feat: add workspace sharing page #19107
Conversation
| return w.WorkspaceTable(), nil | ||
| } | ||
|
|
||
| return fetchAndExec(q.log, q.auth, policy.ActionCreate, fetch, q.db.UpdateWorkspaceACLByID)(ctx, arg) |
There was a problem hiding this comment.
We can add a new verb to account for this, and not overload create.
| // This could get slow if we get a ton of group perm updates. | ||
| _, err = db.GetGroupByID(ctx, id) | ||
| if err != nil { | ||
| validErrs = append(validErrs, codersdk.ValidationError{Field: field, Detail: fmt.Sprintf("Failed to find resource with ID %q: %v", idStr, err.Error())}) | ||
| continue | ||
| } |
There was a problem hiding this comment.
Can use GetGroups to batch the request of all ids at once.
db.GetGroups(ctx, database.GetGroupsParams{
GroupIds: []uuid.UUID{...},
})| validErrs := validateWorkspaceACLPerms(ctx, api.Database, req.UserRoles, "user_roles") | ||
| validErrs = append(validErrs, validateWorkspaceACLPerms( | ||
| ctx, | ||
| api.Database, | ||
| req.GroupRoles, | ||
| "group_roles", | ||
| )...) |
There was a problem hiding this comment.
Might want user_roles and group_roles to be a constant if we are using them as args 🤔
There was a problem hiding this comment.
we could even use reflect to actually read the struct tags
| func validateWorkspaceACLPerms(ctx context.Context, db database.Store, perms map[string]codersdk.WorkspaceRole, field string) []codersdk.ValidationError { | ||
| // nolint:gocritic // Validate requires full read access to users and groups | ||
| ctx = dbauthz.AsSystemRestricted(ctx) | ||
| var validErrs []codersdk.ValidationError | ||
| for idStr, role := range perms { | ||
| if err := validateWorkspaceRole(role); err != nil { | ||
| validErrs = append(validErrs, codersdk.ValidationError{Field: field, Detail: err.Error()}) | ||
| continue | ||
| } | ||
|
|
||
| id, err := uuid.Parse(idStr) | ||
| if err != nil { | ||
| validErrs = append(validErrs, codersdk.ValidationError{Field: field, Detail: idStr + "is not a valid UUID."}) | ||
| continue | ||
| } | ||
|
|
||
| switch field { | ||
| case "user_roles": | ||
| // TODO(lilac): put this back after Kirby button shenanigans are over | ||
| // This could get slow if we get a ton of user perm updates. | ||
| // _, err = db.GetUserByID(ctx, id) | ||
| // if err != nil { | ||
| // validErrs = append(validErrs, codersdk.ValidationError{Field: field, Detail: fmt.Sprintf("Failed to find resource with ID %q: %v", idStr, err.Error())}) | ||
| // continue | ||
| // } | ||
| case "group_roles": | ||
| // This could get slow if we get a ton of group perm updates. | ||
| _, err = db.GetGroupByID(ctx, id) | ||
| if err != nil { | ||
| validErrs = append(validErrs, codersdk.ValidationError{Field: field, Detail: fmt.Sprintf("Failed to find resource with ID %q: %v", idStr, err.Error())}) | ||
| continue | ||
| } | ||
| default: | ||
| validErrs = append(validErrs, codersdk.ValidationError{Field: field, Detail: "invalid field"}) | ||
| } | ||
| } | ||
|
|
||
| return validErrs | ||
| } |
There was a problem hiding this comment.
Let's merge this with the template ACL one. Pass in the func like validateWorkspaceRole and validateTemplateRole.
|
Adding my stamp of responsibility here. This is purely for a demo and some if not all of these changes will be reverted soon. This PR will not be released. |
|
This PR is going to be reverted after a demo on dev.coder.com. It is being demonstrated in a product demo to introduce Workspace Sharing among another set of demos on the same deployment. The feature is gated on an experiment flag, so has no effect in any existing deployment. None of this code is reachable without the unsafe experiment specifically opted into. |
...with a "Share with Kirby" button!
That was in the RFC right?