
+	return cliui.NewOutputFormatter(
+		cliui.ChangeFormatterData(
+			cliui.TableFormat([]assignableRolesTableRow{}, []string{"name", "display_name", "built_in", "site_permissions", "org_permissions", "user_permissions"}),
+			func(data any) (any, error) {
+				input := data.([]codersdk.AssignableRoles)
+				rows := make([]assignableRolesTableRow, 0, len(input))
+				for _, role := range input {
+					rows = append(rows, assignableRolesTableRow{
+						Name:                    role.Name,
+						DisplayName:             role.DisplayName,
+						SitePermissions:         fmt.Sprintf("%d permissions", len(role.SitePermissions)),
+						OrganizationPermissions: fmt.Sprintf("%d organizations", len(role.OrganizationPermissions)),
+						UserPermissions:         fmt.Sprintf("%d permissions", len(role.UserPermissions)),
+						Assignable:              role.Assignable,
+						BuiltIn:                 role.BuiltIn,
+					})
+				}
+				return rows, nil
+			},
+		),
+		cliui.JSONFormat(),
+	)
+}
diff --git a/enterprise/cli/root.go b/enterprise/cli/root.go
@@ -17,6 +17,7 @@ func (r *RootCmd) enterpriseOnly() []*serpent.Command {
 		r.licenses(),
 		r.groups(),
 		r.provisionerDaemons(),
+		r.roles(),
 	}
 }
 
diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts
diff --git a/site/src/testHelpers/entities.ts b/site/src/testHelpers/entities.ts
@@ -229,40 +229,53 @@ export const MockUpdateCheck: TypesGen.UpdateCheckResponse = {
   version: "v99.999.9999+c9cdf14",
 };
 
-export const MockOwnerRole: TypesGen.SlimRole = {
+export const MockOwnerRole: TypesGen.Role = {
   name: "owner",
   display_name: "Owner",
+  site_permissions: [],
+  organization_permissions: {},
+  user_permissions: [],
 };
 
-export const MockUserAdminRole: TypesGen.SlimRole = {
+export const MockUserAdminRole: TypesGen.Role = {
   name: "user_admin",
   display_name: "User Admin",
+  site_permissions: [],
+  organization_permissions: {},
+  user_permissions: [],
 };
 
-export const MockTemplateAdminRole: TypesGen.SlimRole = {
+export const MockTemplateAdminRole: TypesGen.Role = {
   name: "template_admin",
   display_name: "Template Admin",
+  site_permissions: [],
+  organization_permissions: {},
+  user_permissions: [],
 };
 
 export const MockMemberRole: TypesGen.SlimRole = {
   name: "member",
   display_name: "Member",
 };
 
-export const MockAuditorRole: TypesGen.SlimRole = {
+export const MockAuditorRole: TypesGen.Role = {
   name: "auditor",
   display_name: "Auditor",
+  site_permissions: [],
+  organization_permissions: {},
+  user_permissions: [],
 };
 
 // assignableRole takes a role and a boolean. The boolean implies if the
 // actor can assign (add/remove) the role from other users.
 export function assignableRole(
-  role: TypesGen.SlimRole,
+  role: TypesGen.Role,
   assignable: boolean,
 ): TypesGen.AssignableRoles {
   return {
     ...role,
     assignable: assignable,
+    built_in: true,
   };
 }
 

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@ func (r RootCmd) enterpriseOnly() []serpent.Command {`
`17`	`17`	`r.licenses(),`
`18`	`18`	`r.groups(),`
`19`	`19`	`r.provisionerDaemons(),`
	`20`	`+ r.roles(),`
`20`	`21`	`}`
`21`	`22`	`}`
`22`	`23`