(t *testing.T)
| 68 | } |
| 69 | |
| 70 | func TestCreateWorkspace(t *testing.T) { |
| 71 | t.Parallel() |
| 72 | |
| 73 | t.Run("NoTemplateAccess", func(t *testing.T) { |
| 74 | t.Parallel() |
| 75 | |
| 76 | client, first := coderdenttest.New(t, &coderdenttest.Options{ |
| 77 | LicenseOptions: &coderdenttest.LicenseOptions{ |
| 78 | Features: license.Features{ |
| 79 | codersdk.FeatureTemplateRBAC: 1, |
| 80 | codersdk.FeatureMultipleOrganizations: 1, |
| 81 | }, |
| 82 | }, |
| 83 | }) |
| 84 | |
| 85 | other, _ := coderdtest.CreateAnotherUser(t, client, first.OrganizationID, rbac.RoleMember(), rbac.RoleOwner()) |
| 86 | |
| 87 | ctx := testutil.Context(t, testutil.WaitLong) |
| 88 | |
| 89 | org, err := other.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{ |
| 90 | Name: "another", |
| 91 | }) |
| 92 | require.NoError(t, err) |
| 93 | version := coderdtest.CreateTemplateVersion(t, other, org.ID, nil) |
| 94 | template := coderdtest.CreateTemplate(t, other, org.ID, version.ID) |
| 95 | |
| 96 | ctx = testutil.Context(t, testutil.WaitLong) // Reset the context to avoid timeouts. |
| 97 | |
| 98 | _, err = client.CreateWorkspace(ctx, first.OrganizationID, codersdk.Me, codersdk.CreateWorkspaceRequest{ |
| 99 | TemplateID: template.ID, |
| 100 | Name: "workspace", |
| 101 | }) |
| 102 | require.Error(t, err) |
| 103 | var apiErr *codersdk.Error |
| 104 | require.ErrorAs(t, err, &apiErr) |
| 105 | require.Equal(t, http.StatusNotAcceptable, apiErr.StatusCode()) |
| 106 | }) |
| 107 | |
| 108 | // Test that a user cannot indirectly access |
| 109 | // a template they do not have access to. |
| 110 | t.Run("Unauthorized", func(t *testing.T) { |
| 111 | t.Parallel() |
| 112 | |
| 113 | client, user := coderdenttest.New(t, &coderdenttest.Options{LicenseOptions: &coderdenttest.LicenseOptions{ |
| 114 | Features: license.Features{ |
| 115 | codersdk.FeatureTemplateRBAC: 1, |
| 116 | }, |
| 117 | }}) |
| 118 | templateAdminClient, _ := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleTemplateAdmin()) |
| 119 | |
| 120 | version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) |
| 121 | template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) |
| 122 | |
| 123 | ctx := testutil.Context(t, testutil.WaitLong) |
| 124 | |
| 125 | acl, err := templateAdminClient.TemplateACL(ctx, template.ID) |
| 126 | require.NoError(t, err) |
| 127 |
nothing calls this directly
no test coverage detected