MCPcopy Index your code
hub / github.com/coder/coder / TestOwnerExec

Function TestOwnerExec

coderd/rbac/roles_test.go:171–204  ·  view source on GitHub ↗

nolint:tparallel,paralleltest

(t *testing.T)

Source from the content-addressed store, hash-verified

169
170//nolint:tparallel,paralleltest
171func TestOwnerExec(t *testing.T) {
172 owner := rbac.Subject{
173 ID: uuid.NewString(),
174 Roles: rbac.RoleIdentifiers{rbac.RoleMember(), rbac.RoleOwner()},
175 Scope: rbac.ScopeAll,
176 }
177
178 t.Run("NoExec", func(t *testing.T) {
179 rbac.ReloadBuiltinRoles(&rbac.RoleOptions{
180 NoOwnerWorkspaceExec: true,
181 })
182 t.Cleanup(func() { rbac.ReloadBuiltinRoles(nil) })
183
184 auth := rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())
185 // Exec a random workspace
186 err := auth.Authorize(context.Background(), owner, policy.ActionSSH,
187 rbac.ResourceWorkspace.WithID(uuid.New()).InOrg(uuid.New()).WithOwner(uuid.NewString()))
188 require.ErrorAsf(t, err, &rbac.UnauthorizedError{}, "expected unauthorized error")
189 })
190
191 t.Run("Exec", func(t *testing.T) {
192 rbac.ReloadBuiltinRoles(&rbac.RoleOptions{
193 NoOwnerWorkspaceExec: false,
194 })
195 t.Cleanup(func() { rbac.ReloadBuiltinRoles(nil) })
196
197 auth := rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())
198
199 // Exec a random workspace
200 err := auth.Authorize(context.Background(), owner, policy.ActionSSH,
201 rbac.ResourceWorkspace.WithID(uuid.New()).InOrg(uuid.New()).WithOwner(uuid.NewString()))
202 require.NoError(t, err, "expected owner can")
203 })
204}
205
206// These were "pared down" in https://github.com/coder/coder/pull/21359 to avoid
207// using the now DB-backed organization-member role. As a result, they no longer

Callers

nothing calls this directly

Calls 11

RoleMemberFunction · 0.92
RoleOwnerFunction · 0.92
ReloadBuiltinRolesFunction · 0.92
WithOwnerMethod · 0.80
InOrgMethod · 0.80
RunMethod · 0.65
CleanupMethod · 0.65
AuthorizeMethod · 0.65
NewMethod · 0.65
WithIDMethod · 0.45

Tested by

no test coverage detected