From f70eecac9cb7ed33f33366afe851ce3596d57fec Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Mon, 6 Nov 2023 20:49:19 +0000 Subject: [PATCH 1/2] fix(roles): allow user admin all perms on ResourceUserData --- coderd/rbac/roles.go | 1 + 1 file changed, 1 insertion(+) diff --git a/coderd/rbac/roles.go b/coderd/rbac/roles.go index b94c90059a2c3..de120363142c4 100644 --- a/coderd/rbac/roles.go +++ b/coderd/rbac/roles.go @@ -206,6 +206,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) { Site: Permissions(map[string][]Action{ ResourceRoleAssignment.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete}, ResourceUser.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete}, + ResourceUserData.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete}, // Full perms to manage org members ResourceOrganizationMember.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete}, ResourceGroup.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete}, From c0bf2fb77a8f170360f52261a5c609dc4a1e7bf6 Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Mon, 6 Nov 2023 21:03:05 +0000 Subject: [PATCH 2/2] fixup! fix(roles): allow user admin all perms on ResourceUserData --- coderd/rbac/roles_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/coderd/rbac/roles_test.go b/coderd/rbac/roles_test.go index fc47413fd19f2..7ef98a7f3d46e 100644 --- a/coderd/rbac/roles_test.go +++ b/coderd/rbac/roles_test.go @@ -274,8 +274,8 @@ func TestRolePermissions(t *testing.T) { Actions: []rbac.Action{rbac.ActionCreate, rbac.ActionRead, rbac.ActionUpdate, rbac.ActionDelete}, Resource: rbac.ResourceUserData.WithID(currentUser).WithOwner(currentUser.String()), AuthorizeMap: map[bool][]authSubject{ - true: {owner, orgMemberMe, memberMe}, - false: {orgAdmin, otherOrgAdmin, otherOrgMember, templateAdmin, userAdmin}, + true: {owner, orgMemberMe, memberMe, userAdmin}, + false: {orgAdmin, otherOrgAdmin, otherOrgMember, templateAdmin}, }, }, {