Skip to content

Commit 33988fe

Browse files
EmyrkEmyrk
authored
chore: allow user admins to configure idp sync (coder#14861)
1 parent 2c8b264 commit 33988fe

File tree

2 files changed

+3
-2
lines changed

2 files changed

+3
-2
lines changed

coderd/rbac/roles.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -460,6 +460,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
460460
ResourceOrganizationMember.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete},
461461
ResourceGroup.Type: ResourceGroup.AvailableActions(),
462462
ResourceGroupMember.Type: ResourceGroupMember.AvailableActions(),
463+
ResourceIdpsyncSettings.Type: {policy.ActionRead, policy.ActionUpdate},
463464
}),
464465
},
465466
User: []Permission{},

coderd/rbac/roles_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -718,11 +718,11 @@ func TestRolePermissions(t *testing.T) {
718718
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate},
719719
Resource: rbac.ResourceIdpsyncSettings.InOrg(orgID),
720720
AuthorizeMap: map[bool][]hasAuthSubjects{
721-
true: {owner, orgAdmin},
721+
true: {owner, orgAdmin, orgUserAdmin},
722722
false: {
723723
orgMemberMe, otherOrgAdmin,
724724
memberMe, userAdmin, templateAdmin,
725-
orgAuditor, orgUserAdmin, orgTemplateAdmin,
725+
orgAuditor, orgTemplateAdmin,
726726
otherOrgMember, otherOrgAuditor, otherOrgUserAdmin, otherOrgTemplateAdmin,
727727
},
728728
},

0 commit comments

Comments
 (0)