Fix test

coder · Emyrk · Apr 11, 2023 · Apr 7, 2023 · Apr 7, 2023 · Apr 7, 2023
commit 2438f67efbfb4728bf4e870294b91db28eb95e07
diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden
@@ -16,6 +16,12 @@ Start a Coder server
           $CACHE_DIRECTORY is set, it will be used for compatibility with
           systemd.
 
+      --disable-owner-workspace-exec bool, $CODER_DISABLE_OWNER_WORKSPACE_EXEC
+          Remove the permission for the 'owner' role to have workspace execution
+          on all workspaces. This prevents the 'owner' from ssh, apps, and
+          terminal access based on the 'owner' role. They still have their user
+          permissions to access their own workspaces.
+
       --disable-path-apps bool, $CODER_DISABLE_PATH_APPS
           Disable workspace apps that are not served from subdomains. Path-based
           apps can make requests to the Coder API and pose a security risk when

diff --git a/coderd/rbac/roles_test.go b/coderd/rbac/roles_test.go
@@ -147,8 +147,8 @@ func TestRolePermissions(t *testing.T) {
 			Actions:  []rbac.Action{rbac.ActionCreate, rbac.ActionRead, rbac.ActionUpdate, rbac.ActionDelete},
 			Resource: rbac.ResourceWorkspaceExecution.WithID(workspaceID).InOrg(orgID).WithOwner(currentUser.String()),
 			AuthorizeMap: map[bool][]authSubject{
-				true:  {owner, orgAdmin, orgMemberMe},
-				false: {memberMe, otherOrgAdmin, otherOrgMember, templateAdmin, userAdmin},
+				true:  {owner, orgMemberMe},
+				false: {orgAdmin, memberMe, otherOrgAdmin, otherOrgMember, templateAdmin, userAdmin},
 			},
 		},
 		{