You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"description": "AuthorizationCheck is used to check if the currently authenticated user (or the specified user) can do a given action to a given set of objects.",
735
+
"type": "object",
736
+
"properties": {
737
+
"action": {
738
+
"type": "string",
739
+
"enum": [
740
+
"create",
741
+
"read",
742
+
"update",
743
+
"delete"
744
+
]
745
+
},
746
+
"object": {
747
+
"description": "Object can represent a \"set\" of objects, such as:\n\t- All workspaces in an organization\n\t- All workspaces owned by me\n\t- All workspaces across the entire product\nWhen defining an object, use the most specific language when possible to\nproduce the smallest set. Meaning to set as many fields on 'Object' as\nyou can. Example, if you want to check if you can update all workspaces\nowned by 'me', try to also add an 'OrganizationID' to the settings.\nOmitting the 'OrganizationID' could produce the incorrect value, as\nworkspaces have both `+"`"+`user`+"`"+` and `+"`"+`organization`+"`"+` owners.",
"description": "AuthorizationObject can represent a \"set\" of objects, such as: all workspaces in an organization, all workspaces owned by me, all workspaces across the entire product.",
754
+
"type": "object",
755
+
"properties": {
756
+
"organization_id": {
757
+
"description": "OrganizationID (optional) adds the set constraint to all resources owned by a given organization.",
758
+
"type": "string"
759
+
},
760
+
"owner_id": {
761
+
"description": "OwnerID (optional) adds the set constraint to all resources owned by a given user.",
762
+
"type": "string"
763
+
},
764
+
"resource_id": {
765
+
"description": "ResourceID (optional) reduces the set to a singular resource. This assigns\na resource ID to the resource type, eg: a single workspace.\nThe rbac library will not fetch the resource from the database, so if you\nare using this option, you should also set the `+"`"+`OwnerID`+"`"+` and `+"`"+`OrganizationID`+"`"+`\nif possible. Be as specific as possible using all the fields relevant.",
766
+
"type": "string"
767
+
},
768
+
"resource_type": {
769
+
"description": "ResourceType is the name of the resource.\n`+"`"+`./coderd/rbac/object.go`+"`"+` has the list of valid resource types.",
770
+
"type": "string"
771
+
}
772
+
}
773
+
},
774
+
"codersdk.AuthorizationRequest": {
775
+
"type": "object",
776
+
"properties": {
777
+
"checks": {
778
+
"description": "Checks is a map keyed with an arbitrary string to a permission check.\nThe key can be any string that is helpful to the caller, and allows\nmultiple permission checks to be run in a single request.\nThe key ensures that each permission check has the same key in the\nresponse.",
0 commit comments