coder
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 26 additions & 0 deletions b/‎coderd/apidoc/docs.go
Lines changed: 26 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 26 additions & 0 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 26 additions & 0 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 3 additions & 2 deletions b/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 3 additions & 2 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz_test.go
Lines changed: 2 additions & 2 deletions b/‎coderd/database/dbauthz/dbauthz_test.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎coderd/database/dbmem/dbmem.go
Lines changed: 14 additions & 6 deletions b/‎coderd/database/dbmem/dbmem.go
Lines changed: 14 additions & 6 deletions
diff --git a/‎coderd/database/dbmetrics/dbmetrics.go
Lines changed: 3 additions & 3 deletions b/‎coderd/database/dbmetrics/dbmetrics.go
Lines changed: 3 additions & 3 deletions
diff --git a/‎coderd/database/dbmock/dbmock.go
Lines changed: 6 additions & 6 deletions b/‎coderd/database/dbmock/dbmock.go
Lines changed: 6 additions & 6 deletions
diff --git a/‎coderd/database/dump.sql
Lines changed: 4 additions & 1 deletion b/‎coderd/database/dump.sql
Lines changed: 4 additions & 1 deletion
diff --git a/‎coderd/database/migrations/000212_custom_role_orgs.down.sql
Lines changed: 3 additions & 0 deletions b/‎coderd/database/migrations/000212_custom_role_orgs.down.sql
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/database/migrations/000212_custom_role_orgs.up.sql
Lines changed: 5 additions & 0 deletions b/‎coderd/database/migrations/000212_custom_role_orgs.up.sql
Lines changed: 5 additions & 0 deletions
@@ -835,11 +835,12 @@ func (q *querier) CleanTailnetTunnels(ctx context.Context) error {
 	return q.db.CleanTailnetTunnels(ctx)
 }
 
-func (q *querier) CustomRolesByName(ctx context.Context, lookupRoles []string) ([]database.CustomRole, error) {
+// TODO: Handle org scoped lookups
+func (q *querier) CustomRoles(ctx context.Context, arg database.CustomRolesParams) ([]database.CustomRole, error) {
 	if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceAssignRole); err != nil {
 		return nil, err
 	}
-	return q.db.CustomRolesByName(ctx, lookupRoles)
+	return q.db.CustomRoles(ctx, arg)
 }
 
 func (q *querier) DeleteAPIKeyByID(ctx context.Context, id string) error {
 
@@ -1177,8 +1177,8 @@ func (s *MethodTestSuite) TestUser() {
 		b := dbgen.User(s.T(), db, database.User{})
 		check.Args().Asserts(rbac.ResourceSystem, policy.ActionRead).Returns(slice.New(a.ID, b.ID))
 	}))
-	s.Run("CustomRolesByName", s.Subtest(func(db database.Store, check *expects) {
-		check.Args([]string{}).Asserts(rbac.ResourceAssignRole, policy.ActionRead).Returns([]database.CustomRole{})
+	s.Run("CustomRoles", s.Subtest(func(db database.Store, check *expects) {
+		check.Args(database.CustomRolesParams{}).Asserts(rbac.ResourceAssignRole, policy.ActionRead).Returns([]database.CustomRole{})
 	}))
 	s.Run("Blank/UpsertCustomRole", s.Subtest(func(db database.Store, check *expects) {
 		// Blank is no perms in the role
 
@@ -1175,18 +1175,26 @@ func (*FakeQuerier) CleanTailnetTunnels(context.Context) error {
 	return ErrUnimplemented
 }
 
-func (q *FakeQuerier) CustomRolesByName(_ context.Context, lookupRoles []string) ([]database.CustomRole, error) {
+func (q *FakeQuerier) CustomRoles(_ context.Context, arg database.CustomRolesParams) ([]database.CustomRole, error) {
 	q.mutex.Lock()
 	defer q.mutex.Unlock()
 
 	found := make([]database.CustomRole, 0)
 	for _, role := range q.data.customRoles {
-		if slices.ContainsFunc(lookupRoles, func(s string) bool {
-			return strings.EqualFold(s, role.Name)
-		}) {
-			role := role
-			found = append(found, role)
+		role := role
+		if len(arg.LookupRoles) > 0 {
+			if !slices.ContainsFunc(arg.LookupRoles, func(s string) bool {
+				return strings.EqualFold(s, role.Name)
+			}) {
+				continue
+			}
 		}
+
+		if arg.ExcludeOrgRoles && role.OrganizationID.Valid {
+			continue
+		}
+
+		found = append(found, role)
 	}
 
 	return found, nil
 
@@ -0,0 +1,3 @@
+ALTER TABLE custom_roles
+	-- This column is nullable, meaning no organization scope
+	DROP COLUMN organization_id;
@@ -0,0 +1,5 @@
+ALTER TABLE custom_roles
+	-- This column is nullable, meaning no organization scope
+	ADD COLUMN organization_id uuid;
+
+COMMENT ON COLUMN custom_roles.organization_id IS 'Roles can optionally be scoped to an organization'
Original file line number	Diff line number	Diff line change
`@@ -835,11 +835,12 @@ func (q *querier) CleanTailnetTunnels(ctx context.Context) error {`
`835`	`835`	`return q.db.CleanTailnetTunnels(ctx)`
`836`	`836`	`}`
`837`	`837`
`838`		`-func (q *querier) CustomRolesByName(ctx context.Context, lookupRoles []string) ([]database.CustomRole, error) {`
	`838`	`+// TODO: Handle org scoped lookups`
	`839`	`+func (q *querier) CustomRoles(ctx context.Context, arg database.CustomRolesParams) ([]database.CustomRole, error) {`
`839`	`840`	`if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceAssignRole); err != nil {`
`840`	`841`	`return nil, err`
`841`	`842`	`}`
`842`		`- return q.db.CustomRolesByName(ctx, lookupRoles)`
	`843`	`+ return q.db.CustomRoles(ctx, arg)`
`843`	`844`	`}`
`844`	`845`
`845`	`846`	`func (q *querier) DeleteAPIKeyByID(ctx context.Context, id string) error {`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+ALTER TABLE custom_roles`
	`2`	`+ -- This column is nullable, meaning no organization scope`
	`3`	`+ DROP COLUMN organization_id;`