chore: implement assign organization roles from the cli (#13558)

Basic functionality to assign roles to an organization member via cli.
2025-07-12 00:14:10 +00:00 · 2024-06-13 09:49:32 -10:00
parent 87a172fb14
commit 7d51515f9d
3 changed files with 119 additions and 5 deletions
--- a/cli/organizationmembers.go
+++ b/cli/organizationmembers.go
@ -2,6 +2,7 @@ package cli

 import (
 	"fmt"
+	"strings"

 	"golang.org/x/xerrors"

@ -11,6 +12,66 @@ import (
 )

 func (r *RootCmd) organizationMembers() *serpent.Command {
+	cmd := &serpent.Command{
+		Use:     "members",
+		Aliases: []string{"member"},
+		Short:   "Manage organization members",
+		Children: []*serpent.Command{
+			r.listOrganizationMembers(),
+			r.assignOrganizationRoles(),
+		},
+		Handler: func(inv *serpent.Invocation) error {
+			return inv.Command.HelpHandler(inv)
+		},
+	}
+
+	return cmd
+}
+
+func (r *RootCmd) assignOrganizationRoles() *serpent.Command {
+	client := new(codersdk.Client)
+
+	cmd := &serpent.Command{
+		Use:     "edit-roles <username | user_id> [roles...]",
+		Aliases: []string{"edit-role"},
+		Short:   "Edit organization member's roles",
+		Middleware: serpent.Chain(
+			r.InitClient(client),
+		),
+		Handler: func(inv *serpent.Invocation) error {
+			ctx := inv.Context()
+			organization, err := CurrentOrganization(r, inv, client)
+			if err != nil {
+				return err
+			}
+
+			if len(inv.Args) < 1 {
+				return xerrors.Errorf("user_id or username is required as the first argument")
+			}
+			userIdentifier := inv.Args[0]
+			roles := inv.Args[1:]
+
+			member, err := client.UpdateOrganizationMemberRoles(ctx, organization.ID, userIdentifier, codersdk.UpdateRoles{
+				Roles: roles,
+			})
+			if err != nil {
+				return xerrors.Errorf("update member roles: %w", err)
+			}
+
+			updatedTo := make([]string, 0)
+			for _, role := range member.Roles {
+				updatedTo = append(updatedTo, role.String())
+			}
+
+			_, _ = fmt.Fprintf(inv.Stdout, "Member roles updated to [%s]\n", strings.Join(updatedTo, ", "))
+			return nil
+		},
+	}
+
+	return cmd
+}
+
+func (r *RootCmd) listOrganizationMembers() *serpent.Command {
 	formatter := cliui.NewOutputFormatter(
 		cliui.TableFormat([]codersdk.OrganizationMemberWithName{}, []string{"username", "organization_roles"}),
 		cliui.JSONFormat(),
@ -18,9 +79,8 @@ func (r *RootCmd) organizationMembers() *serpent.Command {

 	client := new(codersdk.Client)
 	cmd := &serpent.Command{
-		Use:     "members",
+		Use:   "list",
 		Short: "List all organization members",
-		Aliases: []string{"member"},
 		Middleware: serpent.Chain(
 			serpent.RequireNArgs(0),
 			r.InitClient(client),
--- a/cli/organizationmembers_test.go
+++ b/cli/organizationmembers_test.go
@ -23,7 +23,7 @@ func TestListOrganizationMembers(t *testing.T) {
 		client, user := coderdtest.CreateAnotherUser(t, ownerClient, owner.OrganizationID, rbac.RoleUserAdmin())

 		ctx := testutil.Context(t, testutil.WaitMedium)
-		inv, root := clitest.New(t, "organization", "members", "-c", "user_id,username,roles")
+		inv, root := clitest.New(t, "organization", "members", "list", "-c", "user_id,username,roles")
 		clitest.SetupConfig(t, client, root)

 		buf := new(bytes.Buffer)
--- a/enterprise/cli/organizationmembers_test.go
+++ b/enterprise/cli/organizationmembers_test.go
@ -53,7 +53,7 @@ func TestEnterpriseListOrganizationMembers(t *testing.T) {
 			OrganizationID: owner.OrganizationID,
 		}, rbac.ScopedRoleOrgAdmin(owner.OrganizationID))

-		inv, root := clitest.New(t, "organization", "members", "-c", "user_id,username,organization_roles")
+		inv, root := clitest.New(t, "organization", "members", "list", "-c", "user_id,username,organization_roles")
 		clitest.SetupConfig(t, client, root)

 		buf := new(bytes.Buffer)
@ -66,3 +66,57 @@ func TestEnterpriseListOrganizationMembers(t *testing.T) {
 		require.Contains(t, buf.String(), customRole.DisplayName)
 	})
 }
+
+func TestAssignOrganizationMemberRole(t *testing.T) {
+	t.Parallel()
+
+	t.Run("OK", func(t *testing.T) {
+		t.Parallel()
+		dv := coderdtest.DeploymentValues(t)
+		dv.Experiments = []string{string(codersdk.ExperimentCustomRoles)}
+
+		ownerClient, owner := coderdenttest.New(t, &coderdenttest.Options{
+			Options: &coderdtest.Options{
+				DeploymentValues: dv,
+			},
+			LicenseOptions: &coderdenttest.LicenseOptions{
+				Features: license.Features{
+					codersdk.FeatureCustomRoles: 1,
+				},
+			},
+		})
+		_, user := coderdtest.CreateAnotherUser(t, ownerClient, owner.OrganizationID, rbac.RoleUserAdmin())
+
+		ctx := testutil.Context(t, testutil.WaitMedium)
+		// nolint:gocritic // requires owner role to create
+		customRole, err := ownerClient.PatchOrganizationRole(ctx, owner.OrganizationID, codersdk.Role{
+			Name:            "custom-role",
+			OrganizationID:  owner.OrganizationID.String(),
+			DisplayName:     "Custom Role",
+			SitePermissions: nil,
+			OrganizationPermissions: codersdk.CreatePermissions(map[codersdk.RBACResource][]codersdk.RBACAction{
+				codersdk.ResourceWorkspace: {codersdk.ActionRead},
+			}),
+			UserPermissions: nil,
+		})
+		require.NoError(t, err)
+
+		inv, root := clitest.New(t, "organization", "members", "edit-roles", user.Username, codersdk.RoleOrganizationAdmin, customRole.Name)
+		// nolint:gocritic // you cannot change your own roles
+		clitest.SetupConfig(t, ownerClient, root)
+
+		buf := new(bytes.Buffer)
+		inv.Stdout = buf
+		err = inv.WithContext(ctx).Run()
+		require.NoError(t, err)
+		require.Contains(t, buf.String(), must(rbac.RoleByName(rbac.ScopedRoleOrgAdmin(owner.OrganizationID))).DisplayName)
+		require.Contains(t, buf.String(), customRole.DisplayName)
+	})
+}
+
+func must[V any](v V, err error) V {
+	if err != nil {
+		panic(err)
+	}
+	return v
+}