Skip to content

Commit dc2e810

Browse files
EmyrkEmyrk
committed
test: include default_org_member_roles in AuthzUserSubjectWithDB
1 parent d15a3f0 commit dc2e810

4 files changed

Lines changed: 40 additions & 33 deletions

File tree

coderd/coderdtest/coderdtest.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -901,6 +901,16 @@ func AuthzUserSubjectWithDB(ctx context.Context, t testing.TB, db database.Store
901901
require.NoError(t, err)
902902
for _, org := range orgs {
903903
roles = append(roles, rbac.ScopedRoleOrgMember(org.ID))
904+
// The implicit role set (organization-member plus the org's
905+
// default_org_member_roles) is unioned at request time by
906+
// GetAuthorizationUserRoles. Subjects built directly here bypass
907+
// that SQL union, so mirror it explicitly.
908+
for _, name := range org.DefaultOrgMemberRoles {
909+
roles = append(roles, rbac.RoleIdentifier{
910+
Name: name,
911+
OrganizationID: org.ID,
912+
})
913+
}
904914
}
905915

906916
//nolint:gocritic // We need to expand DB-backed/system roles. The caller

coderd/coderdtest/subjects.go

Lines changed: 0 additions & 31 deletions
This file was deleted.

coderd/workspaceconnwatcher/watcher_test.go

Lines changed: 29 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,8 @@ import (
1919
"github.com/coder/coder/v2/coderd/database/dbmock"
2020
"github.com/coder/coder/v2/coderd/database/pubsub"
2121
"github.com/coder/coder/v2/coderd/httpmw"
22+
"github.com/coder/coder/v2/coderd/rbac"
23+
"github.com/coder/coder/v2/coderd/rbac/rolestore"
2224
"github.com/coder/coder/v2/coderd/workspaceconnwatcher"
2325
"github.com/coder/coder/v2/coderd/wspubsub"
2426
"github.com/coder/coder/v2/codersdk"
@@ -72,7 +74,7 @@ func (h *harness) Dial(ctx context.Context, url string) (*wsjson.Decoder[workspa
7274
Handler: http.HandlerFunc(h.watcher.WorkspaceAgentConnectionWatch),
7375
CtxMutator: func(ctx context.Context) context.Context {
7476
ctx = httpmw.WithWorkspaceParam(ctx, h.workspace)
75-
ctx = dbauthz.As(ctx, coderdtest.MemberSubject(userID, orgID))
77+
ctx = dbauthz.As(ctx, memberSubject(userID, orgID))
7678
return ctx
7779
},
7880
Logger: h.logger.Named("roundtripper"),
@@ -470,3 +472,29 @@ func TestWatcher_ClosedAfterDial(t *testing.T) {
470472
}
471473
testutil.TryReceive(ctx, t, closed)
472474
}
475+
476+
// memberSubject builds an RBAC subject scoped as a basic org member, used to
477+
// drive the watcher handler through dbauthz checks. Kept local to this test
478+
// because no other package needs it.
479+
func memberSubject(userID, orgID uuid.UUID) rbac.Subject {
480+
memberRole, err := rbac.RoleByName(rbac.RoleMember())
481+
if err != nil {
482+
panic(err)
483+
}
484+
orgMember, err := rolestore.TestingGetSystemRole(
485+
rbac.RoleOrgMember(),
486+
orgID,
487+
rbac.OrgSettings{ShareableWorkspaceOwners: rbac.ShareableWorkspaceOwnersNone},
488+
)
489+
if err != nil {
490+
panic(err)
491+
}
492+
return rbac.Subject{
493+
FriendlyName: "coderdtest-member",
494+
Email: "[email protected]",
495+
Type: rbac.SubjectTypeUser,
496+
ID: userID.String(),
497+
Roles: rbac.Roles{memberRole, orgMember},
498+
Scope: rbac.ScopeAll,
499+
}.WithCachedASTValue()
500+
}

testutil/websocket.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ import (
1919
// Handler: MyHandler,
2020
// CtxMutator: func(ctx context.Context) context.Context {
2121
// ctx = httpmw.WithWorkspaceParam(ctx, ws)
22-
// ctx = dbauthz.As(ctx, coderdtest.MemberSubject(userID, orgID))
22+
// ctx = dbauthz.As(ctx, mySubject(userID, orgID))
2323
// return ctx
2424
// },
2525
// Logger: logger.Named("roundtripper"),

0 commit comments

Comments
 (0)