@@ -59,9 +59,6 @@ func GenerateRelationships() {
5959 teamTechnical := Team ("technical" ).Platform (platform ).
6060 Parent (teamEngineering )
6161
62- // Nest some teams
63- // TODO: This is currently unsupported
64-
6562 // Assign groups to teams
6663 teamCompany .MemberGroup (groupEveryone ).
6764 // Cost control groups can edit workspaces & delete them
@@ -96,6 +93,28 @@ func GenerateRelationships() {
9693 CanViewBy (steven , ammar , kyle ).
9794 CannotViewBy (camilla , jon )
9895
96+ // The workspace can be edited by cost control group via teamCompany
97+ stevenWorkspace .
98+ CanEditBy (dean ).
99+ // But cloud cost cannot exec into the workspace.
100+ CannotSshBy (dean )
101+
99102 // Validations enumerate who can do the given action.
100103 stevenWorkspace .ValidateView ().ValidateSsh ().ValidateEdit ()
101104}
105+
106+ // createWorkspace
107+ // - actor: The user creating the workspace. This user will be assigned as the owner.
108+ // - team: The team the workspace is being created for.
109+ // - template: The template version the workspace is being created from.
110+ // - provisioner: (in prod this might be tags??) The provisioner to provision the workspace.
111+ //
112+ // Creating a workspace is the process of a Team creating a workspace and assigning
113+ // a user permissions.
114+ // Perm checks:
115+ // - Can a user create a workspace for a given team?
116+ // - Can the team provision the workspace with the template?
117+ // - Can the team use the selected provisioner to provision the workspace? (TODO, rethink this)
118+ func testCreateWorkspace (actor * ObjUser , team * ObjTeam , version * ObjTemplate_version , provisioner * ObjProvisioner ) {
119+
120+ }
0 commit comments