chore: implement databased backend for custom roles (#13295)

Includes db schema and dbauthz layer for upserting custom roles. Unit test in `customroles_test.go` verify against escalating permissions through this feature.
2025-07-15 22:20:27 +00:00 · 2024-05-16 13:11:26 -05:00
parent 194be12133
commit cf91eff7cf
21 changed files with 854 additions and 19 deletions
--- a/coderd/rbac/roles_test.go
+++ b/coderd/rbac/roles_test.go
@ -248,6 +248,15 @@ func TestRolePermissions(t *testing.T) {
 				false: {otherOrgAdmin, otherOrgMember, memberMe, userAdmin},
 			},
 		},
+		{
+			Name:     "CreateCustomRole",
+			Actions:  []policy.Action{policy.ActionCreate},
+			Resource: rbac.ResourceAssignRole,
+			AuthorizeMap: map[bool][]authSubject{
+				true:  {owner},
+				false: {userAdmin, orgAdmin, orgMemberMe, otherOrgAdmin, otherOrgMember, memberMe, templateAdmin},
+			},
+		},
 		{
 			Name:     "RoleAssignment",
 			Actions:  []policy.Action{policy.ActionAssign, policy.ActionDelete},
@ -380,7 +389,7 @@ func TestRolePermissions(t *testing.T) {
 		},
 		// Some admin style resources
 		{
-			Name:     "Licences",
+			Name:     "Licenses",
 			Actions:  []policy.Action{policy.ActionCreate, policy.ActionRead, policy.ActionDelete},
 			Resource: rbac.ResourceLicense,
 			AuthorizeMap: map[bool][]authSubject{