mirror of
https://github.com/coder/coder.git
synced 2025-07-03 16:13:58 +00:00
feat: add template RBAC/groups (#4235)
This commit is contained in:
Jon Ayers
GitHub
122
coderd/database/queries/groups.sql
Normal file
122
coderd/database/queries/groups.sql
Normal file
@ -0,0 +1,122 @@
|
||||
-- name: GetGroupByID :one
|
||||
SELECT
|
||||
*
|
||||
FROM
|
||||
groups
|
||||
WHERE
|
||||
id = $1
|
||||
LIMIT
|
||||
1;
|
||||
|
||||
-- name: GetGroupByOrgAndName :one
|
||||
SELECT
|
||||
*
|
||||
FROM
|
||||
groups
|
||||
WHERE
|
||||
organization_id = $1
|
||||
AND
|
||||
name = $2
|
||||
LIMIT
|
||||
1;
|
||||
|
||||
-- name: GetUserGroups :many
|
||||
SELECT
|
||||
groups.*
|
||||
FROM
|
||||
groups
|
||||
JOIN
|
||||
group_members
|
||||
ON
|
||||
groups.id = group_members.group_id
|
||||
WHERE
|
||||
group_members.user_id = $1;
|
||||
|
||||
-- name: GetGroupMembers :many
|
||||
SELECT
|
||||
users.*
|
||||
FROM
|
||||
users
|
||||
JOIN
|
||||
group_members
|
||||
ON
|
||||
users.id = group_members.user_id
|
||||
WHERE
|
||||
group_members.group_id = $1
|
||||
AND
|
||||
users.status = 'active'
|
||||
AND
|
||||
users.deleted = 'false';
|
||||
|
||||
-- name: GetAllOrganizationMembers :many
|
||||
SELECT
|
||||
users.*
|
||||
FROM
|
||||
users
|
||||
JOIN
|
||||
organization_members
|
||||
ON
|
||||
users.id = organization_members.user_id
|
||||
WHERE
|
||||
organization_members.organization_id = $1;
|
||||
|
||||
-- name: GetGroupsByOrganizationID :many
|
||||
SELECT
|
||||
*
|
||||
FROM
|
||||
groups
|
||||
WHERE
|
||||
organization_id = $1
|
||||
AND
|
||||
id != $1;
|
||||
|
||||
-- name: InsertGroup :one
|
||||
INSERT INTO groups (
|
||||
id,
|
||||
name,
|
||||
organization_id
|
||||
)
|
||||
VALUES
|
||||
( $1, $2, $3) RETURNING *;
|
||||
|
||||
-- We use the organization_id as the id
|
||||
-- for simplicity since all users is
|
||||
-- every member of the org.
|
||||
-- name: InsertAllUsersGroup :one
|
||||
INSERT INTO groups (
|
||||
id,
|
||||
name,
|
||||
organization_id
|
||||
)
|
||||
VALUES
|
||||
( sqlc.arg(organization_id), 'Everyone', sqlc.arg(organization_id)) RETURNING *;
|
||||
|
||||
-- name: UpdateGroupByID :one
|
||||
UPDATE
|
||||
groups
|
||||
SET
|
||||
name = $1
|
||||
WHERE
|
||||
id = $2
|
||||
RETURNING *;
|
||||
|
||||
-- name: InsertGroupMember :exec
|
||||
INSERT INTO group_members (
|
||||
user_id,
|
||||
group_id
|
||||
)
|
||||
VALUES ( $1, $2);
|
||||
|
||||
-- name: DeleteGroupMember :exec
|
||||
DELETE FROM
|
||||
group_members
|
||||
WHERE
|
||||
user_id = $1;
|
||||
|
||||
-- name: DeleteGroupByID :exec
|
||||
DELETE FROM
|
||||
groups
|
||||
WHERE
|
||||
id = $1;
|
||||
|
||||
|
||||
@ -178,15 +178,35 @@ SELECT
|
||||
-- status is used to enforce 'suspended' users, as all roles are ignored
|
||||
-- when suspended.
|
||||
id, username, status,
|
||||
-- All user roles, including their org roles.
|
||||
array_cat(
|
||||
-- All users are members
|
||||
array_append(users.rbac_roles, 'member'),
|
||||
-- All org_members get the org-member role for their orgs
|
||||
array_append(organization_members.roles, 'organization-member:'||organization_members.organization_id::text)) :: text[]
|
||||
AS roles
|
||||
array_append(users.rbac_roles, 'member'),
|
||||
(
|
||||
SELECT
|
||||
array_agg(org_roles)
|
||||
FROM
|
||||
organization_members,
|
||||
-- All org_members get the org-member role for their orgs
|
||||
unnest(
|
||||
array_append(roles, 'organization-member:' || organization_members.organization_id::text)
|
||||
) AS org_roles
|
||||
WHERE
|
||||
user_id = users.id
|
||||
)
|
||||
) :: text[] AS roles,
|
||||
-- All groups the user is in.
|
||||
(
|
||||
SELECT
|
||||
array_agg(
|
||||
group_members.group_id :: text
|
||||
)
|
||||
FROM
|
||||
group_members
|
||||
WHERE
|
||||
user_id = users.id
|
||||
) :: text[] AS groups
|
||||
FROM
|
||||
users
|
||||
LEFT JOIN organization_members
|
||||
ON id = user_id
|
||||
WHERE
|
||||
id = @user_id;
|
||||
|
||||
Reference in New Issue
Block a user