feat: Dbauthz is now default, remove out of experimental (#6650)

* feat: dbauthz always on, out of experimental * Add ability to do rbac checks in unit tests * Remove AuthorizeAllEndpoints * Remove duplicate rbac checks
2025-07-09 11:45:56 +00:00 · 2023-03-21 09:10:22 -05:00
parent 8aae0b64d3
commit 2321160c62
37 changed files with 334 additions and 1271 deletions
--- a/coderd/database/dbauthz/querier.go
+++ b/coderd/database/dbauthz/querier.go
@ -1068,7 +1068,11 @@ func (q *querier) UpdateUserHashedPassword(ctx context.Context, arg database.Upd

 	err = q.authorizeContext(ctx, rbac.ActionUpdate, user.UserDataRBACObject())
 	if err != nil {
-		return err
+		// Admins can update passwords for other users.
+		err = q.authorizeContext(ctx, rbac.ActionUpdate, user.RBACObject())
+		if err != nil {
+			return err
+		}
 	}

 	return q.db.UpdateUserHashedPassword(ctx, arg)