fix(coderd/rbac): allow user admin all perms on ResourceUserData (#10556)

johnstcn · web-flow · commit 4208c30d32c2 · 2023-11-07T08:54:12.000Z
diff --git a/coderd/rbac/roles.go b/coderd/rbac/roles.go
@@ -206,6 +206,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
 		Site: Permissions(map[string][]Action{
 			ResourceRoleAssignment.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
 			ResourceUser.Type:           {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+			ResourceUserData.Type:       {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
 			// Full perms to manage org members
 			ResourceOrganizationMember.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
 			ResourceGroup.Type:              {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
diff --git a/coderd/rbac/roles_test.go b/coderd/rbac/roles_test.go
@@ -274,8 +274,8 @@ func TestRolePermissions(t *testing.T) {
 			Actions:  []rbac.Action{rbac.ActionCreate, rbac.ActionRead, rbac.ActionUpdate, rbac.ActionDelete},
 			Resource: rbac.ResourceUserData.WithID(currentUser).WithOwner(currentUser.String()),
 			AuthorizeMap: map[bool][]authSubject{
-				true:  {owner, orgMemberMe, memberMe},
-				false: {orgAdmin, otherOrgAdmin, otherOrgMember, templateAdmin, userAdmin},
+				true:  {owner, orgMemberMe, memberMe, userAdmin},
+				false: {orgAdmin, otherOrgAdmin, otherOrgMember, templateAdmin},
 			},
 		},
 		{
