lloydchang
diff --git a/‎cli/server.go
Lines changed: 1 addition & 1 deletion b/‎cli/server.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 10 additions & 7 deletions b/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 10 additions & 7 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz_test.go
Lines changed: 3 additions & 3 deletions b/‎coderd/database/dbauthz/dbauthz_test.go
Lines changed: 3 additions & 3 deletions
diff --git a/‎coderd/database/dbmem/dbmem.go
Lines changed: 8 additions & 3 deletions b/‎coderd/database/dbmem/dbmem.go
Lines changed: 8 additions & 3 deletions
diff --git a/‎coderd/database/dbmetrics/querymetrics.go
Lines changed: 7 additions & 6 deletions b/‎coderd/database/dbmetrics/querymetrics.go
Lines changed: 7 additions & 6 deletions
diff --git a/‎coderd/database/dbmock/dbmock.go
Lines changed: 12 additions & 12 deletions b/‎coderd/database/dbmock/dbmock.go
Lines changed: 12 additions & 12 deletions
diff --git a/‎coderd/database/migrations/000301_system_user.down.sql
Lines changed: 4 additions & 0 deletions b/‎coderd/database/migrations/000301_system_user.down.sql
Lines changed: 4 additions & 0 deletions
diff --git a/‎coderd/database/modelqueries.go
Lines changed: 1 addition & 0 deletions b/‎coderd/database/modelqueries.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/database/querier.go
Lines changed: 3 additions & 3 deletions b/‎coderd/database/querier.go
Lines changed: 3 additions & 3 deletions
diff --git a/‎coderd/database/querier_test.go
Lines changed: 1 addition & 0 deletions b/‎coderd/database/querier_test.go
Lines changed: 1 addition & 0 deletions
@@ -1894,7 +1894,7 @@ func getGithubOAuth2ConfigParams(ctx context.Context, db database.Store, vals *c
 
 	if defaultEligibleNotSet {
 		// nolint:gocritic // User count requires system privileges
-		userCount, err := db.GetUserCount(dbauthz.AsSystemRestricted(ctx))
+		userCount, err := db.GetUserCount(dbauthz.AsSystemRestricted(ctx), false)
 		if err != nil {
 			return nil, xerrors.Errorf("get user count: %w", err)
 		}
 
@@ -1084,13 +1084,13 @@ func (q *querier) ActivityBumpWorkspace(ctx context.Context, arg database.Activi
 	return update(q.log, q.auth, fetch, q.db.ActivityBumpWorkspace)(ctx, arg)
 }
 
-func (q *querier) AllUserIDs(ctx context.Context) ([]uuid.UUID, error) {
+func (q *querier) AllUserIDs(ctx context.Context, includeSystem bool) ([]uuid.UUID, error) {
 	// Although this technically only reads users, only system-related functions should be
 	// allowed to call this.
 	if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceSystem); err != nil {
 		return nil, err
 	}
-	return q.db.AllUserIDs(ctx)
+	return q.db.AllUserIDs(ctx, includeSystem)
 }
 
 func (q *querier) ArchiveUnusedTemplateVersions(ctx context.Context, arg database.ArchiveUnusedTemplateVersionsParams) ([]uuid.UUID, error) {
@@ -1343,7 +1343,10 @@ func (q *querier) DeleteOldWorkspaceAgentStats(ctx context.Context) error {
 
 func (q *querier) DeleteOrganizationMember(ctx context.Context, arg database.DeleteOrganizationMemberParams) error {
 	return deleteQ[database.OrganizationMember](q.log, q.auth, func(ctx context.Context, arg database.DeleteOrganizationMemberParams) (database.OrganizationMember, error) {
-		member, err := database.ExpectOne(q.OrganizationMembers(ctx, database.OrganizationMembersParams(arg)))
+		member, err := database.ExpectOne(q.OrganizationMembers(ctx, database.OrganizationMembersParams{
+			OrganizationID: arg.OrganizationID,
+			UserID:         arg.UserID,
+		}))
 		if err != nil {
 			return database.OrganizationMember{}, err
 		}
@@ -1529,11 +1532,11 @@ func (q *querier) GetAPIKeysLastUsedAfter(ctx context.Context, lastUsed time.Tim
 	return fetchWithPostFilter(q.auth, policy.ActionRead, q.db.GetAPIKeysLastUsedAfter)(ctx, lastUsed)
 }
 
-func (q *querier) GetActiveUserCount(ctx context.Context) (int64, error) {
+func (q *querier) GetActiveUserCount(ctx context.Context, includeSystem bool) (int64, error) {
 	if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceSystem); err != nil {
 		return 0, err
 	}
-	return q.db.GetActiveUserCount(ctx)
+	return q.db.GetActiveUserCount(ctx, includeSystem)
 }
 
 func (q *querier) GetActiveWorkspaceBuildsByTemplateID(ctx context.Context, templateID uuid.UUID) ([]database.WorkspaceBuild, error) {
@@ -2557,11 +2560,11 @@ func (q *querier) GetUserByID(ctx context.Context, id uuid.UUID) (database.User,
 	return fetch(q.log, q.auth, q.db.GetUserByID)(ctx, id)
 }
 
-func (q *querier) GetUserCount(ctx context.Context) (int64, error) {
+func (q *querier) GetUserCount(ctx context.Context, includeSystem bool) (int64, error) {
 	if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceSystem); err != nil {
 		return 0, err
 	}
-	return q.db.GetUserCount(ctx)
+	return q.db.GetUserCount(ctx, includeSystem)
 }
 
 func (q *querier) GetUserLatencyInsights(ctx context.Context, arg database.GetUserLatencyInsightsParams) ([]database.GetUserLatencyInsightsRow, error) {
 
@@ -1664,7 +1664,7 @@ func (s *MethodTestSuite) TestUser() {
 	s.Run("AllUserIDs", s.Subtest(func(db database.Store, check *expects) {
 		a := dbgen.User(s.T(), db, database.User{})
 		b := dbgen.User(s.T(), db, database.User{})
-		check.Args().Asserts(rbac.ResourceSystem, policy.ActionRead).Returns(slice.New(a.ID, b.ID))
+		check.Args(false).Asserts(rbac.ResourceSystem, policy.ActionRead).Returns(slice.New(a.ID, b.ID))
 	}))
 	s.Run("CustomRoles", s.Subtest(func(db database.Store, check *expects) {
 		check.Args(database.CustomRolesParams{}).Asserts(rbac.ResourceAssignRole, policy.ActionRead).Returns([]database.CustomRole{})
@@ -3649,7 +3649,7 @@ func (s *MethodTestSuite) TestSystemFunctions() {
 		check.Args().Asserts(rbac.ResourceSystem, policy.ActionRead)
 	}))
 	s.Run("GetActiveUserCount", s.Subtest(func(db database.Store, check *expects) {
-		check.Args().Asserts(rbac.ResourceSystem, policy.ActionRead).Returns(int64(0))
+		check.Args(false).Asserts(rbac.ResourceSystem, policy.ActionRead).Returns(int64(0))
 	}))
 	s.Run("GetUnexpiredLicenses", s.Subtest(func(db database.Store, check *expects) {
 		check.Args().Asserts(rbac.ResourceSystem, policy.ActionRead)
@@ -3692,7 +3692,7 @@ func (s *MethodTestSuite) TestSystemFunctions() {
 		check.Args(time.Now().Add(time.Hour*-1)).Asserts(rbac.ResourceSystem, policy.ActionRead)
 	}))
 	s.Run("GetUserCount", s.Subtest(func(db database.Store, check *expects) {
-		check.Args().Asserts(rbac.ResourceSystem, policy.ActionRead).Returns(int64(0))
+		check.Args(false).Asserts(rbac.ResourceSystem, policy.ActionRead).Returns(int64(0))
 	}))
 	s.Run("GetTemplates", s.Subtest(func(db database.Store, check *expects) {
 		dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
 
@@ -1549,7 +1549,7 @@ func (q *FakeQuerier) ActivityBumpWorkspace(ctx context.Context, arg database.Ac
 	return sql.ErrNoRows
 }
 
-func (q *FakeQuerier) AllUserIDs(_ context.Context) ([]uuid.UUID, error) {
+func (q *FakeQuerier) AllUserIDs(_ context.Context, includeSystem bool) ([]uuid.UUID, error) {
 	q.mutex.RLock()
 	defer q.mutex.RUnlock()
 	userIDs := make([]uuid.UUID, 0, len(q.users))
@@ -2644,7 +2644,7 @@ func (q *FakeQuerier) GetAPIKeysLastUsedAfter(_ context.Context, after time.Time
 	return apiKeys, nil
 }
 
-func (q *FakeQuerier) GetActiveUserCount(_ context.Context) (int64, error) {
+func (q *FakeQuerier) GetActiveUserCount(_ context.Context, includeSystem bool) (int64, error) {
 	q.mutex.RLock()
 	defer q.mutex.RUnlock()
 
@@ -6200,7 +6200,8 @@ func (q *FakeQuerier) GetUserByID(_ context.Context, id uuid.UUID) (database.Use
 	return q.getUserByIDNoLock(id)
 }
 
-func (q *FakeQuerier) GetUserCount(_ context.Context) (int64, error) {
+// nolint:revive // Not a control flag; used for filtering.
+func (q *FakeQuerier) GetUserCount(_ context.Context, includeSystem bool) (int64, error) {
 	q.mutex.RLock()
 	defer q.mutex.RUnlock()
 
@@ -6209,6 +6210,10 @@ func (q *FakeQuerier) GetUserCount(_ context.Context) (int64, error) {
 		if !u.Deleted {
 			existing++
 		}
+
+		if !includeSystem && u.IsSystem.Valid && u.IsSystem.Bool {
+			continue
+		}
 	}
 	return existing, nil
 }
 
@@ -9,6 +9,10 @@ DROP TRIGGER IF EXISTS prevent_system_user_deletions ON users;
 -- Drop function
 DROP FUNCTION IF EXISTS prevent_system_user_changes();
 
+-- Delete user status changes
+DELETE FROM user_status_changes
+WHERE user_id = 'c42fdf75-3097-471c-8c33-fb52454d81c0';
+
 -- Delete system user
 DELETE FROM users
 WHERE id = 'c42fdf75-3097-471c-8c33-fb52454d81c0';
 
@@ -393,6 +393,7 @@ func (q *sqlQuerier) GetAuthorizedUsers(ctx context.Context, arg GetUsersParams,
 		arg.LastSeenAfter,
 		arg.CreatedBefore,
 		arg.CreatedAfter,
+		arg.IncludeSystem,
 		arg.OffsetOpt,
 		arg.LimitOpt,
 	)
 
@@ -15,6 +15,7 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"cdr.dev/slog/sloggers/slogtest"
+
 	"github.com/coder/coder/v2/coderd/coderdtest"
 	"github.com/coder/coder/v2/coderd/database"
 	"github.com/coder/coder/v2/coderd/database/db2sdk"
Original file line number	Diff line number	Diff line change
`@@ -1894,7 +1894,7 @@ func getGithubOAuth2ConfigParams(ctx context.Context, db database.Store, vals *c`
`1894`	`1894`
`1895`	`1895`	`if defaultEligibleNotSet {`
`1896`	`1896`	`// nolint:gocritic // User count requires system privileges`
`1897`		`- userCount, err := db.GetUserCount(dbauthz.AsSystemRestricted(ctx))`
	`1897`	`+ userCount, err := db.GetUserCount(dbauthz.AsSystemRestricted(ctx), false)`
`1898`	`1898`	`if err != nil {`
`1899`	`1899`	`return nil, xerrors.Errorf("get user count: %w", err)`
`1900`	`1900`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1084,13 +1084,13 @@ func (q *querier) ActivityBumpWorkspace(ctx context.Context, arg database.Activi`
`1084`	`1084`	`return update(q.log, q.auth, fetch, q.db.ActivityBumpWorkspace)(ctx, arg)`
`1085`	`1085`	`}`
`1086`	`1086`
`1087`		`-func (q *querier) AllUserIDs(ctx context.Context) ([]uuid.UUID, error) {`
	`1087`	`+func (q *querier) AllUserIDs(ctx context.Context, includeSystem bool) ([]uuid.UUID, error) {`
`1088`	`1088`	`// Although this technically only reads users, only system-related functions should be`
`1089`	`1089`	`// allowed to call this.`
`1090`	`1090`	`if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceSystem); err != nil {`
`1091`	`1091`	`return nil, err`
`1092`	`1092`	`}`
`1093`		`- return q.db.AllUserIDs(ctx)`
	`1093`	`+ return q.db.AllUserIDs(ctx, includeSystem)`
`1094`	`1094`	`}`
`1095`	`1095`
`1096`	`1096`	`func (q *querier) ArchiveUnusedTemplateVersions(ctx context.Context, arg database.ArchiveUnusedTemplateVersionsParams) ([]uuid.UUID, error) {`
`@@ -1343,7 +1343,10 @@ func (q *querier) DeleteOldWorkspaceAgentStats(ctx context.Context) error {`
`1343`	`1343`
`1344`	`1344`	`func (q *querier) DeleteOrganizationMember(ctx context.Context, arg database.DeleteOrganizationMemberParams) error {`
`1345`	`1345`	`return deleteQ[database.OrganizationMember](q.log, q.auth, func(ctx context.Context, arg database.DeleteOrganizationMemberParams) (database.OrganizationMember, error) {`
`1346`		`- member, err := database.ExpectOne(q.OrganizationMembers(ctx, database.OrganizationMembersParams(arg)))`
	`1346`	`+ member, err := database.ExpectOne(q.OrganizationMembers(ctx, database.OrganizationMembersParams{`
	`1347`	`+ OrganizationID: arg.OrganizationID,`
	`1348`	`+ UserID: arg.UserID,`
	`1349`	`+ }))`
`1347`	`1350`	`if err != nil {`
`1348`	`1351`	`return database.OrganizationMember{}, err`
`1349`	`1352`	`}`
`@@ -1529,11 +1532,11 @@ func (q *querier) GetAPIKeysLastUsedAfter(ctx context.Context, lastUsed time.Tim`
`1529`	`1532`	`return fetchWithPostFilter(q.auth, policy.ActionRead, q.db.GetAPIKeysLastUsedAfter)(ctx, lastUsed)`
`1530`	`1533`	`}`
`1531`	`1534`
`1532`		`-func (q *querier) GetActiveUserCount(ctx context.Context) (int64, error) {`
	`1535`	`+func (q *querier) GetActiveUserCount(ctx context.Context, includeSystem bool) (int64, error) {`
`1533`	`1536`	`if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceSystem); err != nil {`
`1534`	`1537`	`return 0, err`
`1535`	`1538`	`}`
`1536`		`- return q.db.GetActiveUserCount(ctx)`
	`1539`	`+ return q.db.GetActiveUserCount(ctx, includeSystem)`
`1537`	`1540`	`}`
`1538`	`1541`
`1539`	`1542`	`func (q *querier) GetActiveWorkspaceBuildsByTemplateID(ctx context.Context, templateID uuid.UUID) ([]database.WorkspaceBuild, error) {`
`@@ -2557,11 +2560,11 @@ func (q *querier) GetUserByID(ctx context.Context, id uuid.UUID) (database.User,`
`2557`	`2560`	`return fetch(q.log, q.auth, q.db.GetUserByID)(ctx, id)`
`2558`	`2561`	`}`
`2559`	`2562`
`2560`		`-func (q *querier) GetUserCount(ctx context.Context) (int64, error) {`
	`2563`	`+func (q *querier) GetUserCount(ctx context.Context, includeSystem bool) (int64, error) {`
`2561`	`2564`	`if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceSystem); err != nil {`
`2562`	`2565`	`return 0, err`
`2563`	`2566`	`}`
`2564`		`- return q.db.GetUserCount(ctx)`
	`2567`	`+ return q.db.GetUserCount(ctx, includeSystem)`
`2565`	`2568`	`}`
`2566`	`2569`
`2567`	`2570`	`func (q *querier) GetUserLatencyInsights(ctx context.Context, arg database.GetUserLatencyInsightsParams) ([]database.GetUserLatencyInsightsRow, error) {`
Original file line number	Diff line number	Diff line change
`@@ -1549,7 +1549,7 @@ func (q *FakeQuerier) ActivityBumpWorkspace(ctx context.Context, arg database.Ac`
`1549`	`1549`	`return sql.ErrNoRows`
`1550`	`1550`	`}`
`1551`	`1551`
`1552`		`-func (q *FakeQuerier) AllUserIDs(_ context.Context) ([]uuid.UUID, error) {`
	`1552`	`+func (q *FakeQuerier) AllUserIDs(_ context.Context, includeSystem bool) ([]uuid.UUID, error) {`
`1553`	`1553`	`q.mutex.RLock()`
`1554`	`1554`	`defer q.mutex.RUnlock()`
`1555`	`1555`	`userIDs := make([]uuid.UUID, 0, len(q.users))`
`@@ -2644,7 +2644,7 @@ func (q *FakeQuerier) GetAPIKeysLastUsedAfter(_ context.Context, after time.Time`
`2644`	`2644`	`return apiKeys, nil`
`2645`	`2645`	`}`
`2646`	`2646`
`2647`		`-func (q *FakeQuerier) GetActiveUserCount(_ context.Context) (int64, error) {`
	`2647`	`+func (q *FakeQuerier) GetActiveUserCount(_ context.Context, includeSystem bool) (int64, error) {`
`2648`	`2648`	`q.mutex.RLock()`
`2649`	`2649`	`defer q.mutex.RUnlock()`
`2650`	`2650`
`@@ -6200,7 +6200,8 @@ func (q *FakeQuerier) GetUserByID(_ context.Context, id uuid.UUID) (database.Use`
`6200`	`6200`	`return q.getUserByIDNoLock(id)`
`6201`	`6201`	`}`
`6202`	`6202`
`6203`		`-func (q *FakeQuerier) GetUserCount(_ context.Context) (int64, error) {`
	`6203`	`+// nolint:revive // Not a control flag; used for filtering.`
	`6204`	`+func (q *FakeQuerier) GetUserCount(_ context.Context, includeSystem bool) (int64, error) {`
`6204`	`6205`	`q.mutex.RLock()`
`6205`	`6206`	`defer q.mutex.RUnlock()`
`6206`	`6207`
`@@ -6209,6 +6210,10 @@ func (q *FakeQuerier) GetUserCount(_ context.Context) (int64, error) {`
`6209`	`6210`	`if !u.Deleted {`
`6210`	`6211`	`existing++`
`6211`	`6212`	`}`
	`6213`	`+`
	`6214`	`+ if !includeSystem && u.IsSystem.Valid && u.IsSystem.Bool {`
	`6215`	`+ continue`
	`6216`	`+ }`
`6212`	`6217`	`}`
`6213`	`6218`	`return existing, nil`
`6214`	`6219`	`}`
Original file line number	Diff line number	Diff line change
`@@ -393,6 +393,7 @@ func (q *sqlQuerier) GetAuthorizedUsers(ctx context.Context, arg GetUsersParams,`
`393`	`393`	`arg.LastSeenAfter,`
`394`	`394`	`arg.CreatedBefore,`
`395`	`395`	`arg.CreatedAfter,`
	`396`	`+ arg.IncludeSystem,`
`396`	`397`	`arg.OffsetOpt,`
`397`	`398`	`arg.LimitOpt,`
`398`	`399`	`)`