@@ -4102,3 +4102,99 @@ func TestUpdateWorkspaceACL(t *testing.T) {
41024102 require .Equal (t , cerr .Validations [1 ].Field , "user_roles" )
41034103 })
41044104}
4105+
4106+ func TestDeleteWorkspaceACL (t * testing.T ) {
4107+ t .Parallel ()
4108+
4109+ dv := coderdtest .DeploymentValues (t )
4110+ dv .Experiments = []string {string (codersdk .ExperimentWorkspaceSharing )}
4111+
4112+ t .Run ("WorkspaceOwnerCanDelete_Groups" , func (t * testing.T ) {
4113+ t .Parallel ()
4114+
4115+ var (
4116+ client , db , admin = coderdenttest .NewWithDatabase (t , & coderdenttest.Options {
4117+ Options : & coderdtest.Options {
4118+ DeploymentValues : dv ,
4119+ },
4120+ LicenseOptions : & coderdenttest.LicenseOptions {
4121+ Features : license.Features {
4122+ codersdk .FeatureTemplateRBAC : 1 ,
4123+ },
4124+ },
4125+ })
4126+ workspaceOwnerClient , workspaceOwner = coderdtest .CreateAnotherUser (t , client , admin .OrganizationID , rbac .ScopedRoleOrgAuditor (admin .OrganizationID ))
4127+ workspace = dbfake .WorkspaceBuild (t , db , database.WorkspaceTable {
4128+ OwnerID : workspaceOwner .ID ,
4129+ OrganizationID : admin .OrganizationID ,
4130+ }).Do ().Workspace
4131+ )
4132+
4133+ ctx := testutil .Context (t , testutil .WaitMedium )
4134+
4135+ group , err := client .CreateGroup (ctx , admin .OrganizationID , codersdk.CreateGroupRequest {
4136+ Name : "wibble" ,
4137+ })
4138+ require .NoError (t , err )
4139+ err = workspaceOwnerClient .UpdateWorkspaceACL (ctx , workspace .ID , codersdk.UpdateWorkspaceACL {
4140+ GroupRoles : map [string ]codersdk.WorkspaceRole {
4141+ group .ID .String (): codersdk .WorkspaceRoleUse ,
4142+ },
4143+ })
4144+ require .NoError (t , err )
4145+
4146+ err = workspaceOwnerClient .DeleteWorkspaceACL (ctx , workspace .ID )
4147+ require .NoError (t , err )
4148+
4149+ acl , err := workspaceOwnerClient .WorkspaceACL (ctx , workspace .ID )
4150+ require .NoError (t , err )
4151+ require .Empty (t , acl .Groups )
4152+ })
4153+
4154+ t .Run ("SharedGroupUsersCannotDelete" , func (t * testing.T ) {
4155+ t .Parallel ()
4156+
4157+ var (
4158+ client , db , admin = coderdenttest .NewWithDatabase (t , & coderdenttest.Options {
4159+ Options : & coderdtest.Options {
4160+ DeploymentValues : dv ,
4161+ },
4162+ LicenseOptions : & coderdenttest.LicenseOptions {
4163+ Features : license.Features {
4164+ codersdk .FeatureTemplateRBAC : 1 ,
4165+ },
4166+ },
4167+ })
4168+ workspaceOwnerClient , workspaceOwner = coderdtest .CreateAnotherUser (t , client , admin .OrganizationID , rbac .ScopedRoleOrgAuditor (admin .OrganizationID ))
4169+ workspace = dbfake .WorkspaceBuild (t , db , database.WorkspaceTable {
4170+ OwnerID : workspaceOwner .ID ,
4171+ OrganizationID : admin .OrganizationID ,
4172+ }).Do ().Workspace
4173+ sharedClient , toShareWithUser = coderdtest .CreateAnotherUser (t , client , admin .OrganizationID )
4174+ )
4175+
4176+ ctx := testutil .Context (t , testutil .WaitMedium )
4177+
4178+ group , err := client .CreateGroup (ctx , admin .OrganizationID , codersdk.CreateGroupRequest {
4179+ Name : "wibble" ,
4180+ })
4181+ require .NoError (t , err )
4182+ group , err = client .PatchGroup (ctx , group .ID , codersdk.PatchGroupRequest {
4183+ AddUsers : []string {toShareWithUser .ID .String ()},
4184+ })
4185+ require .NoError (t , err )
4186+ err = workspaceOwnerClient .UpdateWorkspaceACL (ctx , workspace .ID , codersdk.UpdateWorkspaceACL {
4187+ GroupRoles : map [string ]codersdk.WorkspaceRole {
4188+ group .ID .String (): codersdk .WorkspaceRoleUse ,
4189+ },
4190+ })
4191+ require .NoError (t , err )
4192+
4193+ err = sharedClient .DeleteWorkspaceACL (ctx , workspace .ID )
4194+ require .Error (t , err )
4195+
4196+ acl , err := workspaceOwnerClient .WorkspaceACL (ctx , workspace .ID )
4197+ require .NoError (t , err )
4198+ require .Equal (t , acl .Groups [0 ].ID , group .ID )
4199+ })
4200+ }
0 commit comments