You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
@@ -55,15 +57,19 @@ These can be found in `coderd/rbac/policy/policy.go`.
55
57
56
58
#Creating a new noun
57
59
58
-
In the following example, we're going to create a new RBAC noun for a new entity called a "frobulator"_(just some nonsense word for demonstration purposes)_.
60
+
In the following example, we're going to create a new RBAC noun for a new entity
61
+
called a "frobulator"_(just some nonsense word for demonstration purposes)_.
59
62
60
-
_Refer tohttps://github.com/coder/coder/pull/14055 to see a full implementation._
63
+
_Refer tohttps://github.com/coder/coder/pull/14055 to see a full
64
+
implementation._
61
65
62
66
##Creating a new entity
63
67
64
-
If you're creating a new resource which has to be owned by users of differing roles, you need to create a new RBAC resource.
68
+
If you're creating a new resource which has to be owned by users of differing
69
+
roles, you need to create a new RBAC resource.
65
70
66
-
Let's say we're adding a new table called`frobulators` (we'll use this table later):
71
+
Let's say we're adding a new table called`frobulators` (we'll use this table
72
+
later):
67
73
68
74
```sql
69
75
CREATETABLEfrobulators
@@ -92,15 +98,17 @@ Let's now add our frobulator noun to `coderd/rbac/policy/policy.go`:
92
98
...
93
99
```
94
100
95
-
Entries in the`frobulators` table be created/read/updated/deleted, so we define those actions.
101
+
Entries in the`frobulators` table be created/read/updated/deleted, so we define
102
+
those actions.
96
103
97
-
`policy.go` is used to generate code in`coderd/rbac/object_gen.go`, and we can execute this by running`make gen`.
104
+
`policy.go` is used to generate code in`coderd/rbac/object_gen.go`, and we can
105
+
execute this by running`make gen`.
98
106
99
107
Now we have this change in`coderd/rbac/object_gen.go`:
100
108
101
109
```go
102
110
...
103
-
// ResourceFrobulator
111
+
// ResourceFrobulator
104
112
// Valid Actions
105
113
// - "ActionCreate" ::
106
114
// - "ActionDelete" ::
@@ -109,44 +117,48 @@ Now we have this change in `coderd/rbac/object_gen.go`:
109
117
ResourceFrobulator =Object{
110
118
Type:"frobulator",
111
119
}
112
-
...
120
+
...
113
121
114
-
funcAllResources() []Objecter {
115
-
...
116
-
ResourceFrobulator,
117
-
...
118
-
}
122
+
funcAllResources() []Objecter {
123
+
...
124
+
ResourceFrobulator,
125
+
...
126
+
}
119
127
```
120
128
121
-
This creates a resource which represents this noun, and adds it to a list of all available resources.
129
+
This creates a resource which represents this noun, and adds it to a list of all
130
+
available resources.
122
131
123
132
##Role Assignment
124
133
125
-
In our case, we want**members** to be able to CRUD their own frobulators and we want**owners** to CRUD all members' frobulators.
126
-
This is how most resources work, and the RBAC system is setup for this by default.
134
+
In our case, we want**members** to be able to CRUD their own frobulators and we
135
+
want**owners** to CRUD all members' frobulators. This is how most resources
136
+
work, and the RBAC system is setup for this by default.
127
137
128
-
However, let's say we want**auditors** to have read-only access to all members' frobulators; we need to add it to`coderd/rbac/roles.go`:
138
+
However, let's say we want**auditors** to have read-only access to all members'
139
+
frobulators; we need to add it to`coderd/rbac/roles.go`: