MCPcopy Index your code
hub / github.com/coder/coder / TestSystemRoles

Function TestSystemRoles

coderd/database/dbauthz/customroles_test.go:266–481  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

264}
265
266func TestSystemRoles(t *testing.T) {
267 t.Parallel()
268
269 orgID := uuid.New()
270
271 canManageOrgRoles := rbac.Role{
272 Identifier: rbac.RoleIdentifier{Name: "can-manage-org-roles"},
273 DisplayName: "",
274 Site: rbac.Permissions(map[string][]policy.Action{
275 rbac.ResourceAssignOrgRole.Type: {policy.ActionRead, policy.ActionCreate, policy.ActionUpdate},
276 }),
277 }
278
279 canCreateSystem := rbac.Role{
280 Identifier: rbac.RoleIdentifier{Name: "can-create-system"},
281 DisplayName: "",
282 Site: rbac.Permissions(map[string][]policy.Action{
283 rbac.ResourceSystem.Type: {policy.ActionCreate},
284 }),
285 }
286
287 canUpdateSystem := rbac.Role{
288 Identifier: rbac.RoleIdentifier{Name: "can-update-system"},
289 DisplayName: "",
290 Site: rbac.Permissions(map[string][]policy.Action{
291 rbac.ResourceSystem.Type: {policy.ActionUpdate},
292 }),
293 }
294
295 userID := uuid.New()
296 subjectNoSystemPerms := rbac.Subject{
297 FriendlyName: "Test user",
298 ID: userID.String(),
299 Roles: rbac.Roles([]rbac.Role{canManageOrgRoles}),
300 Groups: nil,
301 Scope: rbac.ScopeAll,
302 }
303 subjectWithSystemCreatePerms := subjectNoSystemPerms
304 subjectWithSystemCreatePerms.Roles = rbac.Roles([]rbac.Role{canManageOrgRoles, canCreateSystem})
305 subjectWithSystemUpdatePerms := subjectNoSystemPerms
306 subjectWithSystemUpdatePerms.Roles = rbac.Roles([]rbac.Role{canManageOrgRoles, canUpdateSystem})
307
308 db, _ := dbtestutil.NewDB(t)
309 rec := &coderdtest.RecordingAuthorizer{
310 Wrapped: rbac.NewAuthorizer(prometheus.NewRegistry()),
311 }
312 az := dbauthz.New(db, rec, slog.Make(), coderdtest.AccessControlStorePointer())
313
314 t.Run("insert-requires-system-create", func(t *testing.T) {
315 t.Parallel()
316
317 insertParamsTemplate := database.InsertCustomRoleParams{
318 Name: "",
319 OrganizationID: uuid.NullUUID{
320 UUID: orgID,
321 Valid: true,
322 },
323 SitePermissions: database.CustomRolePermissions{},

Callers

nothing calls this directly

Calls 13

PermissionsFunction · 0.92
RolesTypeAlias · 0.92
NewDBFunction · 0.92
NewAuthorizerFunction · 0.92
NewFunction · 0.92
ContextFunction · 0.92
AsFunction · 0.92
NewMethod · 0.65
RunMethod · 0.65
InsertCustomRoleMethod · 0.65
UpdateCustomRoleMethod · 0.65

Tested by

no test coverage detected