NotificationsYou must be signed in to change notification settings
Fork913
Star10k

Commitbb70749

committed

fix org, user and all scope rules

1 parent19af04e commitbb70749Copy full SHA for bb70749

File tree

1 file changed

+15

-19

lines changed

coderd/rbac
- policy.rego

1 file changed

+15

-19

lines changed

`‎coderd/rbac/policy.rego`

Lines changed: 15 additions & 19 deletions

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,15 @@ site := num if {`
`91`	`91`
`92`	`92`	`defaultscope_site:=0`
`93`	`93`
`94`		`-scope_site:=site_allow([input.subject.scope], [input.object.type,"*", prebuild_workspace_type])`
	`94`	`+scope_site:= num if{`
	`95`	`+is_prebuild_workspace`
	`96`	`+num:=site_allow([input.subject.scope], default_object_set)`
	`97`	`+}`
	`98`	`+`
	`99`	`+scope_site:= num if{`
	`100`	`+notis_prebuild_workspace`
	`101`	`+num:=site_allow([input.subject.scope], [input.object.type,"*", prebuild_workspace_type])`
	`102`	`+}`
`95`	`103`
`96`	`104`	`site_allow(roles, object_set):= num if{`
`97`	`105`	`# allow is a set of boolean values without duplicates.`
`@@ -123,25 +131,19 @@ org := num if {`
`123`	`131`
`124`	`132`	`org:= num if{`
`125`	`133`	`is_prebuild_workspace`
`126`		`-num:=number([`
`127`		`-org_allow(input.subject.roles, default_object_set),`
`128`		`-org_allow(input.subject.roles, [prebuild_workspace_type])`
`129`		`-])`
	`134`	`+num:=org_allow(input.subject.roles, [input.object.type,"*", prebuild_workspace_type])`
`130`	`135`	`}`
`131`	`136`
`132`	`137`	`defaultscope_org:=0`
`133`	`138`
`134`	`139`	`scope_org:= num if{`
`135`	`140`	`notis_prebuild_workspace`
`136`		`-num:=org_allow(input.subject.scope, default_object_set)`
	`141`	`+num:=org_allow([input.subject.scope], default_object_set)`
`137`	`142`	`}`
`138`	`143`
`139`	`144`	`scope_org:= num if{`
`140`	`145`	`is_prebuild_workspace`
`141`		`-num:=number([`
`142`		`-org_allow(input.subject.scope, default_object_set),`
`143`		`-org_allow(input.subject.scope, [prebuild_workspace_type])`
`144`		`-])`
	`146`	`+num:=org_allow([input.subject.scope], [input.object.type,"*", prebuild_workspace_type])`
`145`	`147`	`}`
`146`	`148`
`147`	`149`	`# org_allow_set is a helper function that iterates over all orgs that the actor`
`@@ -245,25 +247,19 @@ user := num if {`
`245`	`247`
`246`	`248`	`user:= num if{`
`247`	`249`	`is_prebuild_workspace`
`248`		`-num:=number([`
`249`		`-user_allow(input.subject.roles, default_object_set),`
`250`		`-user_allow(input.subject.roles, [prebuild_workspace_type])`
`251`		`-])`
	`250`	`+num:=user_allow(input.subject.roles, [input.object.type,"*", prebuild_workspace_type])`
`252`	`251`	`}`
`253`	`252`
`254`	`253`	`defaultuser_scope:=0`
`255`	`254`
`256`	`255`	`scope_user:= num if{`
`257`	`256`	`notis_prebuild_workspace`
`258`		`-num:=user_allow(input.subject.scope, default_object_set)`
	`257`	`+num:=user_allow([input.subject.scope], default_object_set)`
`259`	`258`	`}`
`260`	`259`
`261`	`260`	`scope_user:= num if{`
`262`	`261`	`is_prebuild_workspace`
`263`		`-num:=number([`
`264`		`-user_allow(input.subject.scope, default_object_set),`
`265`		`-user_allow(input.subject.scope, [prebuild_workspace_type])`
`266`		`-])`
	`262`	`+num:=user_allow([input.subject.scope], [input.object.type,"*", prebuild_workspace_type])`
`267`	`263`	`}`
`268`	`264`
`269`	`265`	`user_allow(roles, object_set):= num if{`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitbb70749

File tree

1 file changed

1 file changed

`‎coderd/rbac/policy.rego`

0 commit comments