Merge branch 'dk/prebuilds' of https://github.com/coder/coder into jjs/prebuilds

2025-07-09 11:45:56 +00:00 · 2025-03-03 08:01:04 +00:00
parent 6c2eb32552 900cb05e81
commit be166ea239
147 changed files with 3617 additions and 1117 deletions
--- a/enterprise/coderd/audit_test.go
+++ b/enterprise/coderd/audit_test.go
@ -75,10 +75,6 @@ func TestEnterpriseAuditLogs(t *testing.T) {
 		require.Equal(t, int64(1), alogs.Count)
 		require.Len(t, alogs.AuditLogs, 1)

-		require.Equal(t, &codersdk.MinimalOrganization{
-			ID: o.ID,
-		}, alogs.AuditLogs[0].Organization)
-
 		// OrganizationID is deprecated, but make sure it is set.
 		require.Equal(t, o.ID, alogs.AuditLogs[0].OrganizationID)

--- a/enterprise/coderd/groups.go
+++ b/enterprise/coderd/groups.go
@ -440,7 +440,10 @@ func (api *API) groups(rw http.ResponseWriter, r *http.Request) {
 	parser := httpapi.NewQueryParamParser()
 	// Organization selector can be an org ID or name
 	filter.OrganizationID = parser.UUIDorName(r.URL.Query(), uuid.Nil, "organization", func(orgName string) (uuid.UUID, error) {
-		org, err := api.Database.GetOrganizationByName(ctx, orgName)
+		org, err := api.Database.GetOrganizationByName(ctx, database.GetOrganizationByNameParams{
+			Name:    orgName,
+			Deleted: false,
+		})
 		if err != nil {
 			return uuid.Nil, xerrors.Errorf("organization %q not found", orgName)
 		}
--- a/enterprise/coderd/organizations.go
+++ b/enterprise/coderd/organizations.go
@ -150,7 +150,16 @@ func (api *API) deleteOrganization(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

-	err := api.Database.DeleteOrganization(ctx, organization.ID)
+	err := api.Database.InTx(func(tx database.Store) error {
+		err := tx.UpdateOrganizationDeletedByID(ctx, database.UpdateOrganizationDeletedByIDParams{
+			ID:        organization.ID,
+			UpdatedAt: dbtime.Now(),
+		})
+		if err != nil {
+			return xerrors.Errorf("delete organization: %w", err)
+		}
+		return nil
+	}, nil)
 	if err != nil {
 		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
 			Message: "Internal error deleting organization.",
@ -204,7 +213,10 @@ func (api *API) postOrganizations(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

-	_, err := api.Database.GetOrganizationByName(ctx, req.Name)
+	_, err := api.Database.GetOrganizationByName(ctx, database.GetOrganizationByNameParams{
+		Name:    req.Name,
+		Deleted: false,
+	})
 	if err == nil {
 		httpapi.Write(ctx, rw, http.StatusConflict, codersdk.Response{
 			Message: "Organization already exists with that name.",
--- a/enterprise/coderd/prebuilds/metricscollector_test.go
+++ b/enterprise/coderd/prebuilds/metricscollector_test.go
@ -20,6 +20,10 @@ import (
 func TestMetricsCollector(t *testing.T) {
 	t.Parallel()

+	if !dbtestutil.WillUsePostgres() {
+		t.Skip("this test requires postgres")
+	}
+
 	db, _ := dbtestutil.NewDB(t, dbtestutil.WithDumpOnFailure())

 	org := dbgen.Organization(t, db, database.Organization{})
--- a/enterprise/coderd/roles.go
+++ b/enterprise/coderd/roles.go
@ -147,9 +147,13 @@ func (api *API) putOrgRoles(rw http.ResponseWriter, r *http.Request) {
 			UUID:  organization.ID,
 			Valid: true,
 		},
-		SitePermissions: db2sdk.List(req.SitePermissions, sdkPermissionToDB),
-		OrgPermissions:  db2sdk.List(req.OrganizationPermissions, sdkPermissionToDB),
-		UserPermissions: db2sdk.List(req.UserPermissions, sdkPermissionToDB),
+		// Invalid permissions are filtered out. If this is changed
+		// to throw an error, then the story of a previously valid role
+		// now being invalid has to be addressed. Coder can change permissions,
+		// objects, and actions at any time.
+		SitePermissions: db2sdk.List(filterInvalidPermissions(req.SitePermissions), sdkPermissionToDB),
+		OrgPermissions:  db2sdk.List(filterInvalidPermissions(req.OrganizationPermissions), sdkPermissionToDB),
+		UserPermissions: db2sdk.List(filterInvalidPermissions(req.UserPermissions), sdkPermissionToDB),
 	})
 	if httpapi.Is404Error(err) {
 		httpapi.ResourceNotFound(rw)
@ -247,6 +251,23 @@ func (api *API) deleteOrgRole(rw http.ResponseWriter, r *http.Request) {
 	httpapi.Write(ctx, rw, http.StatusNoContent, nil)
 }

+func filterInvalidPermissions(permissions []codersdk.Permission) []codersdk.Permission {
+	// Filter out any invalid permissions
+	var validPermissions []codersdk.Permission
+	for _, permission := range permissions {
+		err := rbac.Permission{
+			Negate:       permission.Negate,
+			ResourceType: string(permission.ResourceType),
+			Action:       policy.Action(permission.Action),
+		}.Valid()
+		if err != nil {
+			continue
+		}
+		validPermissions = append(validPermissions, permission)
+	}
+	return validPermissions
+}
+
 func sdkPermissionToDB(p codersdk.Permission) database.CustomRolePermission {
 	return database.CustomRolePermission{
 		Negate:       p.Negate,