MCPcopy Index your code
hub / github.com/coder/coder / TestWorkspaceSharingDisabled

Function TestWorkspaceSharingDisabled

enterprise/coderd/workspacesharing_test.go:175–514  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

173}
174
175func TestWorkspaceSharingDisabled(t *testing.T) {
176 t.Parallel()
177
178 t.Run("ACLEndpointsForbidden", func(t *testing.T) {
179 t.Parallel()
180
181 dv := coderdtest.DeploymentValues(t)
182
183 client, db, owner := coderdenttest.NewWithDatabase(t, &coderdenttest.Options{
184 Options: &coderdtest.Options{
185 DeploymentValues: dv,
186 },
187 })
188
189 workspaceOwnerClient, workspaceOwner := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID)
190 ws := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{
191 OwnerID: workspaceOwner.ID,
192 OrganizationID: owner.OrganizationID,
193 }).Do().Workspace
194
195 ctx := testutil.Context(t, testutil.WaitMedium)
196
197 orgAdminClient, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.ScopedRoleOrgAdmin(owner.OrganizationID))
198 _, err := orgAdminClient.PatchWorkspaceSharingSettings(ctx, owner.OrganizationID.String(), codersdk.UpdateWorkspaceSharingSettingsRequest{
199 ShareableWorkspaceOwners: codersdk.ShareableWorkspaceOwnersNone,
200 })
201 require.NoError(t, err)
202
203 // Reading the ACL list remains allowed even when workspace sharing is
204 // disabled, but mutating it is forbidden.
205 _, err = workspaceOwnerClient.WorkspaceACL(ctx, ws.ID)
206 require.NoError(t, err)
207
208 // We don't allow mutating the ACL.
209 assertSharingDisabled := func(t *testing.T, err error) {
210 t.Helper()
211
212 var apiErr *codersdk.Error
213 require.ErrorAs(t, err, &apiErr)
214 require.Equal(t, http.StatusForbidden, apiErr.StatusCode())
215 require.Equal(t, "Workspace sharing is disabled for this organization.", apiErr.Message)
216 }
217
218 // Despite the site-wide workspace.share permission for the owner,
219 // the endpoint should return an authz error.
220 err = client.UpdateWorkspaceACL(ctx, ws.ID, codersdk.UpdateWorkspaceACL{
221 UserRoles: map[string]codersdk.WorkspaceRole{
222 uuid.NewString(): codersdk.WorkspaceRoleUse,
223 },
224 })
225 assertSharingDisabled(t, err)
226
227 err = workspaceOwnerClient.DeleteWorkspaceACL(ctx, ws.ID)
228 assertSharingDisabled(t, err)
229 })
230
231 t.Run("ACLEndpointsForbiddenServiceAccountsMode", func(t *testing.T) {
232 t.Parallel()

Callers

nothing calls this directly

Calls 15

StatusCodeMethod · 0.95
DeploymentValuesFunction · 0.92
NewWithDatabaseFunction · 0.92
CreateAnotherUserFunction · 0.92
WorkspaceBuildFunction · 0.92
ContextFunction · 0.92
ScopedRoleOrgAdminFunction · 0.92
NewDBWithSQLDBFunction · 0.92
NewWithAPIFunction · 0.92
CreateGroupFunction · 0.92

Tested by

no test coverage detected