synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-15 22:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: expose Everyone group through UI (#9117)

Browse Source 
- Allows setting quota allowances on the 'Everyone' group.
This commit is contained in:
Jon Ayers
2023-08-17 13:25:16 -05:00
committed by GitHub
parent 8910f05172
commit 2f6687a475
23 changed files with 458 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
enterprise/coderd/groups.go
View File

@ -46,9 +46,9 @@ func (api *API) postGroupByOrganization(rw http.ResponseWriter, r *http.Request)
return
}
if req.Name == database.AllUsersGroup {
if req.Name == database.EveryoneGroup {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: fmt.Sprintf("%q is a reserved keyword and cannot be used for a group name.", database.AllUsersGroup),
Message: fmt.Sprintf("%q is a reserved keyword and cannot be used for a group name.", database.EveryoneGroup),
})
return
}
@ -102,36 +102,56 @@ func (api *API) patchGroup(rw http.ResponseWriter, r *http.Request) {
)
defer commitAudit()
currentMembers, currentMembersErr := api.Database.GetGroupMembers(ctx, group.ID)
if currentMembersErr != nil {
httpapi.InternalServerError(rw, currentMembersErr)
return
}
aReq.Old = group.Auditable(currentMembers)
var req codersdk.PatchGroupRequest
if !httpapi.Read(ctx, rw, r, &req) {
return
}
if req.Name != "" && req.Name == database.AllUsersGroup {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: fmt.Sprintf("%q is a reserved group name!", database.AllUsersGroup),
})
return
}
// If the name matches the existing group name pretend we aren't
// updating the name at all.
if req.Name == group.Name {
req.Name = ""
}
if group.IsEveryone() && req.Name != "" {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: fmt.Sprintf("Cannot rename the %q group!", database.EveryoneGroup),
})
return
}
if group.IsEveryone() && (req.DisplayName != nil && *req.DisplayName != "") {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: fmt.Sprintf("Cannot update the Display Name for the %q group!", database.EveryoneGroup),
})
return
}
if req.Name == database.EveryoneGroup {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: fmt.Sprintf("%q is a reserved group name!", database.EveryoneGroup),
})
return
}
users := make([]string, 0, len(req.AddUsers)+len(req.RemoveUsers))
users = append(users, req.AddUsers...)
users = append(users, req.RemoveUsers...)
if len(users) > 0 && group.Name == database.EveryoneGroup {
httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{
Message: fmt.Sprintf("Cannot add or remove users from the %q group!", database.EveryoneGroup),
})
return
}
currentMembers, err := api.Database.GetGroupMembers(ctx, group.ID)
if err != nil {
httpapi.InternalServerError(rw, err)
return
}
aReq.Old = group.Auditable(currentMembers)
for _, id := range users {
if _, err := uuid.Parse(id); err != nil {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
@ -156,6 +176,7 @@ func (api *API) patchGroup(rw http.ResponseWriter, r *http.Request) {
return
}
}
if req.Name != "" && req.Name != group.Name {
_, err := api.Database.GetGroupByOrgAndName(ctx, database.GetGroupByOrgAndNameParams{
OrganizationID: group.OrganizationID,
@ -169,8 +190,7 @@ func (api *API) patchGroup(rw http.ResponseWriter, r *http.Request) {
}
}
err := api.Database.InTx(func(tx database.Store) error {
var err error
err = database.ReadModifyUpdate(api.Database, func(tx database.Store) error {
group, err = tx.GetGroupByID(ctx, group.ID)
if err != nil {
return xerrors.Errorf("get group by ID: %w", err)
@ -230,7 +250,8 @@ func (api *API) patchGroup(rw http.ResponseWriter, r *http.Request) {
}
}
return nil
}, nil)
})
if database.IsUniqueViolation(err) {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: "Cannot add the same user to a group twice!",
@ -283,6 +304,13 @@ func (api *API) deleteGroup(rw http.ResponseWriter, r *http.Request) {
)
defer commitAudit()
if group.Name == database.EveryoneGroup {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: fmt.Sprintf("%q is a reserved group and cannot be deleted!", database.EveryoneGroup),
})
return
}
groupMembers, getMembersErr := api.Database.GetGroupMembers(ctx, group.ID)
if getMembersErr != nil {
httpapi.InternalServerError(rw, getMembersErr)
@ -291,13 +319,6 @@ func (api *API) deleteGroup(rw http.ResponseWriter, r *http.Request) {
aReq.Old = group.Auditable(groupMembers)
if group.Name == database.AllUsersGroup {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: fmt.Sprintf("%q is a reserved group and cannot be deleted!", database.AllUsersGroup),
})
return
}
err := api.Database.DeleteGroupByID(ctx, group.ID)
if err != nil {
httpapi.InternalServerError(rw, err)