Skip to content

Commit cf93307

Browse files
committed
chore: deprecate scoped org role names from the rbac package
Fixing all the test apis to remove this is a lot of work for little return atm.
1 parent 356099b commit cf93307

21 files changed

+81
-75
lines changed

cli/server_createadminuser.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -222,7 +222,7 @@ func (r *RootCmd) newCreateAdminUserCommand() *serpent.Command {
222222
UserID: newUser.ID,
223223
CreatedAt: dbtime.Now(),
224224
UpdatedAt: dbtime.Now(),
225-
Roles: []string{rbac.RoleOrgAdmin(org.ID)},
225+
Roles: []string{rbac.ScopedRoleOrgAdmin(org.ID)},
226226
})
227227
if err != nil {
228228
return xerrors.Errorf("insert organization member: %w", err)

cli/server_createadminuser_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ func TestServerCreateAdminUser(t *testing.T) {
7171
orgIDs2 := make(map[uuid.UUID]struct{}, len(orgMemberships))
7272
for _, membership := range orgMemberships {
7373
orgIDs2[membership.OrganizationID] = struct{}{}
74-
assert.Equal(t, []string{rbac.RoleOrgAdmin(membership.OrganizationID)}, membership.Roles, "user is not org admin")
74+
assert.Equal(t, []string{rbac.ScopedRoleOrgAdmin(membership.OrganizationID)}, membership.Roles, "user is not org admin")
7575
}
7676

7777
require.Equal(t, orgIDs, orgIDs2, "user is not in all orgs")

coderd/authorize_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ func TestCheckPermissions(t *testing.T) {
2727
memberClient, _ := coderdtest.CreateAnotherUser(t, adminClient, adminUser.OrganizationID)
2828
memberUser, err := memberClient.User(ctx, codersdk.Me)
2929
require.NoError(t, err)
30-
orgAdminClient, _ := coderdtest.CreateAnotherUser(t, adminClient, adminUser.OrganizationID, rbac.RoleOrgAdmin(adminUser.OrganizationID))
30+
orgAdminClient, _ := coderdtest.CreateAnotherUser(t, adminClient, adminUser.OrganizationID, rbac.ScopedRoleOrgAdmin(adminUser.OrganizationID))
3131
orgAdminUser, err := orgAdminClient.User(ctx, codersdk.Me)
3232
require.NoError(t, err)
3333

coderd/batchstats/batcher_internal_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,7 @@ func setupDeps(t *testing.T, store database.Store, ps pubsub.Pubsub) deps {
177177
_, err := store.InsertOrganizationMember(context.Background(), database.InsertOrganizationMemberParams{
178178
OrganizationID: org.ID,
179179
UserID: user.ID,
180-
Roles: []string{rbac.RoleOrgMember(org.ID)},
180+
Roles: []string{rbac.ScopedRoleOrgMember(org.ID)},
181181
})
182182
require.NoError(t, err)
183183
tv := dbgen.TemplateVersion(t, store, database.TemplateVersion{

coderd/coderdtest/coderdtest.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -681,7 +681,7 @@ func AuthzUserSubject(user codersdk.User, orgID uuid.UUID) rbac.Subject {
681681
roles = append(roles, r.Name)
682682
}
683683
// We assume only 1 org exists
684-
roles = append(roles, rbac.RoleOrgMember(orgID))
684+
roles = append(roles, rbac.ScopedRoleOrgMember(orgID))
685685

686686
return rbac.Subject{
687687
ID: user.ID.String(),

coderd/database/dbauthz/customroles_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -153,7 +153,7 @@ func TestUpsertCustomRoles(t *testing.T) {
153153
UUID: uuid.New(),
154154
Valid: true,
155155
},
156-
subject: merge(canAssignRole, rbac.RoleOrgAdmin(orgID.UUID)),
156+
subject: merge(canAssignRole, rbac.ScopedRoleOrgAdmin(orgID.UUID)),
157157
org: codersdk.CreatePermissions(map[codersdk.RBACResource][]codersdk.RBACAction{
158158
codersdk.ResourceWorkspace: {codersdk.ActionRead},
159159
}),
@@ -162,7 +162,7 @@ func TestUpsertCustomRoles(t *testing.T) {
162162
{
163163
name: "user-escalation",
164164
// These roles do not grant user perms
165-
subject: merge(canAssignRole, rbac.RoleOrgAdmin(orgID.UUID)),
165+
subject: merge(canAssignRole, rbac.ScopedRoleOrgAdmin(orgID.UUID)),
166166
user: codersdk.CreatePermissions(map[codersdk.RBACResource][]codersdk.RBACAction{
167167
codersdk.ResourceWorkspace: {codersdk.ActionRead},
168168
}),
@@ -190,7 +190,7 @@ func TestUpsertCustomRoles(t *testing.T) {
190190
},
191191
{
192192
name: "read-workspace-in-org",
193-
subject: merge(canAssignRole, rbac.RoleOrgAdmin(orgID.UUID)),
193+
subject: merge(canAssignRole, rbac.ScopedRoleOrgAdmin(orgID.UUID)),
194194
organizationID: orgID,
195195
org: codersdk.CreatePermissions(map[codersdk.RBACResource][]codersdk.RBACAction{
196196
codersdk.ResourceWorkspace: {codersdk.ActionRead},

coderd/database/dbauthz/dbauthz.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2472,7 +2472,7 @@ func (q *querier) InsertOrganization(ctx context.Context, arg database.InsertOrg
24722472

24732473
func (q *querier) InsertOrganizationMember(ctx context.Context, arg database.InsertOrganizationMemberParams) (database.OrganizationMember, error) {
24742474
// All roles are added roles. Org member is always implied.
2475-
addedRoles := append(arg.Roles, rbac.RoleOrgMember(arg.OrganizationID))
2475+
addedRoles := append(arg.Roles, rbac.ScopedRoleOrgMember(arg.OrganizationID))
24762476
err := q.canAssignRoles(ctx, &arg.OrganizationID, addedRoles, []string{})
24772477
if err != nil {
24782478
return database.OrganizationMember{}, err
@@ -2862,7 +2862,7 @@ func (q *querier) UpdateMemberRoles(ctx context.Context, arg database.UpdateMemb
28622862
}
28632863

28642864
// The org member role is always implied.
2865-
impliedTypes := append(scopedGranted, rbac.RoleOrgMember(arg.OrgID))
2865+
impliedTypes := append(scopedGranted, rbac.ScopedRoleOrgMember(arg.OrgID))
28662866
added, removed := rbac.ChangeRoleSet(member.Roles, impliedTypes)
28672867
err = q.canAssignRoles(ctx, &arg.OrgID, added, removed)
28682868
if err != nil {

coderd/database/dbauthz/dbauthz_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -636,7 +636,7 @@ func (s *MethodTestSuite) TestOrganization() {
636636
check.Args(database.InsertOrganizationMemberParams{
637637
OrganizationID: o.ID,
638638
UserID: u.ID,
639-
Roles: []string{rbac.RoleOrgAdmin(o.ID)},
639+
Roles: []string{rbac.ScopedRoleOrgAdmin(o.ID)},
640640
}).Asserts(
641641
rbac.ResourceAssignRole.InOrg(o.ID), policy.ActionAssign,
642642
rbac.ResourceOrganizationMember.InOrg(o.ID).WithID(u.ID), policy.ActionCreate)
@@ -664,7 +664,7 @@ func (s *MethodTestSuite) TestOrganization() {
664664
mem := dbgen.OrganizationMember(s.T(), db, database.OrganizationMember{
665665
OrganizationID: o.ID,
666666
UserID: u.ID,
667-
Roles: []string{rbac.RoleOrgAdmin(o.ID)},
667+
Roles: []string{rbac.ScopedRoleOrgAdmin(o.ID)},
668668
})
669669
out := mem
670670
out.Roles = []string{}

coderd/httpmw/authorize_test.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ func TestExtractUserRoles(t *testing.T) {
6868
Roles: orgRoles,
6969
})
7070
require.NoError(t, err)
71-
return user, append(roles, append(orgRoles, rbac.RoleMember(), rbac.RoleOrgMember(org.ID))...), token
71+
return user, append(roles, append(orgRoles, rbac.RoleMember(), rbac.ScopedRoleOrgMember(org.ID))...), token
7272
},
7373
},
7474
{
@@ -89,8 +89,8 @@ func TestExtractUserRoles(t *testing.T) {
8989

9090
orgRoles := []string{}
9191
if i%2 == 0 {
92-
orgRoles = append(orgRoles, rbac.StaticRoleOrgAdmin())
93-
roles = append(roles, rbac.RoleOrgAdmin(organization.ID))
92+
orgRoles = append(orgRoles, rbac.RoleOrgAdmin())
93+
roles = append(roles, rbac.ScopedRoleOrgAdmin(organization.ID))
9494
}
9595
_, err = db.InsertOrganizationMember(context.Background(), database.InsertOrganizationMemberParams{
9696
OrganizationID: organization.ID,
@@ -100,7 +100,7 @@ func TestExtractUserRoles(t *testing.T) {
100100
Roles: orgRoles,
101101
})
102102
require.NoError(t, err)
103-
roles = append(roles, rbac.RoleOrgMember(organization.ID))
103+
roles = append(roles, rbac.ScopedRoleOrgMember(organization.ID))
104104
}
105105
return user, roles, token
106106
},

coderd/httpmw/organizationparam_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,7 @@ func TestOrganizationParam(t *testing.T) {
152152
_ = dbgen.OrganizationMember(t, db, database.OrganizationMember{
153153
OrganizationID: organization.ID,
154154
UserID: user.ID,
155-
Roles: []string{rbac.RoleOrgMember(organization.ID)},
155+
Roles: []string{rbac.ScopedRoleOrgMember(organization.ID)},
156156
})
157157
_, err := db.UpdateUserRoles(ctx, database.UpdateUserRolesParams{
158158
ID: user.ID,

0 commit comments

Comments
 (0)