Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 219e681

Browse files
committed
add the RBAC ResourceGroupMember and add it to relevant roles
1 parent 6ad4166 commit 219e681

File tree

6 files changed

+29
-4
lines changed

6 files changed

+29
-4
lines changed

coderd/rbac/object_gen.go

Lines changed: 8 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/rbac/policy/policy.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,11 @@ var RBACPermissions = map[string]PermissionDefinition{
149149
ActionUpdate: actDef("update a group"),
150150
},
151151
},
152+
"group_member": {
153+
Actions: map[Action]ActionDefinition{
154+
ActionRead: actDef("read group members"),
155+
},
156+
},
152157
"file": {
153158
Actions: map[Action]ActionDefinition{
154159
ActionCreate: actDef("create a file"),

coderd/rbac/roles.go

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -301,10 +301,11 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
301301
Site: Permissions(map[string][]policy.Action{
302302
// Should be able to read all template details, even in orgs they
303303
// are not in.
304-
ResourceTemplate.Type: {policy.ActionRead, policy.ActionViewInsights},
305-
ResourceAuditLog.Type: {policy.ActionRead},
306-
ResourceUser.Type: {policy.ActionRead},
307-
ResourceGroup.Type: {policy.ActionRead},
304+
ResourceTemplate.Type: {policy.ActionRead, policy.ActionViewInsights},
305+
ResourceAuditLog.Type: {policy.ActionRead},
306+
ResourceUser.Type: {policy.ActionRead},
307+
ResourceGroup.Type: {policy.ActionRead},
308+
ResourceGroupMember.Type: {policy.ActionRead},
308309
// Allow auditors to query deployment stats and insights.
309310
ResourceDeploymentStats.Type: {policy.ActionRead},
310311
ResourceDeploymentConfig.Type: {policy.ActionRead},
@@ -329,6 +330,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
329330
ResourceOrganization.Type: {policy.ActionRead},
330331
ResourceUser.Type: {policy.ActionRead},
331332
ResourceGroup.Type: {policy.ActionRead},
333+
ResourceGroupMember.Type: {policy.ActionRead},
332334
// Org roles are not really used yet, so grant the perm at the site level.
333335
ResourceOrganizationMember.Type: {policy.ActionRead},
334336
}),
@@ -351,6 +353,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
351353
// Full perms to manage org members
352354
ResourceOrganizationMember.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete},
353355
ResourceGroup.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete},
356+
ResourceGroupMember.Type: {policy.ActionRead},
354357
}),
355358
Org: map[string][]Permission{},
356359
User: []Permission{},
@@ -461,6 +464,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
461464
ResourceAssignOrgRole.Type: {policy.ActionAssign, policy.ActionDelete, policy.ActionRead},
462465
ResourceOrganizationMember.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete},
463466
ResourceGroup.Type: ResourceGroup.AvailableActions(),
467+
ResourceGroupMember.Type: ResourceGroupMember.AvailableActions(),
464468
}),
465469
},
466470
User: []Permission{},
@@ -480,6 +484,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
480484
// Assigning template perms requires this permission.
481485
ResourceOrganizationMember.Type: {policy.ActionRead},
482486
ResourceGroup.Type: {policy.ActionRead},
487+
ResourceGroupMember.Type: {policy.ActionRead},
483488
}),
484489
},
485490
User: []Permission{},

codersdk/rbacresources_gen.go

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

site/src/api/rbacresources_gen.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,9 @@ export const RBACResourceActions: Partial<
5050
read: "read groups",
5151
update: "update a group",
5252
},
53+
group_member: {
54+
read: "read group members",
55+
},
5356
license: {
5457
create: "create a license",
5558
delete: "delete license",

site/src/api/typesGenerated.ts

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)