chore: add tests for sharing remove command

brettkolodny · brettkolodny · commit aa2c2beba588 · 2025-09-10T15:20:29.000Z
diff --git a/cli/sharing_test.go b/cli/sharing_test.go
@@ -217,3 +217,117 @@ func TestSharingStatus(t *testing.T) {
 		assert.True(t, found, "expected to find username %s with role %s in the output: %s", toShareWithUser.Username, codersdk.WorkspaceRoleUse, out.String())
 	})
 }
+
+func TestSharingRemove(t *testing.T) {
+	t.Parallel()
+
+	dv := coderdtest.DeploymentValues(t)
+	dv.Experiments = []string{string(codersdk.ExperimentWorkspaceSharing)}
+
+	t.Run("RemoveSharedUser_Simple", func(t *testing.T) {
+		t.Parallel()
+
+		var (
+			client, db = coderdtest.NewWithDatabase(t, &coderdtest.Options{
+				DeploymentValues: dv,
+			})
+			orgOwner                             = coderdtest.CreateFirstUser(t, client)
+			workspaceOwnerClient, workspaceOwner = coderdtest.CreateAnotherUser(t, client, orgOwner.OrganizationID, rbac.ScopedRoleOrgAuditor(orgOwner.OrganizationID))
+			workspace                            = dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{
+				OwnerID:        workspaceOwner.ID,
+				OrganizationID: orgOwner.OrganizationID,
+			}).Do().Workspace
+			_, toRemoveUser    = coderdtest.CreateAnotherUser(t, client, orgOwner.OrganizationID)
+			_, toShareWithUser = coderdtest.CreateAnotherUser(t, client, orgOwner.OrganizationID)
+		)
+
+		ctx := testutil.Context(t, testutil.WaitMedium)
+
+		// Share the workspace with a user to later remove
+		err := client.UpdateWorkspaceACL(ctx, workspace.ID, codersdk.UpdateWorkspaceACL{
+			UserRoles: map[string]codersdk.WorkspaceRole{
+				toShareWithUser.ID.String(): codersdk.WorkspaceRoleUse,
+				toRemoveUser.ID.String():    codersdk.WorkspaceRoleUse,
+			},
+		})
+		require.NoError(t, err)
+
+		inv, root := clitest.New(t,
+			"sharing",
+			"remove",
+			workspace.Name,
+			"--org", orgOwner.OrganizationID.String(),
+			"--user", toRemoveUser.Username,
+		)
+		clitest.SetupConfig(t, workspaceOwnerClient, root)
+
+		out := bytes.NewBuffer(nil)
+		inv.Stdout = out
+		err = inv.WithContext(ctx).Run()
+		require.NoError(t, err)
+
+		acl, err := workspaceOwnerClient.WorkspaceACL(inv.Context(), workspace.ID)
+		require.NoError(t, err)
+
+		removedCorrectUser := true
+		keptOtherUser := false
+		for _, user := range acl.Users {
+			if user.ID == toRemoveUser.ID {
+				removedCorrectUser = false
+			}
+
+			if user.ID == toShareWithUser.ID {
+				keptOtherUser = true
+			}
+		}
+		assert.True(t, removedCorrectUser)
+		assert.True(t, keptOtherUser)
+	})
+
+	t.Run("RemoveSharedUser_Multiple", func(t *testing.T) {
+		t.Parallel()
+
+		var (
+			client, db = coderdtest.NewWithDatabase(t, &coderdtest.Options{
+				DeploymentValues: dv,
+			})
+			orgOwner                             = coderdtest.CreateFirstUser(t, client)
+			workspaceOwnerClient, workspaceOwner = coderdtest.CreateAnotherUser(t, client, orgOwner.OrganizationID, rbac.ScopedRoleOrgAuditor(orgOwner.OrganizationID))
+			workspace                            = dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{
+				OwnerID:        workspaceOwner.ID,
+				OrganizationID: orgOwner.OrganizationID,
+			}).Do().Workspace
+			_, toRemoveUser1 = coderdtest.CreateAnotherUser(t, client, orgOwner.OrganizationID)
+			_, toRemoveUser2 = coderdtest.CreateAnotherUser(t, client, orgOwner.OrganizationID)
+		)
+
+		ctx := testutil.Context(t, testutil.WaitMedium)
+
+		// Share the workspace with a user to later remove
+		err := client.UpdateWorkspaceACL(ctx, workspace.ID, codersdk.UpdateWorkspaceACL{
+			UserRoles: map[string]codersdk.WorkspaceRole{
+				toRemoveUser2.ID.String(): codersdk.WorkspaceRoleUse,
+				toRemoveUser1.ID.String(): codersdk.WorkspaceRoleUse,
+			},
+		})
+		require.NoError(t, err)
+
+		inv, root := clitest.New(t,
+			"sharing",
+			"remove",
+			workspace.Name,
+			"--org", orgOwner.OrganizationID.String(),
+			fmt.Sprintf("--user=%s,%s", toRemoveUser1.Username, toRemoveUser2.Username),
+		)
+		clitest.SetupConfig(t, workspaceOwnerClient, root)
+
+		out := bytes.NewBuffer(nil)
+		inv.Stdout = out
+		err = inv.WithContext(ctx).Run()
+		require.NoError(t, err)
+
+		acl, err := workspaceOwnerClient.WorkspaceACL(inv.Context(), workspace.ID)
+		require.NoError(t, err)
+		assert.Empty(t, acl.Users)
+	})
+}
diff --git a/enterprise/cli/sharing_test.go b/enterprise/cli/sharing_test.go
@@ -23,7 +23,7 @@ import (
 	"github.com/coder/coder/v2/testutil"
 )
 
-func TestSharingShareEnterprise(t *testing.T) {
+func TestSharingShare(t *testing.T) {
 	t.Parallel()
 
 	dv := coderdtest.DeploymentValues(t)
@@ -245,6 +245,157 @@ func TestSharingStatus(t *testing.T) {
 	})
 }
 
+func TestSharingRemove(t *testing.T) {
+	t.Parallel()
+
+	dv := coderdtest.DeploymentValues(t)
+	dv.Experiments = []string{string(codersdk.ExperimentWorkspaceSharing)}
+
+	t.Run("RemoveSharedGroup_Single", func(t *testing.T) {
+		t.Parallel()
+
+		var (
+			client, db, orgOwner = coderdenttest.NewWithDatabase(t, &coderdenttest.Options{
+				Options: &coderdtest.Options{
+					DeploymentValues: dv,
+				},
+				LicenseOptions: &coderdenttest.LicenseOptions{
+					Features: license.Features{
+						codersdk.FeatureTemplateRBAC: 1,
+					},
+				},
+			})
+			workspaceOwnerClient, workspaceOwner = coderdtest.CreateAnotherUser(t, client, orgOwner.OrganizationID, rbac.ScopedRoleOrgAuditor(orgOwner.OrganizationID))
+			workspace                            = dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{
+				OwnerID:        workspaceOwner.ID,
+				OrganizationID: orgOwner.OrganizationID,
+			}).Do().Workspace
+			_, groupUser1 = coderdtest.CreateAnotherUser(t, client, orgOwner.OrganizationID)
+			_, groupUser2 = coderdtest.CreateAnotherUser(t, client, orgOwner.OrganizationID)
+		)
+
+		ctx := testutil.Context(t, testutil.WaitMedium)
+
+		group1, err := createGroupWithMembers(ctx, client, orgOwner.OrganizationID, "group-1", []uuid.UUID{groupUser1.ID, groupUser2.ID})
+		require.NoError(t, err)
+
+		group2, err := createGroupWithMembers(ctx, client, orgOwner.OrganizationID, "group-2", []uuid.UUID{groupUser1.ID, groupUser2.ID})
+		require.NoError(t, err)
+
+		// Share the workspace with a user to later remove
+		err = client.UpdateWorkspaceACL(ctx, workspace.ID, codersdk.UpdateWorkspaceACL{
+			GroupRoles: map[string]codersdk.WorkspaceRole{
+				group1.ID.String(): codersdk.WorkspaceRoleUse,
+				group2.ID.String(): codersdk.WorkspaceRoleUse,
+			},
+		})
+		require.NoError(t, err)
+
+		inv, root := clitest.New(t,
+			"sharing",
+			"remove",
+			workspace.Name,
