Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit6cae769

Browse files
committed
fix: exclude prebuiltWorkspace permissions from orgAdmin role
1 parenta043f92 commit6cae769

File tree

4 files changed

+16
-31
lines changed

4 files changed

+16
-31
lines changed

‎coderd/rbac/roles.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -414,7 +414,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
414414
}),
415415
Org:map[string][]Permission{
416416
// Org admins should not have workspace exec perms.
417-
organizationID.String():append(allPermsExcept(ResourceWorkspace,ResourceWorkspaceDormant,ResourceAssignRole),Permissions(map[string][]policy.Action{
417+
organizationID.String():append(allPermsExcept(ResourceWorkspace,ResourceWorkspaceDormant,ResourcePrebuiltWorkspace,ResourceAssignRole),Permissions(map[string][]policy.Action{
418418
ResourceWorkspaceDormant.Type: {policy.ActionRead,policy.ActionDelete,policy.ActionCreate,policy.ActionUpdate,policy.ActionWorkspaceStop,policy.ActionCreateAgent,policy.ActionDeleteAgent},
419419
ResourceWorkspace.Type:slice.Omit(ResourceWorkspace.AvailableActions(),policy.ActionApplicationConnect,policy.ActionSSH),
420420
})...),

‎coderd/rbac/roles_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -501,8 +501,8 @@ func TestRolePermissions(t *testing.T) {
501501
Actions: []policy.Action{policy.ActionRead,policy.ActionUpdate,policy.ActionDelete},
502502
Resource:rbac.ResourcePrebuiltWorkspace.WithID(uuid.New()).InOrg(orgID).WithOwner(memberMe.Actor.ID),
503503
AuthorizeMap:map[bool][]hasAuthSubjects{
504-
true: {owner,orgAdmin,orgMemberMe,templateAdmin,orgTemplateAdmin},
505-
false: {setOtherOrg,userAdmin,memberMe,orgUserAdmin,orgAuditor},
504+
true: {owner,orgMemberMe,templateAdmin,orgTemplateAdmin},
505+
false: {setOtherOrg,userAdmin,memberMe,orgAdmin,orgUserAdmin,orgAuditor},
506506
},
507507
},
508508
// Some admin style resources

‎enterprise/coderd/prebuilds/claim_test.go

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -415,18 +415,18 @@ func templateWithAgentAndPresetsWithPrebuilds(desiredInstances int32) *echo.Resp
415415
Instances:desiredInstances,
416416
},
417417
},
418-
//{
419-
//Name: "preset-b",
420-
//Parameters: []*proto.PresetParameter{
421-
//{
422-
//Name: "k1",
423-
//Value: "v2",
424-
//},
425-
//},
426-
//Prebuild: &proto.Prebuild{
427-
//Instances: desiredInstances,
428-
//},
429-
//},
418+
{
419+
Name:"preset-b",
420+
Parameters: []*proto.PresetParameter{
421+
{
422+
Name:"k1",
423+
Value:"v2",
424+
},
425+
},
426+
Prebuild:&proto.Prebuild{
427+
Instances:desiredInstances,
428+
},
429+
},
430430
},
431431
},
432432
},

‎enterprise/coderd/prebuilds/reconcile_test.go

Lines changed: 1 addition & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -475,26 +475,11 @@ func TestTemplateAdminDelete(t *testing.T) {
475475
template:=coderdtest.CreateTemplate(t,client,orgID,version.ID)
476476
presets,err:=client.TemplateVersionPresets(ctx,version.ID)
477477
require.NoError(t,err)
478-
require.Len(t,presets,1)
478+
require.Len(t,presets,2)
479479
preset:=setupTestDBPreset(t,db,version.ID,2,"b0rked")
480480

481481
templateAdminClient,_:=coderdtest.CreateAnotherUser(t,client,orgID,rbac.RoleTemplateAdmin())
482482

483-
state,err:=reconciler.SnapshotState(ctx,spy)
484-
require.NoError(t,err)
485-
require.Len(t,state.Presets,2)
486-
487-
for_,preset:=rangepresets {
488-
ps,err:=state.FilterByPreset(preset.ID)
489-
require.NoError(t,err)
490-
require.NotNil(t,ps)
491-
actions,err:=reconciler.CalculateActions(ctx,*ps)
492-
require.NoError(t,err)
493-
require.NotNil(t,actions)
494-
495-
require.NoError(t,reconciler.ReconcilePreset(ctx,*ps))
496-
}
497-
498483
workspace,_:=setupTestDBPrebuild(
499484
t,
500485
clock,

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp