fix: Prevent suspending owners (#3757)

2025-07-03 16:13:58 +00:00 · 2022-08-31 11:26:36 -04:00
parent e6802f0a56
commit aa9a1c3f56
2 changed files with 35 additions and 15 deletions
--- a/coderd/users_test.go
+++ b/coderd/users_test.go
@ -737,21 +737,28 @@ func TestInitialRoles(t *testing.T) {
 func TestPutUserSuspend(t *testing.T) {
 	t.Parallel()

-	t.Run("SuspendAnotherUser", func(t *testing.T) {
+	t.Run("SuspendAnOwner", func(t *testing.T) {
 		t.Parallel()
 		client := coderdtest.New(t, nil)
 		me := coderdtest.CreateFirstUser(t, client)
+		_, user := coderdtest.CreateAnotherUserWithUser(t, client, me.OrganizationID, rbac.RoleOwner())
+
+		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+		defer cancel()
+
+		_, err := client.UpdateUserStatus(ctx, user.Username, codersdk.UserStatusSuspended)
+		require.Error(t, err, "cannot suspend owners")
+	})
+
+	t.Run("SuspendAnotherUser", func(t *testing.T) {
+		t.Parallel()
+		client := coderdtest.New(t, nil)
+		me := coderdtest.CreateFirstUser(t, client)
+		_, user := coderdtest.CreateAnotherUserWithUser(t, client, me.OrganizationID)

 		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
 		defer cancel()

-		client.User(ctx, codersdk.Me)
-		user, _ := client.CreateUser(ctx, codersdk.CreateUserRequest{
-			Email:          "bruno@coder.com",
-			Username:       "bruno",
-			Password:       "password",
-			OrganizationID: me.OrganizationID,
-		})
 		user, err := client.UpdateUserStatus(ctx, user.Username, codersdk.UserStatusSuspended)
 		require.NoError(t, err)
 		require.Equal(t, user.Status, codersdk.UserStatusSuspended)
@ -841,7 +848,7 @@ func TestUsersFilter(t *testing.T) {
 	for i := 0; i < 15; i++ {
 		roles := []string{}
 		if i%2 == 0 {
-			roles = append(roles, rbac.RoleOwner())
+			roles = append(roles, rbac.RoleTemplateAdmin(), rbac.RoleUserAdmin())
 		}
 		if i%3 == 0 {
 			roles = append(roles, "auditor")