Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2638c27

Browse files
EmyrkEmyrk
authored
fix: User's should be able to read what roles available (#1575)
1 parent 8bd1abe commit 2638c27

File tree

3 files changed

+21
-6
lines changed

3 files changed

+21
-6
lines changed

coderd/rbac/builtin.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,8 @@ var (
6666
DisplayName: "Member",
6767
Site: permissions(map[Object][]Action{
6868
// All users can read all other users and know they exist.
69-
ResourceUser: {ActionRead},
69+
ResourceUser: {ActionRead},
70+
ResourceRoleAssignment: {ActionRead},
7071
}),
7172
User: permissions(map[Object][]Action{
7273
ResourceWildcard: {WildcardSymbol},

coderd/rbac/builtin_internal_test.go

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ func TestRoleByName(t *testing.T) {
3434
t.Run(c.Role.Name, func(t *testing.T) {
3535
role, err := RoleByName(c.Role.Name)
3636
require.NoError(t, err, "role exists")
37-
require.Equal(t, c.Role, role)
37+
equalRoles(t, c.Role, role)
3838
})
3939
}
4040
})
@@ -53,3 +53,18 @@ func TestRoleByName(t *testing.T) {
5353
require.Error(t, err, "expect orgID")
5454
})
5555
}
56+
57+
// SameAs compares 2 roles for equality.
58+
func equalRoles(t *testing.T, a, b Role) {
59+
require.Equal(t, a.Name, b.Name, "role names")
60+
require.Equal(t, a.DisplayName, b.DisplayName, "role display names")
61+
require.ElementsMatch(t, a.Site, b.Site, "site permissions")
62+
require.ElementsMatch(t, a.User, b.User, "user permissions")
63+
require.Equal(t, len(a.Org), len(b.Org), "same number of org roles")
64+
65+
for ak, av := range a.Org {
66+
bv, ok := b.Org[ak]
67+
require.True(t, ok, "org permissions missing: %s", ak)
68+
require.ElementsMatchf(t, av, bv, "org %s permissions", ak)
69+
}
70+
}

coderd/roles_test.go

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,6 @@ func TestListRoles(t *testing.T) {
112112
})
113113
require.NoError(t, err, "create org")
114114

115-
const unauth = "forbidden"
116115
const notMember = "not a member of the organization"
117116

118117
testCases := []struct {
@@ -128,14 +127,14 @@ func TestListRoles(t *testing.T) {
128127
x, err := member.ListSiteRoles(ctx)
129128
return x, err
130129
},
131-
AuthorizedError: unauth,
130+
ExpectedRoles: convertRoles(rbac.SiteRoles()),
132131
},
133132
{
134133
Name: "OrgMemberListOrg",
135134
APICall: func() ([]codersdk.Role, error) {
136135
return member.ListOrganizationRoles(ctx, admin.OrganizationID)
137136
},
138-
AuthorizedError: unauth,
137+
ExpectedRoles: convertRoles(rbac.OrganizationRoles(admin.OrganizationID)),
139138
},
140139
{
141140
Name: "NonOrgMemberListOrg",
@@ -150,7 +149,7 @@ func TestListRoles(t *testing.T) {
150149
APICall: func() ([]codersdk.Role, error) {
151150
return orgAdmin.ListSiteRoles(ctx)
152151
},
153-
AuthorizedError: unauth,
152+
ExpectedRoles: convertRoles(rbac.SiteRoles()),
154153
},
155154
{
156155
Name: "OrgAdminListOrg",

0 commit comments

Comments
 (0)