feat: add template RBAC/groups (#4235)

2025-07-03 16:13:58 +00:00 · 2022-10-10 15:37:06 -05:00
parent 2687e3db49
commit 3120c94c22
122 changed files with 8088 additions and 1062 deletions
--- a/coderd/files.go
+++ b/coderd/files.go
@ -23,7 +23,7 @@ func (api *API) postFile(rw http.ResponseWriter, r *http.Request) {
 	apiKey := httpmw.APIKey(r)
 	// This requires the site wide action to create files.
 	// Once created, a user can read their own files uploaded
-	if !api.Authorize(r, rbac.ActionCreate, rbac.ResourceFile) {
+	if !api.Authorize(r, rbac.ActionCreate, rbac.ResourceFile.WithOwner(apiKey.UserID.String())) {
 		httpapi.Forbidden(rw)
 		return
 	}