+			"--org", orgOwner.OrganizationID.String(),
+			"--group", group1.Name,
+		)
+		clitest.SetupConfig(t, workspaceOwnerClient, root)
+
+		err = inv.WithContext(ctx).Run()
+		require.NoError(t, err)
+
+		acl, err := workspaceOwnerClient.WorkspaceACL(inv.Context(), workspace.ID)
+		require.NoError(t, err)
+
+		removedGroup1 := true
+		removedGroup2 := true
+		for _, group := range acl.Groups {
+			if group.ID == group1.ID {
+				removedGroup1 = false
+				continue
+			}
+
+			if group.ID == group2.ID {
+				removedGroup2 = false
+				continue
+			}
+		}
+		assert.True(t, removedGroup1)
+		assert.False(t, removedGroup2)
+	})
+
+	t.Run("RemoveSharedGroup_Multiple", func(t *testing.T) {
+		t.Parallel()
+
+		var (
+			client, db, orgOwner = coderdenttest.NewWithDatabase(t, &coderdenttest.Options{
+				Options: &coderdtest.Options{
+					DeploymentValues: dv,
+				},
+				LicenseOptions: &coderdenttest.LicenseOptions{
+					Features: license.Features{
+						codersdk.FeatureTemplateRBAC: 1,
+					},
+				},
+			})
+			workspaceOwnerClient, workspaceOwner = coderdtest.CreateAnotherUser(t, client, orgOwner.OrganizationID, rbac.ScopedRoleOrgAuditor(orgOwner.OrganizationID))
+			workspace                            = dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{
+				OwnerID:        workspaceOwner.ID,
+				OrganizationID: orgOwner.OrganizationID,
+			}).Do().Workspace
+			_, groupUser1 = coderdtest.CreateAnotherUser(t, client, orgOwner.OrganizationID)
+			_, groupUser2 = coderdtest.CreateAnotherUser(t, client, orgOwner.OrganizationID)
+		)
+
+		ctx := testutil.Context(t, testutil.WaitMedium)
+
+		group1, err := createGroupWithMembers(ctx, client, orgOwner.OrganizationID, "group-1", []uuid.UUID{groupUser1.ID, groupUser2.ID})
+		require.NoError(t, err)
+
+		group2, err := createGroupWithMembers(ctx, client, orgOwner.OrganizationID, "group-2", []uuid.UUID{groupUser1.ID, groupUser2.ID})
+		require.NoError(t, err)
+
+		// Share the workspace with a user to later remove
+		err = client.UpdateWorkspaceACL(ctx, workspace.ID, codersdk.UpdateWorkspaceACL{
+			GroupRoles: map[string]codersdk.WorkspaceRole{
+				group1.ID.String(): codersdk.WorkspaceRoleUse,
+				group2.ID.String(): codersdk.WorkspaceRoleUse,
+			},
+		})
+		require.NoError(t, err)
+
+		inv, root := clitest.New(t,
+			"sharing",
+			"remove",
+			workspace.Name,
+			"--org", orgOwner.OrganizationID.String(),
+			fmt.Sprintf("--group=%s,%s", group1.Name, group2.Name),
+		)
+		clitest.SetupConfig(t, workspaceOwnerClient, root)
+
+		err = inv.WithContext(ctx).Run()
+		require.NoError(t, err)
+
+		acl, err := workspaceOwnerClient.WorkspaceACL(inv.Context(), workspace.ID)
+		require.NoError(t, err)
+
+		removedGroup1 := true
+		removedGroup2 := true
+		for _, group := range acl.Groups {
+			if group.ID == group1.ID {
+				removedGroup1 = false
+				continue
+			}
+
+			if group.ID == group2.ID {
+				removedGroup2 = false
+				continue
+			}
+		}
+		assert.True(t, removedGroup1)
+		assert.True(t, removedGroup2)
+	})
+}
+
 func createGroupWithMembers(ctx context.Context, client *codersdk.Client, orgID uuid.UUID, name string, memberIDs []uuid.UUID) (codersdk.Group, error) {
 	group, err := client.CreateGroup(ctx, orgID, codersdk.CreateGroupRequest{
 		Name:        name,
