Skip to content

Commit 21af86e

Browse files
EmyrkEmyrk
authored
feat: Allow users to make files (#4423)
1 parent 510287b commit 21af86e

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

coderd/files.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ func (api *API) postFile(rw http.ResponseWriter, r *http.Request) {
2323
apiKey := httpmw.APIKey(r)
2424
// This requires the site wide action to create files.
2525
// Once created, a user can read their own files uploaded
26-
if !api.Authorize(r, rbac.ActionCreate, rbac.ResourceFile) {
26+
if !api.Authorize(r, rbac.ActionCreate, rbac.ResourceFile.WithOwner(apiKey.UserID.String())) {
2727
httpapi.Forbidden(rw)
2828
return
2929
}

coderd/rbac/builtin_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -250,7 +250,7 @@ func TestRolePermissions(t *testing.T) {
250250
},
251251
{
252252
Name: "MyFile",
253-
Actions: []rbac.Action{rbac.ActionRead, rbac.ActionUpdate, rbac.ActionDelete},
253+
Actions: []rbac.Action{rbac.ActionCreate, rbac.ActionRead, rbac.ActionUpdate, rbac.ActionDelete},
254254
Resource: rbac.ResourceFile.WithOwner(currentUser.String()),
255255
AuthorizeMap: map[bool][]authSubject{
256256
true: {owner, memberMe, orgMemberMe, templateAdmin},

0 commit comments

Comments
 (0)