Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit628f466

Browse files
committed
add
1 parent1e83c27 commit628f466

File tree

3 files changed

+25
-72
lines changed

3 files changed

+25
-72
lines changed

‎coderd/database/spice/policy/playground/relationships/relationships.go

Lines changed: 22 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -59,9 +59,6 @@ func GenerateRelationships() {
5959
teamTechnical:=Team("technical").Platform(platform).
6060
Parent(teamEngineering)
6161

62-
// Nest some teams
63-
// TODO: This is currently unsupported
64-
6562
// Assign groups to teams
6663
teamCompany.MemberGroup(groupEveryone).
6764
// Cost control groups can edit workspaces & delete them
@@ -96,6 +93,28 @@ func GenerateRelationships() {
9693
CanViewBy(steven,ammar,kyle).
9794
CannotViewBy(camilla,jon)
9895

96+
// The workspace can be edited by cost control group via teamCompany
97+
stevenWorkspace.
98+
CanEditBy(dean).
99+
// But cloud cost cannot exec into the workspace.
100+
CannotSshBy(dean)
101+
99102
// Validations enumerate who can do the given action.
100103
stevenWorkspace.ValidateView().ValidateSsh().ValidateEdit()
101104
}
105+
106+
// createWorkspace
107+
// - actor: The user creating the workspace. This user will be assigned as the owner.
108+
// - team: The team the workspace is being created for.
109+
// - template: The template version the workspace is being created from.
110+
// - provisioner: (in prod this might be tags??) The provisioner to provision the workspace.
111+
//
112+
// Creating a workspace is the process of a Team creating a workspace and assigning
113+
// a user permissions.
114+
// Perm checks:
115+
// - Can a user create a workspace for a given team?
116+
// - Can the team provision the workspace with the template?
117+
// - Can the team use the selected provisioner to provision the workspace? (TODO, rethink this)
118+
functestCreateWorkspace(actor*ObjUser,team*ObjTeam,version*ObjTemplate_version,provisioner*ObjProvisioner) {
119+
120+
}

‎coderd/database/spice/policy/schema.zed

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,9 @@ definition team {
2222
// are passed through the team level.
2323
relation platform: platform
2424

25-
// parent allows nesting teams
25+
// parent allows nesting teams. Nested teams inherit the permissions from
26+
// their parents. So if a user has permissions in a parent team, they have the same
27+
// permissions in the child.
2628
relation parent: team
2729

2830
// Teams have their own roles for user's to interact with team resources.

‎coderd/database/spice/schema.zed

Lines changed: 0 additions & 68 deletions
This file was deleted.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp