synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-15 22:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: include custom roles in list org roles (#13336)

Browse Source 
* chore: include custom roles in list org roles
* move cli show roles to org scope
This commit is contained in:
Steven Masley
2024-05-23 07:54:59 -10:00
committed by GitHub
parent d748c6d718
commit 1b4ca00428
24 changed files with 312 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
coderd/database/db2sdk/db2sdk.go
View File

@ -527,12 +527,17 @@ func ProvisionerDaemon(dbDaemon database.ProvisionerDaemon) codersdk.Provisioner
}
func Role(role rbac.Role) codersdk.Role {
roleName, orgIDStr, err := rbac.RoleSplit(role.Name)
if err != nil {
roleName = role.Name
}
return codersdk.Role{
Name: role.Name,
Name: roleName,
OrganizationID: orgIDStr,
DisplayName: role.DisplayName,
SitePermissions: List(role.Site, Permission),
OrganizationPermissions: Map(role.Org, ListLazy(Permission)),
UserPermissions: List(role.Site, Permission),
UserPermissions: List(role.User, Permission),
}
}
@ -546,7 +551,7 @@ func Permission(permission rbac.Permission) codersdk.Permission {
func RoleToRBAC(role codersdk.Role) rbac.Role {
return rbac.Role{
Name: role.Name,
Name: rbac.RoleName(role.Name, role.OrganizationID),
DisplayName: role.DisplayName,
Site: List(role.SitePermissions, PermissionToRBAC),
Org: Map(role.OrganizationPermissions, ListLazy(PermissionToRBAC)),

14
coderd/database/dbgen/dbgen.go
View File

@ -8,6 +8,7 @@ import (
"encoding/json"
"fmt"
"net"
"strings"
"testing"
"time"
@ -817,6 +818,19 @@ func OAuth2ProviderAppToken(t testing.TB, db database.Store, seed database.OAuth
return token
}
func CustomRole(t testing.TB, db database.Store, seed database.CustomRole) database.CustomRole {
role, err := db.UpsertCustomRole(genCtx, database.UpsertCustomRoleParams{
Name: takeFirst(seed.Name, strings.ToLower(namesgenerator.GetRandomName(1))),
DisplayName: namesgenerator.GetRandomName(1),
OrganizationID: seed.OrganizationID,
SitePermissions: takeFirstSlice(seed.SitePermissions, []byte("[]")),
OrgPermissions: takeFirstSlice(seed.SitePermissions, []byte("{}")),
UserPermissions: takeFirstSlice(seed.SitePermissions, []byte("[]")),
})
require.NoError(t, err, "insert custom role")
return role
}
func must[V any](v V, err error) V {
if err != nil {
panic(err)

12
coderd/database/dbmem/dbmem.go
View File

@ -1187,7 +1187,11 @@ func (q *FakeQuerier) CustomRoles(_ context.Context, arg database.CustomRolesPar
role := role
if len(arg.LookupRoles) > 0 {
if !slices.ContainsFunc(arg.LookupRoles, func(s string) bool {
return strings.EqualFold(s, role.Name)
roleName := rbac.RoleName(role.Name, "")
if role.OrganizationID.UUID != uuid.Nil {
roleName = rbac.RoleName(role.Name, role.OrganizationID.UUID.String())
}
return strings.EqualFold(s, roleName)
}) {
continue
}
@ -1197,6 +1201,10 @@ func (q *FakeQuerier) CustomRoles(_ context.Context, arg database.CustomRolesPar
continue
}
if arg.OrganizationID != uuid.Nil && role.OrganizationID.UUID != arg.OrganizationID {
continue
}
found = append(found, role)
}
@ -8377,6 +8385,7 @@ func (q *FakeQuerier) UpsertCustomRole(_ context.Context, arg database.UpsertCus
for i := range q.customRoles {
if strings.EqualFold(q.customRoles[i].Name, arg.Name) {
q.customRoles[i].DisplayName = arg.DisplayName
q.customRoles[i].OrganizationID = arg.OrganizationID
q.customRoles[i].SitePermissions = arg.SitePermissions
q.customRoles[i].OrgPermissions = arg.OrgPermissions
q.customRoles[i].UserPermissions = arg.UserPermissions
@ -8388,6 +8397,7 @@ func (q *FakeQuerier) UpsertCustomRole(_ context.Context, arg database.UpsertCus
role := database.CustomRole{
Name: arg.Name,
DisplayName: arg.DisplayName,
OrganizationID: arg.OrganizationID,
SitePermissions: arg.SitePermissions,
OrgPermissions: arg.OrgPermissions,
UserPermissions: arg.UserPermissions,

