mirror of https://github.com/coder/coder.git
fix: No org admins until organizations are in the UI (#5414)
* fix: No org admins until organizations are in the UI Until organizations have management UI, we should not set any org admins. This goes around the site wide perms transparently and is confusing to users. Default user is no longer an org admin, so the demotion test makes no sense
This commit is contained in:
parent
012a9e759e
commit
27386d49d0
|
@ -0,0 +1,6 @@
|
|||
UPDATE
|
||||
organization_members
|
||||
SET
|
||||
roles = ARRAY [] :: text[]
|
||||
WHERE
|
||||
'organization-admin:'||organization_id = ANY(roles);
|
|
@ -76,7 +76,11 @@ func (api *API) postOrganizations(rw http.ResponseWriter, r *http.Request) {
|
|||
CreatedAt: database.Now(),
|
||||
UpdatedAt: database.Now(),
|
||||
Roles: []string{
|
||||
rbac.RoleOrgAdmin(organization.ID),
|
||||
// TODO: When organizations are allowed to be created, we should
|
||||
// come back to determining the default role of the person who
|
||||
// creates the org. Until that happens, all users in an organization
|
||||
// should be just regular members.
|
||||
rbac.RoleOrgMember(organization.ID),
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
|
|
|
@ -1071,7 +1071,11 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create
|
|||
return xerrors.Errorf("create organization: %w", err)
|
||||
}
|
||||
req.OrganizationID = organization.ID
|
||||
orgRoles = append(orgRoles, rbac.RoleOrgAdmin(req.OrganizationID))
|
||||
// TODO: When organizations are allowed to be created, we should
|
||||
// come back to determining the default role of the person who
|
||||
// creates the org. Until that happens, all users in an organization
|
||||
// should be just regular members.
|
||||
orgRoles = append(orgRoles, rbac.RoleOrgMember(req.OrganizationID))
|
||||
|
||||
_, err = tx.InsertAllUsersGroup(ctx, organization.ID)
|
||||
if err != nil {
|
||||
|
|
|
@ -817,15 +817,6 @@ func TestGrantSiteRoles(t *testing.T) {
|
|||
Error: true,
|
||||
StatusCode: http.StatusForbidden,
|
||||
},
|
||||
{
|
||||
Name: "MemberAssignMember",
|
||||
Client: member,
|
||||
OrgID: first.OrganizationID,
|
||||
AssignToUser: first.UserID.String(),
|
||||
Roles: []string{},
|
||||
Error: true,
|
||||
StatusCode: http.StatusForbidden,
|
||||
},
|
||||
{
|
||||
Name: "AdminUpdateOrgSelf",
|
||||
Client: admin,
|
||||
|
@ -921,7 +912,7 @@ func TestInitialRoles(t *testing.T) {
|
|||
}, "should be a member and admin")
|
||||
|
||||
require.ElementsMatch(t, roles.OrganizationRoles[first.OrganizationID], []string{
|
||||
rbac.RoleOrgAdmin(first.OrganizationID),
|
||||
rbac.RoleOrgMember(first.OrganizationID),
|
||||
}, "should be a member and admin")
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue