diff --git a/cli/testdata/coder_users_--help.golden b/cli/testdata/coder_users_--help.golden index 338fea4febc86..585588cbc6e18 100644 --- a/cli/testdata/coder_users_--help.golden +++ b/cli/testdata/coder_users_--help.golden @@ -8,15 +8,16 @@ USAGE: Aliases: user SUBCOMMANDS: - activate Update a user's status to 'active'. Active users can fully - interact with the platform - create - delete Delete a user by username or user_id. - list - show Show a single user. Use 'me' to indicate the currently - authenticated user. - suspend Update a user's status to 'suspended'. A suspended user cannot - log into the platform + activate Update a user's status to 'active'. Active users can fully + interact with the platform + create + delete Delete a user by username or user_id. + edit-roles Edit a user's roles by username or id + list + show Show a single user. Use 'me' to indicate the currently + authenticated user. + suspend Update a user's status to 'suspended'. A suspended user cannot + log into the platform ——— Run `coder --help` for a list of global options. diff --git a/cli/testdata/coder_users_edit-roles_--help.golden b/cli/testdata/coder_users_edit-roles_--help.golden new file mode 100644 index 0000000000000..02dd9155b4d4e --- /dev/null +++ b/cli/testdata/coder_users_edit-roles_--help.golden @@ -0,0 +1,18 @@ +coder v0.0.0-devel + +USAGE: + coder users edit-roles [flags] + + Edit a user's roles by username or id + +OPTIONS: + --roles string-array + A list of roles to give to the user. This removes any existing roles + the user may have. The available roles are: auditor, member, owner, + template-admin, user-admin. + + -y, --yes bool + Bypass prompts. + +——— +Run `coder --help` for a list of global options. diff --git a/cli/usereditroles.go b/cli/usereditroles.go new file mode 100644 index 0000000000000..815d8f47dc186 --- /dev/null +++ b/cli/usereditroles.go @@ -0,0 +1,90 @@ +package cli + +import ( + "fmt" + "slices" + "sort" + "strings" + + "golang.org/x/xerrors" + + "github.com/coder/coder/v2/cli/cliui" + "github.com/coder/coder/v2/coderd/rbac" + "github.com/coder/coder/v2/codersdk" + "github.com/coder/serpent" +) + +func (r *RootCmd) userEditRoles() *serpent.Command { + client := new(codersdk.Client) + + roles := rbac.SiteRoles() + + siteRoles := make([]string, 0) + for _, role := range roles { + siteRoles = append(siteRoles, role.Identifier.Name) + } + sort.Strings(siteRoles) + + var givenRoles []string + + cmd := &serpent.Command{ + Use: "edit-roles ", + Short: "Edit a user's roles by username or id", + Options: []serpent.Option{ + cliui.SkipPromptOption(), + { + Name: "roles", + Description: fmt.Sprintf("A list of roles to give to the user. This removes any existing roles the user may have. The available roles are: %s.", strings.Join(siteRoles, ", ")), + Flag: "roles", + Value: serpent.StringArrayOf(&givenRoles), + }, + }, + Middleware: serpent.Chain(serpent.RequireNArgs(1), r.InitClient(client)), + Handler: func(inv *serpent.Invocation) error { + ctx := inv.Context() + + user, err := client.User(ctx, inv.Args[0]) + if err != nil { + return xerrors.Errorf("fetch user: %w", err) + } + + userRoles, err := client.UserRoles(ctx, user.Username) + if err != nil { + return xerrors.Errorf("fetch user roles: %w", err) + } + + var selectedRoles []string + if len(givenRoles) > 0 { + // Make sure all of the given roles are valid site roles + for _, givenRole := range givenRoles { + if !slices.Contains(siteRoles, givenRole) { + siteRolesPretty := strings.Join(siteRoles, ", ") + return xerrors.Errorf("The role %s is not valid. Please use one or more of the following roles: %s\n", givenRole, siteRolesPretty) + } + } + + selectedRoles = givenRoles + } else { + selectedRoles, err = cliui.MultiSelect(inv, cliui.MultiSelectOptions{ + Message: "Select the roles you'd like to assign to the user", + Options: siteRoles, + Defaults: userRoles.Roles, + }) + if err != nil { + return xerrors.Errorf("selecting roles for user: %w", err) + } + } + + _, err = client.UpdateUserRoles(ctx, user.Username, codersdk.UpdateRoles{ + Roles: selectedRoles, + }) + if err != nil { + return xerrors.Errorf("update user roles: %w", err) + } + + return nil + }, + } + + return cmd +} diff --git a/cli/usereditroles_test.go b/cli/usereditroles_test.go new file mode 100644 index 0000000000000..bd12092501808 --- /dev/null +++ b/cli/usereditroles_test.go @@ -0,0 +1,62 @@ +package cli_test + +import ( + "fmt" + "strings" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/coder/coder/v2/cli/clitest" + "github.com/coder/coder/v2/coderd/coderdtest" + "github.com/coder/coder/v2/coderd/rbac" + "github.com/coder/coder/v2/testutil" +) + +var roles = []string{"auditor", "user-admin"} + +func TestUserEditRoles(t *testing.T) { + t.Parallel() + + t.Run("UpdateUserRoles", func(t *testing.T) { + t.Parallel() + + client := coderdtest.New(t, nil) + owner := coderdtest.CreateFirstUser(t, client) + userAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleOwner()) + _, member := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleMember()) + + inv, root := clitest.New(t, "users", "edit-roles", member.Username, fmt.Sprintf("--roles=%s", strings.Join(roles, ","))) + clitest.SetupConfig(t, userAdmin, root) + + // Create context with timeout + ctx := testutil.Context(t, testutil.WaitShort) + + err := inv.WithContext(ctx).Run() + require.NoError(t, err) + + memberRoles, err := client.UserRoles(ctx, member.Username) + require.NoError(t, err) + + require.ElementsMatch(t, memberRoles.Roles, roles) + }) + + t.Run("UserNotFound", func(t *testing.T) { + t.Parallel() + + client := coderdtest.New(t, nil) + owner := coderdtest.CreateFirstUser(t, client) + userAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleUserAdmin()) + + // Setup command with non-existent user + inv, root := clitest.New(t, "users", "edit-roles", "nonexistentuser") + clitest.SetupConfig(t, userAdmin, root) + + // Create context with timeout + ctx := testutil.Context(t, testutil.WaitShort) + + err := inv.WithContext(ctx).Run() + require.Error(t, err) + require.Contains(t, err.Error(), "fetch user") + }) +} diff --git a/cli/users.go b/cli/users.go index 3e6173880c0a3..fa15fcddad0ee 100644 --- a/cli/users.go +++ b/cli/users.go @@ -18,6 +18,7 @@ func (r *RootCmd) users() *serpent.Command { r.userList(), r.userSingle(), r.userDelete(), + r.userEditRoles(), r.createUserStatusCommand(codersdk.UserStatusActive), r.createUserStatusCommand(codersdk.UserStatusSuspended), }, diff --git a/docs/manifest.json b/docs/manifest.json index c3858dfd486ea..ea1d19561593f 100644 --- a/docs/manifest.json +++ b/docs/manifest.json @@ -1605,6 +1605,11 @@ "description": "Delete a user by username or user_id.", "path": "reference/cli/users_delete.md" }, + { + "title": "users edit-roles", + "description": "Edit a user's roles by username or id", + "path": "reference/cli/users_edit-roles.md" + }, { "title": "users list", "path": "reference/cli/users_list.md" diff --git a/docs/reference/cli/users.md b/docs/reference/cli/users.md index 174e08fe9f3a0..d942699d6ee31 100644 --- a/docs/reference/cli/users.md +++ b/docs/reference/cli/users.md @@ -15,11 +15,12 @@ coder users [subcommand] ## Subcommands -| Name | Purpose | -|----------------------------------------------|---------------------------------------------------------------------------------------| -| [create](./users_create.md) | | -| [list](./users_list.md) | | -| [show](./users_show.md) | Show a single user. Use 'me' to indicate the currently authenticated user. | -| [delete](./users_delete.md) | Delete a user by username or user_id. | -| [activate](./users_activate.md) | Update a user's status to 'active'. Active users can fully interact with the platform | -| [suspend](./users_suspend.md) | Update a user's status to 'suspended'. A suspended user cannot log into the platform | +| Name | Purpose | +|--------------------------------------------------|---------------------------------------------------------------------------------------| +| [create](./users_create.md) | | +| [list](./users_list.md) | | +| [show](./users_show.md) | Show a single user. Use 'me' to indicate the currently authenticated user. | +| [delete](./users_delete.md) | Delete a user by username or user_id. | +| [edit-roles](./users_edit-roles.md) | Edit a user's roles by username or id | +| [activate](./users_activate.md) | Update a user's status to 'active'. Active users can fully interact with the platform | +| [suspend](./users_suspend.md) | Update a user's status to 'suspended'. A suspended user cannot log into the platform | diff --git a/docs/reference/cli/users_edit-roles.md b/docs/reference/cli/users_edit-roles.md new file mode 100644 index 0000000000000..23e0baa42afff --- /dev/null +++ b/docs/reference/cli/users_edit-roles.md @@ -0,0 +1,28 @@ + +# users edit-roles + +Edit a user's roles by username or id + +## Usage + +```console +coder users edit-roles [flags] +``` + +## Options + +### -y, --yes + +| | | +|------|-------------------| +| Type | bool | + +Bypass prompts. + +### --roles + +| | | +|------|---------------------------| +| Type | string-array | + +A list of roles to give to the user. This removes any existing roles the user may have. The available roles are: auditor, member, owner, template-admin, user-admin. pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy