Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit09f82b4

Browse files
johnstcndannykopping
authored andcommitted
DNM: example PR to show how to add a new RBAC resource
1 parentbf4b7ab commit09f82b4

File tree

11 files changed

+52
-0
lines changed

11 files changed

+52
-0
lines changed

‎coderd/apidoc/docs.go

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/apidoc/swagger.json

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/rbac/object_gen.go

Lines changed: 11 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/rbac/policy/policy.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -255,4 +255,12 @@ var RBACPermissions = map[string]PermissionDefinition{
255255
ActionDelete:actDef(""),
256256
},
257257
},
258+
"frobulator": {
259+
Actions:map[Action]ActionDefinition{
260+
ActionCreate:actDef(""),
261+
ActionRead:actDef(""),
262+
ActionUpdate:actDef(""),
263+
ActionDelete:actDef(""),
264+
},
265+
},
258266
}

‎coderd/rbac/roles.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -264,6 +264,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
264264
Permissions(map[string][]policy.Action{
265265
ResourceWorkspace.Type:ownerWorkspaceActions,
266266
ResourceWorkspaceDormant.Type: {policy.ActionRead,policy.ActionDelete,policy.ActionCreate,policy.ActionUpdate,policy.ActionWorkspaceStop},
267+
ResourceFrobulator.Type: {policy.ActionCreate,policy.ActionRead,policy.ActionUpdate,policy.ActionDelete},
267268
})...),
268269
Org:map[string][]Permission{},
269270
User: []Permission{},

‎coderd/rbac/roles_test.go

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -630,6 +630,20 @@ func TestRolePermissions(t *testing.T) {
630630
},
631631
},
632632
},
633+
{
634+
Name:"OnlyAdminsCanFrobulate",
635+
Actions: []policy.Action{policy.ActionCreate,policy.ActionRead,policy.ActionUpdate,policy.ActionDelete},
636+
Resource:rbac.ResourceFrobulator,
637+
AuthorizeMap:map[bool][]hasAuthSubjects{
638+
true: {owner},
639+
false: {
640+
orgAdmin,otherOrgAdmin,orgMemberMe,
641+
memberMe,userAdmin,templateAdmin,
642+
orgAuditor,orgUserAdmin,orgTemplateAdmin,
643+
otherOrgMember,otherOrgAuditor,otherOrgUserAdmin,otherOrgTemplateAdmin,
644+
},
645+
},
646+
},
633647
}
634648

635649
// We expect every permission to be tested above.

‎codersdk/rbacresources_gen.go

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎docs/api/members.md

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎docs/api/schemas.md

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎site/src/api/rbacresources_gen.ts

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,12 @@ export const RBACResourceActions: Partial<
4444
create:"create a file",
4545
read:"read files",
4646
},
47+
frobulator:{
48+
create:"",
49+
delete:"",
50+
read:"",
51+
update:"",
52+
},
4753
group:{
4854
create:"create a group",
4955
delete:"delete a group",

‎site/src/api/typesGenerated.ts

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp