fix: allow group members to read group information (#14200)

* - allow group members to read basic Group info - allow group members to see they are part of the group, but not see that information about other members - add a GetGroupMembersCountByGroupID SQL query, which allows group members to see members count without revealing other information about the members - add the group_members_expanded db view - rewrite group member queries to use the group_members_expanded view - add the RBAC ResourceGroupMember and add it to relevant roles - rewrite GetGroupMembersByGroupID permission checks - make the GroupMember type contain all user fields - fix type issues coming from replacing User with GroupMember in group member queries - add the MemberTotalCount field to codersdk.Group - display `group.total_member_count` instead of `group.members.length` on the account page
2025-07-13 21:36:50 +00:00 · 2024-08-13 16:20:24 +02:00
parent 60218c4c78
commit 6f9b1a39f4
38 changed files with 734 additions and 315 deletions
--- a/enterprise/coderd/groups_test.go
+++ b/enterprise/coderd/groups_test.go
@ -2,6 +2,7 @@ package coderd_test

 import (
 	"net/http"
+	"sort"
 	"testing"

 	"github.com/google/uuid"
@ -567,6 +568,12 @@ func TestPatchGroup(t *testing.T) {
 	})
 }

+func sortGroupMembers(group *codersdk.Group) {
+	sort.Slice(group.Members, func(i, j int) bool {
+		return group.Members[i].ID.String() < group.Members[j].ID.String()
+	})
+}
+
 // TODO: test auth.
 func TestGroup(t *testing.T) {
 	t.Parallel()
@ -638,6 +645,9 @@ func TestGroup(t *testing.T) {

 		ggroup, err := userAdminClient.Group(ctx, group.ID)
 		require.NoError(t, err)
+		sortGroupMembers(&group)
+		sortGroupMembers(&ggroup)
+
 		require.Equal(t, group, ggroup)
 	})

@ -820,6 +830,14 @@ func TestGroups(t *testing.T) {

 		groups, err := userAdminClient.GroupsByOrganization(ctx, user.OrganizationID)
 		require.NoError(t, err)
+
+		// sort group members so we can compare them
+		allGroups := append([]codersdk.Group{}, groups...)
+		allGroups = append(allGroups, group1, group2)
+		for i := range allGroups {
+			sortGroupMembers(&allGroups[i])
+		}
+
 		// 'Everyone' group + 2 custom groups.
 		require.Len(t, groups, 3)
 		require.Contains(t, groups, group1)