synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-21 01:28:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: provide endpoint to lock/unlock workspace (#8239)

Browse Source
This commit is contained in:
Jon Ayers
2023-06-28 16:12:49 -05:00
committed by GitHub
parent 72e83df578
commit 749307ef08
31 changed files with 577 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
coderd/rbac/roles.go
View File

@ -121,7 +121,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
opts = &RoleOptions{}
}
var ownerAndAdminExceptions []Object
ownerAndAdminExceptions := []Object{ResourceWorkspaceLocked}
if opts.NoOwnerWorkspaceExec {
ownerAndAdminExceptions = append(ownerAndAdminExceptions,
ResourceWorkspaceExecution,
@ -152,7 +152,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
ResourceProvisionerDaemon.Type: {ActionRead},
}),
Org: map[string][]Permission{},
User: allPermsExcept(),
User: allPermsExcept(ResourceWorkspaceLocked),
}.withCachedRegoValue()
auditorRole := Role{
@ -234,7 +234,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
Site: []Permission{},
Org: map[string][]Permission{
// Org admins should not have workspace exec perms.
organizationID: allPermsExcept(ResourceWorkspaceExecution),
organizationID: allPermsExcept(ResourceWorkspaceExecution, ResourceWorkspaceLocked),
},
User: []Permission{},
}