30
coderd/database/queries.sql.go
View File

@ -5604,10 +5604,13 @@ FROM
custom_roles
WHERE
true
-- Lookup roles filter
-- Lookup roles filter expects the role names to be in the rbac package
-- format. Eg: name[:<organization_id>]
AND CASE WHEN array_length($1 :: text[], 1) > 0 THEN
-- Case insensitive
name ILIKE ANY($1 :: text [])
-- Case insensitive lookup with org_id appended (if non-null).
-- This will return just the name if org_id is null. It'll append
-- the org_id if not null
concat(name, NULLIF(concat(':', organization_id), ':')) ILIKE ANY($1 :: text [])
ELSE true
END
-- Org scoping filter, to only fetch site wide roles
@ -5615,15 +5618,20 @@ WHERE
organization_id IS null
ELSE true
END
AND CASE WHEN $3 :: uuid != '00000000-0000-0000-0000-000000000000'::uuid THEN
organization_id = $3
ELSE true
END
`
type CustomRolesParams struct {
LookupRoles []string `db:"lookup_roles" json:"lookup_roles"`
ExcludeOrgRoles bool `db:"exclude_org_roles" json:"exclude_org_roles"`
LookupRoles []string `db:"lookup_roles" json:"lookup_roles"`
ExcludeOrgRoles bool `db:"exclude_org_roles" json:"exclude_org_roles"`
OrganizationID uuid.UUID `db:"organization_id" json:"organization_id"`
}
func (q *sqlQuerier) CustomRoles(ctx context.Context, arg CustomRolesParams) ([]CustomRole, error) {
rows, err := q.db.QueryContext(ctx, customRoles, pq.Array(arg.LookupRoles), arg.ExcludeOrgRoles)
rows, err := q.db.QueryContext(ctx, customRoles, pq.Array(arg.LookupRoles), arg.ExcludeOrgRoles, arg.OrganizationID)
if err != nil {
return nil, err
}
@ -5659,6 +5667,7 @@ INSERT INTO
custom_roles (
name,
display_name,
organization_id,
site_permissions,
org_permissions,
user_permissions,
@ -5672,15 +5681,16 @@ VALUES (
$3,
$4,
$5,
$6,
now(),
now()
)
ON CONFLICT (name)
DO UPDATE SET
display_name = $2,
site_permissions = $3,
org_permissions = $4,
user_permissions = $5,
site_permissions = $4,
org_permissions = $5,
user_permissions = $6,
updated_at = now()
RETURNING name, display_name, site_permissions, org_permissions, user_permissions, created_at, updated_at, organization_id
`
@ -5688,6 +5698,7 @@ RETURNING name, display_name, site_permissions, org_permissions, user_permission
type UpsertCustomRoleParams struct {
Name string `db:"name" json:"name"`
DisplayName string `db:"display_name" json:"display_name"`
OrganizationID uuid.NullUUID `db:"organization_id" json:"organization_id"`
SitePermissions json.RawMessage `db:"site_permissions" json:"site_permissions"`
OrgPermissions json.RawMessage `db:"org_permissions" json:"org_permissions"`
UserPermissions json.RawMessage `db:"user_permissions" json:"user_permissions"`
@ -5697,6 +5708,7 @@ func (q *sqlQuerier) UpsertCustomRole(ctx context.Context, arg UpsertCustomRoleP
row := q.db.QueryRowContext(ctx, upsertCustomRole,
arg.Name,
arg.DisplayName,
arg.OrganizationID,
arg.SitePermissions,
arg.OrgPermissions,
arg.UserPermissions,

15
coderd/database/queries/roles.sql
View File

@ -5,10 +5,13 @@ FROM
custom_roles
WHERE
true
-- Lookup roles filter
-- Lookup roles filter expects the role names to be in the rbac package
-- format. Eg: name[:<organization_id>]
AND CASE WHEN array_length(@lookup_roles :: text[], 1) > 0 THEN
-- Case insensitive
name ILIKE ANY(@lookup_roles :: text [])
-- Case insensitive lookup with org_id appended (if non-null).
-- This will return just the name if org_id is null. It'll append
-- the org_id if not null
concat(name, NULLIF(concat(':', organization_id), ':')) ILIKE ANY(@lookup_roles :: text [])
ELSE true
END
-- Org scoping filter, to only fetch site wide roles
@ -16,6 +19,10 @@ WHERE
organization_id IS null
ELSE true
END
AND CASE WHEN @organization_id :: uuid != '00000000-0000-0000-0000-000000000000'::uuid THEN
organization_id = @organization_id
ELSE true
END
;
-- name: UpsertCustomRole :one
@ -23,6 +30,7 @@ INSERT INTO
custom_roles (
name,
display_name,
organization_id,
site_permissions,
org_permissions,
user_permissions,
@ -33,6 +41,7 @@ VALUES (
-- Always force lowercase names
lower(@name),
@display_name,
@organization_id,
@site_permissions,
@org_permissions,
@user_permissions,