chore: authz 'any_org' to return if at least 1 org has perms (#14009)

* chore: authz 'any_org' to return if at least 1 org has perms Allows checking if a user can do an action in any organization, rather than a specific one. Allows asking general questions on the UI to determine which elements to show. * more strict, add comments to policy * add unit tests and extend to /authcheck api * make field optional
2025-07-03 16:13:58 +00:00 · 2024-07-29 19:58:48 -05:00
parent b7102b39af
commit 3209c863b8
14 changed files with 196 additions and 14 deletions
--- a/coderd/apidoc/docs.go
+++ b/coderd/apidoc/docs.go
@ -8482,6 +8482,10 @@ const docTemplate = `{
            "description": "AuthorizationObject can represent a \"set\" of objects, such as: all workspaces in an organization, all workspaces owned by me, all workspaces across the entire product.",
            "type": "object",
            "properties": {
+                "any_org": {
+                    "description": "AnyOrgOwner (optional) will disregard the org_owner when checking for permissions.\nThis cannot be set to true if the OrganizationID is set.",
+                    "type": "boolean"
+                },
                "organization_id": {
                    "description": "OrganizationID (optional) adds the set constraint to all resources owned by a given organization.",
                    "type": "string"