chore: implement databased backend for custom roles (#13295)

Includes db schema and dbauthz layer for upserting custom roles. Unit test in `customroles_test.go` verify against escalating permissions through this feature.
2025-07-15 22:20:27 +00:00 · 2024-05-16 13:11:26 -05:00
parent 194be12133
commit cf91eff7cf
21 changed files with 854 additions and 19 deletions
--- a/coderd/database/queries/roles.sql
+++ b/coderd/database/queries/roles.sql
@ -0,0 +1,41 @@
+-- name: CustomRolesByName :many
+SELECT
+	*
+FROM
+	custom_roles
+WHERE
+	-- Case insensitive
+	name ILIKE ANY(@lookup_roles :: text [])
+;
+
+
+-- name: UpsertCustomRole :one
+INSERT INTO
+	custom_roles (
+	    name,
+	    display_name,
+	    site_permissions,
+	    org_permissions,
+	    user_permissions,
+	    created_at,
+		updated_at
+)
+VALUES (
+        -- Always force lowercase names
+        lower(@name),
+        @display_name,
+        @site_permissions,
+        @org_permissions,
+        @user_permissions,
+        now(),
+        now()
+	   )
+ON CONFLICT (name)
+	DO UPDATE SET
+	display_name = @display_name,
+	site_permissions = @site_permissions,
+	org_permissions = @org_permissions,
+	user_permissions = @user_permissions,
+	updated_at = now()
+RETURNING *
+;