feat: add template RBAC/groups (#4235)

2025-07-03 16:13:58 +00:00 · 2022-10-10 15:37:06 -05:00
parent 2687e3db49
commit 3120c94c22
122 changed files with 8088 additions and 1062 deletions
--- a/coderd/httpmw/authorize_test.go
+++ b/coderd/httpmw/authorize_test.go
@ -4,23 +4,22 @@ import (
 	"context"
 	"crypto/sha256"
 	"fmt"
+	"net"
 	"net/http"
 	"net/http/httptest"
 	"testing"
 	"time"

-	"github.com/coder/coder/coderd/rbac"
-	"github.com/coder/coder/codersdk"
-
+	"github.com/go-chi/chi/v5"
 	"github.com/google/uuid"
+	"github.com/stretchr/testify/require"
+	"github.com/tabbed/pqtype"

 	"github.com/coder/coder/coderd/database"
-
-	"github.com/go-chi/chi/v5"
-	"github.com/stretchr/testify/require"
-
-	"github.com/coder/coder/coderd/database/databasefake"
+	"github.com/coder/coder/coderd/database/dbtestutil"
 	"github.com/coder/coder/coderd/httpmw"
+	"github.com/coder/coder/coderd/rbac"
+	"github.com/coder/coder/codersdk"
 )

 func TestExtractUserRoles(t *testing.T) {
@ -71,14 +70,49 @@ func TestExtractUserRoles(t *testing.T) {
 				return user, append(roles, append(orgRoles, rbac.RoleMember(), rbac.RoleOrgMember(org.ID))...), token
 			},
 		},
+		{
+			Name: "MultipleOrgMember",
+			AddUser: func(db database.Store) (database.User, []string, string) {
+				roles := []string{}
+				user, token := addUser(t, db, roles...)
+				roles = append(roles, rbac.RoleMember())
+				for i := 0; i < 3; i++ {
+					organization, err := db.InsertOrganization(context.Background(), database.InsertOrganizationParams{
+						ID:          uuid.New(),
+						Name:        fmt.Sprintf("testorg%d", i),
+						Description: "test",
+						CreatedAt:   time.Now(),
+						UpdatedAt:   time.Now(),
+					})
+					require.NoError(t, err)
+
+					orgRoles := []string{}
+					if i%2 == 0 {
+						orgRoles = append(orgRoles, rbac.RoleOrgAdmin(organization.ID))
+					}
+					_, err = db.InsertOrganizationMember(context.Background(), database.InsertOrganizationMemberParams{
+						OrganizationID: organization.ID,
+						UserID:         user.ID,
+						CreatedAt:      time.Now(),
+						UpdatedAt:      time.Now(),
+						Roles:          orgRoles,
+					})
+					require.NoError(t, err)
+					roles = append(roles, orgRoles...)
+					roles = append(roles, rbac.RoleOrgMember(organization.ID))
+				}
+				return user, roles, token
+			},
+		},
 	}

 	for _, c := range testCases {
 		c := c
 		t.Run(c.Name, func(t *testing.T) {
 			t.Parallel()
+
 			var (
-				db                    = databasefake.New()
+				db, _                 = dbtestutil.NewDB(t)
 				user, expRoles, token = c.AddUser(db)
 				rw                    = httptest.NewRecorder()
 				rtr                   = chi.NewRouter()
@ -118,6 +152,7 @@ func addUser(t *testing.T, db database.Store, roles ...string) (database.User, s
 		Email:     "admin@email.com",
 		Username:  "admin",
 		RBACRoles: roles,
+		LoginType: database.LoginTypePassword,
 	})
 	require.NoError(t, err)

@ -129,6 +164,13 @@ func addUser(t *testing.T, db database.Store, roles ...string) (database.User, s
 		ExpiresAt:    database.Now().Add(time.Minute),
 		LoginType:    database.LoginTypePassword,
 		Scope:        database.APIKeyScopeAll,
+		IPAddress: pqtype.Inet{
+			IPNet: net.IPNet{
+				IP:   net.ParseIP("0.0.0.0"),
+				Mask: net.IPMask{0, 0, 0, 0},
+			},
+			Valid: true,
+		},
 	})
 	require.NoError(t, err)