(t *testing.T)
| 14 | ) |
| 15 | |
| 16 | func TestCheckPermissions(t *testing.T) { |
| 17 | t.Parallel() |
| 18 | |
| 19 | ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) |
| 20 | t.Cleanup(cancel) |
| 21 | |
| 22 | adminClient := coderdtest.New(t, &coderdtest.Options{ |
| 23 | IncludeProvisionerDaemon: true, |
| 24 | }) |
| 25 | // Create adminClient, member, and org adminClient |
| 26 | adminUser := coderdtest.CreateFirstUser(t, adminClient) |
| 27 | memberClient, _ := coderdtest.CreateAnotherUser(t, adminClient, adminUser.OrganizationID) |
| 28 | memberUser, err := memberClient.User(ctx, codersdk.Me) |
| 29 | require.NoError(t, err) |
| 30 | orgAdminClient, _ := coderdtest.CreateAnotherUser(t, adminClient, adminUser.OrganizationID, rbac.ScopedRoleOrgAdmin(adminUser.OrganizationID)) |
| 31 | orgAdminUser, err := orgAdminClient.User(ctx, codersdk.Me) |
| 32 | require.NoError(t, err) |
| 33 | |
| 34 | version := coderdtest.CreateTemplateVersion(t, adminClient, adminUser.OrganizationID, nil) |
| 35 | coderdtest.AwaitTemplateVersionJobCompleted(t, adminClient, version.ID) |
| 36 | template := coderdtest.CreateTemplate(t, adminClient, adminUser.OrganizationID, version.ID) |
| 37 | |
| 38 | // With admin, member, and org admin |
| 39 | const ( |
| 40 | readAllUsers = "read-all-users" |
| 41 | readOrgWorkspaces = "read-org-workspaces" |
| 42 | readMyself = "read-myself" |
| 43 | readOwnWorkspaces = "read-own-workspaces" |
| 44 | updateSpecificTemplate = "update-specific-template" |
| 45 | ) |
| 46 | params := map[string]codersdk.AuthorizationCheck{ |
| 47 | readAllUsers: { |
| 48 | Object: codersdk.AuthorizationObject{ |
| 49 | ResourceType: codersdk.ResourceUser, |
| 50 | }, |
| 51 | Action: "read", |
| 52 | }, |
| 53 | readOrgWorkspaces: { |
| 54 | Object: codersdk.AuthorizationObject{ |
| 55 | ResourceType: codersdk.ResourceWorkspace, |
| 56 | OrganizationID: adminUser.OrganizationID.String(), |
| 57 | }, |
| 58 | Action: "read", |
| 59 | }, |
| 60 | readMyself: { |
| 61 | Object: codersdk.AuthorizationObject{ |
| 62 | ResourceType: codersdk.ResourceUser, |
| 63 | OwnerID: "me", |
| 64 | }, |
| 65 | Action: "read", |
| 66 | }, |
| 67 | readOwnWorkspaces: { |
| 68 | Object: codersdk.AuthorizationObject{ |
| 69 | ResourceType: codersdk.ResourceWorkspace, |
| 70 | OrganizationID: adminUser.OrganizationID.String(), |
| 71 | OwnerID: "me", |
| 72 | }, |
| 73 | Action: "read", |
nothing calls this directly
no test coverage detected