add RBACObject acl attributes

Emyrk · Emyrk · commit 24e4f430b21f · 2025-07-31T09:48:26.000-05:00
diff --git a/coderd/database/modelmethods.go b/coderd/database/modelmethods.go
@@ -276,7 +276,9 @@ func (w WorkspaceTable) RBACObject() rbac.Object {
 
 	return rbac.ResourceWorkspace.WithID(w.ID).
 		InOrg(w.OrganizationID).
-		WithOwner(w.OwnerID.String())
+		WithOwner(w.OwnerID.String()).
+		WithGroupACL(w.GroupACL.RBACACL()).
+		WithACLUserList(w.UserACL.RBACACL())
 }
 
 func (w WorkspaceTable) DormantRBAC() rbac.Object {
diff --git a/coderd/database/types.go b/coderd/database/types.go
@@ -91,6 +91,16 @@ func (t *WorkspaceACL) Scan(src interface{}) error {
 	return xerrors.Errorf("unexpected type %T", src)
 }
 
+func (w WorkspaceACL) RBACACL() map[string][]policy.Action {
+	// Convert WorkspaceACL to a map of string to []policy.Action.
+	// This is used for RBAC checks.
+	rbacACL := make(map[string][]policy.Action, len(w))
+	for id, entry := range w {
+		rbacACL[id] = entry.Permissions
+	}
+	return rbacACL
+}
+
 func (t WorkspaceACL) Value() (driver.Value, error) {
 	return json.Marshal(t)
 }

Original file line number	Diff line number	Diff line change
`@@ -276,7 +276,9 @@ func (w WorkspaceTable) RBACObject() rbac.Object {`
`276`	`276`
`277`	`277`	`return rbac.ResourceWorkspace.WithID(w.ID).`
`278`	`278`	`InOrg(w.OrganizationID).`
`279`		`- WithOwner(w.OwnerID.String())`
	`279`	`+ WithOwner(w.OwnerID.String()).`
	`280`	`+ WithGroupACL(w.GroupACL.RBACACL()).`
	`281`	`+ WithACLUserList(w.UserACL.RBACACL())`
`280`	`282`	`}`
`281`	`283`
`282`	`284`	`func (w WorkspaceTable) DormantRBAC() rbac.Object {`