Fix using User over UserData

Emyrk · Emyrk · commit 5d32d9d97401 · 2022-05-16T14:26:45.000-05:00
diff --git a/coderd/rbac/object.go b/coderd/rbac/object.go
@@ -69,7 +69,7 @@ var (
 	}
 
 	// ResourceOrganizationMember is a user's membership in an organization.
-	// Has ONLY an organization owner.
+	// Has ONLY an organization owner. The resource ID is the user's ID
 	//	create/delete  = Create/delete member from org.
 	//	update  = Update organization member
 	//	read	= View member
diff --git a/coderd/users.go b/coderd/users.go
@@ -245,7 +245,7 @@ func (api *api) userByName(rw http.ResponseWriter, r *http.Request) {
 func (api *api) putUserProfile(rw http.ResponseWriter, r *http.Request) {
 	user := httpmw.UserParam(r)
 
-	if !api.Authorize(rw, r, rbac.ActionUpdate, rbac.ResourceUserData.WithOwner(user.ID.String())) {
+	if !api.Authorize(rw, r, rbac.ActionUpdate, rbac.ResourceUser.WithOwner(user.ID.String())) {
 		return
 	}
 
@@ -420,7 +420,7 @@ func (api *api) putUserRoles(rw http.ResponseWriter, r *http.Request) {
 	user := httpmw.UserParam(r)
 	roles := httpmw.UserRoles(r)
 
-	if !api.Authorize(rw, r, rbac.ActionUpdate, rbac.ResourceUserData.WithOwner(user.ID.String())) {
+	if !api.Authorize(rw, r, rbac.ActionUpdate, rbac.ResourceUser.WithOwner(user.ID.String())) {
 		return
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ var (`
`69`	`69`	`}`
`70`	`70`
`71`	`71`	`// ResourceOrganizationMember is a user's membership in an organization.`
`72`		`- // Has ONLY an organization owner.`
	`72`	`+ // Has ONLY an organization owner. The resource ID is the user's ID`
`73`	`73`	`// create/delete = Create/delete member from org.`
`74`	`74`	`// update = Update organization member`
`75`	`75`	`// read = View member`
Original file line number	Diff line number	Diff line change
`@@ -245,7 +245,7 @@ func (api api) userByName(rw http.ResponseWriter, r http.Request) {`
`245`	`245`	`func (api api) putUserProfile(rw http.ResponseWriter, r http.Request) {`
`246`	`246`	`user := httpmw.UserParam(r)`
`247`	`247`
`248`		`- if !api.Authorize(rw, r, rbac.ActionUpdate, rbac.ResourceUserData.WithOwner(user.ID.String())) {`
	`248`	`+ if !api.Authorize(rw, r, rbac.ActionUpdate, rbac.ResourceUser.WithOwner(user.ID.String())) {`
`249`	`249`	`return`
`250`	`250`	`}`
`251`	`251`
`@@ -420,7 +420,7 @@ func (api api) putUserRoles(rw http.ResponseWriter, r http.Request) {`
`420`	`420`	`user := httpmw.UserParam(r)`
`421`	`421`	`roles := httpmw.UserRoles(r)`
`422`	`422`
`423`		`- if !api.Authorize(rw, r, rbac.ActionUpdate, rbac.ResourceUserData.WithOwner(user.ID.String())) {`
	`423`	`+ if !api.Authorize(rw, r, rbac.ActionUpdate, rbac.ResourceUser.WithOwner(user.ID.String())) {`
`424`	`424`	`return`
`425`	`425`	`}`
`426`	`426`