feat: Implied 'member' roles for site and organization (#1917)

* feat: Member roles are implied and never exlpicitly added * Rename "GetAllUserRoles" to "GetAuthorizationRoles" * feat: Add migration to remove implied roles * rename user auth role middleware
2025-07-03 16:13:58 +00:00 · 2022-06-01 09:07:50 -05:00
parent 2878346f19
commit cc87a0cf6b
21 changed files with 131 additions and 115 deletions
--- a/coderd/rbac/builtin.go
+++ b/coderd/rbac/builtin.go
@ -63,7 +63,7 @@ var (
 		member: func(_ string) Role {
 			return Role{
 				Name:        member,
-				DisplayName: "Member",
+				DisplayName: "",
 				Site: permissions(map[Object][]Action{
 					// All users can read all other users and know they exist.
 					ResourceUser:           {ActionRead},
@ -116,7 +116,7 @@ var (
 		orgMember: func(organizationID string) Role {
 			return Role{
 				Name:        roleName(orgMember, organizationID),
-				DisplayName: "Organization Member",
+				DisplayName: "",
 				Org: map[string][]Permission{
 					organizationID: {
 						{
--- a/coderd/rbac/role.go
+++ b/coderd/rbac/role.go
@ -17,7 +17,9 @@ type Permission struct {
 // Users of this package should instead **only** use the role names, and
 // this package will expand the role names into their json payloads.
 type Role struct {
-	Name        string       `json:"name"`
+	Name string `json:"name"`
+	// DisplayName is used for UI purposes. If the role has no display name,
+	// that means the UI should never display it.
 	DisplayName string       `json:"display_name"`
 	Site        []Permission `json:"site"`
 	// Org is a map of orgid to permissions. We represent orgid as a string.