Skip to content

Commit 2438f67

Browse files
committed
Fix test
1 parent 9203a42 commit 2438f67

File tree

2 files changed

+8
-2
lines changed

2 files changed

+8
-2
lines changed

cli/testdata/coder_server_--help.golden

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,12 @@ Start a Coder server
1616
$CACHE_DIRECTORY is set, it will be used for compatibility with
1717
systemd.
1818

19+
--disable-owner-workspace-exec bool, $CODER_DISABLE_OWNER_WORKSPACE_EXEC
20+
Remove the permission for the 'owner' role to have workspace execution
21+
on all workspaces. This prevents the 'owner' from ssh, apps, and
22+
terminal access based on the 'owner' role. They still have their user
23+
permissions to access their own workspaces.
24+
1925
--disable-path-apps bool, $CODER_DISABLE_PATH_APPS
2026
Disable workspace apps that are not served from subdomains. Path-based
2127
apps can make requests to the Coder API and pose a security risk when

coderd/rbac/roles_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -147,8 +147,8 @@ func TestRolePermissions(t *testing.T) {
147147
Actions: []rbac.Action{rbac.ActionCreate, rbac.ActionRead, rbac.ActionUpdate, rbac.ActionDelete},
148148
Resource: rbac.ResourceWorkspaceExecution.WithID(workspaceID).InOrg(orgID).WithOwner(currentUser.String()),
149149
AuthorizeMap: map[bool][]authSubject{
150-
true: {owner, orgAdmin, orgMemberMe},
151-
false: {memberMe, otherOrgAdmin, otherOrgMember, templateAdmin, userAdmin},
150+
true: {owner, orgMemberMe},
151+
false: {orgAdmin, memberMe, otherOrgAdmin, otherOrgMember, templateAdmin, userAdmin},
152152
},
153153
},
154154
{

0 commit comments

Comments
 (0)