synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Prevent role changing on yourself. (#1931)

Browse Source 
* feat: Prevent role changing on yourself.

Only allow changing roles on other users. Not much value in self changing
at the moment
This commit is contained in:
Steven Masley
2022-05-31 15:50:38 -05:00
committed by GitHub
parent 4b0ed06a26
commit 7acb742218
3 changed files with 32 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
coderd/users_test.go
View File

@ -409,11 +409,11 @@ func TestGrantRoles(t *testing.T) {
t.Run("UpdateIncorrectRoles", func(t *testing.T) {
t.Parallel()
ctx := context.Background()
var err error
admin := coderdtest.New(t, nil)
first := coderdtest.CreateFirstUser(t, admin)
member := coderdtest.CreateAnotherUser(t, admin, first.OrganizationID)
memberUser, err := member.User(ctx, codersdk.Me)
require.NoError(t, err, "member user")
_, err = admin.UpdateUserRoles(ctx, codersdk.Me, codersdk.UpdateRoles{
Roles: []string{rbac.RoleOrgMember(first.OrganizationID)},
@ -445,7 +445,7 @@ func TestGrantRoles(t *testing.T) {
require.Error(t, err, "member cannot change other's roles")
requireStatusCode(t, err, http.StatusForbidden)
_, err = member.UpdateUserRoles(ctx, memberUser.ID.String(), codersdk.UpdateRoles{
_, err = member.UpdateUserRoles(ctx, first.UserID.String(), codersdk.UpdateRoles{
Roles: []string{rbac.RoleMember()},
})
require.Error(t, err, "member cannot change any roles")
@ -456,6 +456,18 @@ func TestGrantRoles(t *testing.T) {
})
require.Error(t, err, "member cannot change other's org roles")
requireStatusCode(t, err, http.StatusForbidden)
_, err = admin.UpdateUserRoles(ctx, first.UserID.String(), codersdk.UpdateRoles{
Roles: []string{},
})
require.Error(t, err, "admin cannot change self roles")
requireStatusCode(t, err, http.StatusBadRequest)
_, err = admin.UpdateOrganizationMemberRoles(ctx, first.OrganizationID, first.UserID.String(), codersdk.UpdateRoles{
Roles: []string{},
})
require.Error(t, err, "admin cannot change self org roles")
requireStatusCode(t, err, http.StatusBadRequest)
})
t.Run("FirstUserRoles", func(t *testing.T) {
@ -508,7 +520,7 @@ func TestGrantRoles(t *testing.T) {
require.NoError(t, err, "grant member admin role")
// Promote to org admin
_, err = member.UpdateOrganizationMemberRoles(ctx, first.OrganizationID, codersdk.Me, codersdk.UpdateRoles{
_, err = admin.UpdateOrganizationMemberRoles(ctx, first.OrganizationID, memberUser.ID.String(), codersdk.UpdateRoles{
Roles: []string{
// Promote to org admin
rbac.RoleOrgMember(first.OrganizationID),