synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat!: drop reading other 'user' permission (#8650)

Browse Source 
* feat: drop reading other 'user' permission

Members of the platform can no longer read or list other users.
Resources that have "created_by" or "initiated_by" still retain
user context, but only include username and avatar url.

Attempting to read a user found via those means will result in
a 404.

* Hide /users page for regular users
* make groups a privledged endpoint
* Permissions page for template perms
* Admin for a given template enables an endpoint for listing users/groups.
This commit is contained in:
Steven Masley
2023-07-26 10:33:48 -04:00
committed by GitHub
parent 8649a10441
commit 2089006fbc
31 changed files with 585 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
coderd/apidoc/docs.go generated
View File

@ -2109,6 +2109,44 @@ const docTemplate = `{
}
}
},
"/templates/{template}/acl/available": {
"get": {
"security": [
{
"CoderSessionToken": []
}
],
"produces": [
"application/json"
],
"tags": [
"Enterprise"
],
"summary": "Get template available acl users/groups",
"operationId": "get-template-available-acl-usersgroups",
"parameters": [
{
"type": "string",
"format": "uuid",
"description": "Template ID",
"name": "template",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "array",
"items": {
"$ref": "#/definitions/codersdk.ACLAvailable"
}
}
}
}
}
},
"/templates/{template}/daus": {
"get": {
"security": [
@ -6619,6 +6657,23 @@ const docTemplate = `{
}
}
},
"codersdk.ACLAvailable": {
"type": "object",
"properties": {
"groups": {
"type": "array",
"items": {
"$ref": "#/definitions/codersdk.Group"
}
},
"users": {
"type": "array",
"items": {
"$ref": "#/definitions/codersdk.User"
}
}
}
},
"codersdk.APIKey": {
"type": "object",
"required": [