- Notifications
You must be signed in to change notification settings - Fork909
Open
Description
When posting a custom role, invalid permissions are omitted by the backend:
coder/enterprise/coderd/roles.go
Lines 154 to 156 in0f15263
| SitePermissions:db2sdk.List(filterInvalidPermissions(req.SitePermissions),sdkPermissionToDB), | |
| OrgPermissions:db2sdk.List(filterInvalidPermissions(req.OrganizationPermissions),sdkPermissionToDB), | |
| UserPermissions:db2sdk.List(filterInvalidPermissions(req.UserPermissions),sdkPermissionToDB), |
This was done to prevent an unsolvable error. If an invalid permission was to exist (via some migration or other means). The custom role could never be updated via the UI, as the permissions do not exist to "uncheck".
The solution was to ignore invalid permissions. This has the downside of silently removing things, which could be intuitive.
Invalid permissions should have some UX, maybe a warning?