Skip to content

Commit 1ff534f

Browse files
EmyrkEmyrk
committed
chore: add organization id to custom_roles
1 parent 3617e39 commit 1ff534f

File tree

20 files changed

+192
-45
lines changed

20 files changed

+192
-45
lines changed

coderd/database/dbauthz/dbauthz.go

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -835,11 +835,12 @@ func (q *querier) CleanTailnetTunnels(ctx context.Context) error {
835835
return q.db.CleanTailnetTunnels(ctx)
836836
}
837837

838-
func (q *querier) CustomRolesByName(ctx context.Context, lookupRoles []string) ([]database.CustomRole, error) {
838+
// TODO: Handle org scoped lookups
839+
func (q *querier) CustomRoles(ctx context.Context, arg database.CustomRolesParams) ([]database.CustomRole, error) {
839840
if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceAssignRole); err != nil {
840841
return nil, err
841842
}
842-
return q.db.CustomRolesByName(ctx, lookupRoles)
843+
return q.db.CustomRoles(ctx, arg)
843844
}
844845

845846
func (q *querier) DeleteAPIKeyByID(ctx context.Context, id string) error {

coderd/database/dbauthz/dbauthz_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1167,8 +1167,8 @@ func (s *MethodTestSuite) TestUser() {
11671167
b := dbgen.User(s.T(), db, database.User{})
11681168
check.Args().Asserts(rbac.ResourceSystem, policy.ActionRead).Returns(slice.New(a.ID, b.ID))
11691169
}))
1170-
s.Run("CustomRolesByName", s.Subtest(func(db database.Store, check *expects) {
1171-
check.Args([]string{}).Asserts(rbac.ResourceAssignRole, policy.ActionRead).Returns([]database.CustomRole{})
1170+
s.Run("CustomRoles", s.Subtest(func(db database.Store, check *expects) {
1171+
check.Args(database.CustomRolesParams{}).Asserts(rbac.ResourceAssignRole, policy.ActionRead).Returns([]database.CustomRole{})
11721172
}))
11731173
s.Run("Blank/UpsertCustomRole", s.Subtest(func(db database.Store, check *expects) {
11741174
// Blank is no perms in the role

coderd/database/dbmem/dbmem.go

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1174,18 +1174,26 @@ func (*FakeQuerier) CleanTailnetTunnels(context.Context) error {
11741174
return ErrUnimplemented
11751175
}
11761176

1177-
func (q *FakeQuerier) CustomRolesByName(_ context.Context, lookupRoles []string) ([]database.CustomRole, error) {
1177+
func (q *FakeQuerier) CustomRoles(_ context.Context, arg database.CustomRolesParams) ([]database.CustomRole, error) {
11781178
q.mutex.Lock()
11791179
defer q.mutex.Unlock()
11801180

11811181
found := make([]database.CustomRole, 0)
11821182
for _, role := range q.data.customRoles {
1183-
if slices.ContainsFunc(lookupRoles, func(s string) bool {
1184-
return strings.EqualFold(s, role.Name)
1185-
}) {
1186-
role := role
1187-
found = append(found, role)
1183+
if len(arg.LookupRoles) > 0 {
1184+
if !slices.ContainsFunc(arg.LookupRoles, func(s string) bool {
1185+
return strings.EqualFold(s, role.Name)
1186+
}) {
1187+
continue
1188+
}
11881189
}
1190+
1191+
if arg.ExcludeOrgRoles && role.OrganizationID.Valid {
1192+
continue
1193+
}
1194+
1195+
role := role
1196+
found = append(found, role)
11891197
}
11901198

11911199
return found, nil

coderd/database/dbmetrics/dbmetrics.go

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/dbmock/dbmock.go

Lines changed: 6 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/dump.sql

Lines changed: 4 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/migrations/000210_custom_role_orgs.down.sql

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
ALTER TABLE custom_roles
2+
-- This column is nullable, meaning no organization scope
3+
DROP COLUMN organization_id;

coderd/database/migrations/000210_custom_role_orgs.up.sql

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
ALTER TABLE custom_roles
2+
-- This column is nullable, meaning no organization scope
3+
ADD COLUMN organization_id uuid;
4+
5+
COMMENT ON COLUMN custom_roles.organization_id IS 'Roles can optionally be scoped to an organization'

coderd/database/models.go

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/querier.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)