Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit5f7e5d7

Browse files
authored
feat: support prebuilt workspaces in non-default organizations (#18010)
closescoder/internal#527
1 parent4d0fe20 commit5f7e5d7

File tree

8 files changed

+576
-302
lines changed

8 files changed

+576
-302
lines changed

‎coderd/database/dbauthz/dbauthz.go

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -412,6 +412,21 @@ var (
412412
policy.ActionCreate,policy.ActionDelete,policy.ActionRead,policy.ActionUpdate,
413413
policy.ActionWorkspaceStart,policy.ActionWorkspaceStop,
414414
},
415+
// Should be able to add the prebuilds system user as a member to any organization that needs prebuilds.
416+
rbac.ResourceOrganizationMember.Type: {
417+
policy.ActionCreate,
418+
},
419+
// Needs to be able to assign roles to the system user in order to make it a member of an organization.
420+
rbac.ResourceAssignOrgRole.Type: {
421+
policy.ActionAssign,
422+
},
423+
// Needs to be able to read users to determine which organizations the prebuild system user is a member of.
424+
rbac.ResourceUser.Type: {
425+
policy.ActionRead,
426+
},
427+
rbac.ResourceOrganization.Type: {
428+
policy.ActionRead,
429+
},
415430
}),
416431
},
417432
}),

‎coderd/rbac/roles.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,8 @@ const (
3333
orgUserAdminstring="organization-user-admin"
3434
orgTemplateAdminstring="organization-template-admin"
3535
orgWorkspaceCreationBanstring="organization-workspace-creation-ban"
36+
37+
prebuildsOrchestratorstring="prebuilds-orchestrator"
3638
)
3739

3840
funcinit() {
@@ -599,6 +601,9 @@ var assignRoles = map[string]map[string]bool{
599601
orgUserAdmin: {
600602
orgMember:true,
601603
},
604+
prebuildsOrchestrator: {
605+
orgMember:true,
606+
},
602607
}
603608

604609
// ExpandableRoles is any type that can be expanded into a []Role. This is implemented

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp