Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit1f4fb0e

Browse files
committed
Add provisioner stuff
1 parent0ffffeb commit1f4fb0e

File tree

1 file changed

+44
-0
lines changed

1 file changed

+44
-0
lines changed

‎coderd/database/spice/policy/schema.zed

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,15 @@ definition team {
6767
relation template_permission_manager: group#membership | user
6868
relation template_insights_viewer: group#membership | user
6969

70+
71+
/*******************
72+
* Provisioner Roles *
73+
*******************/
74+
relation provisioner_viewer: group#membership | user
75+
relation provisioner_creator: group#membership | user
76+
relation provisioner_deletor: group#membership | user
77+
relation provisioner_editor: group#membership | user
78+
7079
/*******************
7180
* Other Roles *
7281
*******************/
@@ -98,7 +107,19 @@ definition team {
98107
permission edit_templates = platform->super_admin + template_editor + parent->edit_templates
99108
permission delete_templates = platform->super_admin + template_deletor + parent->delete_templates
100109
permission manage_template_permissions = platform->super_admin + template_permission_manager + parent->manage_template_permissions
110+
// Creating a template, version, and file are all the same permissions
101111
permission create_template = platform->super_admin + template_creator + parent->create_template
112+
permission create_template_version = create_template
113+
permission create_file = create_template
114+
115+
116+
/************************
117+
* Provisioner Permissions *
118+
************************/
119+
permission view_provisioners = platform->super_admin + template_viewer + parent->view_provisioners
120+
permission edit_provisioners = platform->super_admin + template_editor + parent->edit_provisioners
121+
permission delete_provisioners = platform->super_admin + template_deletor + parent->delete_provisioners
122+
permission create_provisioners = platform->super_admin + template_creator + parent->create_provisioners
102123
}
103124

104125
// group is a collection of users and operates exactly like a user from
@@ -182,10 +203,12 @@ definition template {
182203
// workspace relates a given workspace to a template. This allows
183204
// 'view' permission to be granted through the workspace, so a person who can
184205
// view a workspce, can also view the template it is using.
206+
// TODO: Add deleted caveat?
185207
relation workspace: workspace
186208

187209
permission view = owner->template_viewer + workspace->view
188210
permission view_insights = owner->view_template_insights
211+
// Edit allows adding and promoting template versions.
189212
permission edit = owner->edit_templates
190213
permission delete = owner->delete_templates
191214
permission edit_pemissions = owner->manage_template_permissions
@@ -196,3 +219,24 @@ definition template_version {
196219

197220
permission view = template->view
198221
}
222+
223+
definition file {
224+
relation template_version: template_version
225+
226+
permission view = template_version -> view
227+
}
228+
229+
definition provisioner {
230+
// owning team for pulling permissions through.
231+
relation owner: team
232+
233+
permission view = owner -> view_provisioners
234+
}
235+
236+
definition job {
237+
relation template_version: template_version
238+
relation workspace_build: workspace_build
239+
// dry runs?
240+
241+
permission view = template_version->view + workspace_build->view
242+
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp