mirror of
https://github.com/coder/coder.git
synced 2025-07-09 11:45:56 +00:00
chore: merge provisioner key and provisioner permissions (#16628)
Provisioner key permissions were never any different than provisioners. Merging them for a cleaner permission story until they are required (if ever) to be seperate. This removed `ResourceProvisionerKey` from RBAC and just uses the existing `ResourceProvisioner`.
This commit is contained in:
@ -147,9 +147,13 @@ func (api *API) putOrgRoles(rw http.ResponseWriter, r *http.Request) {
|
||||
UUID: organization.ID,
|
||||
Valid: true,
|
||||
},
|
||||
SitePermissions: db2sdk.List(req.SitePermissions, sdkPermissionToDB),
|
||||
OrgPermissions: db2sdk.List(req.OrganizationPermissions, sdkPermissionToDB),
|
||||
UserPermissions: db2sdk.List(req.UserPermissions, sdkPermissionToDB),
|
||||
// Invalid permissions are filtered out. If this is changed
|
||||
// to throw an error, then the story of a previously valid role
|
||||
// now being invalid has to be addressed. Coder can change permissions,
|
||||
// objects, and actions at any time.
|
||||
SitePermissions: db2sdk.List(filterInvalidPermissions(req.SitePermissions), sdkPermissionToDB),
|
||||
OrgPermissions: db2sdk.List(filterInvalidPermissions(req.OrganizationPermissions), sdkPermissionToDB),
|
||||
UserPermissions: db2sdk.List(filterInvalidPermissions(req.UserPermissions), sdkPermissionToDB),
|
||||
})
|
||||
if httpapi.Is404Error(err) {
|
||||
httpapi.ResourceNotFound(rw)
|
||||
@ -247,6 +251,23 @@ func (api *API) deleteOrgRole(rw http.ResponseWriter, r *http.Request) {
|
||||
httpapi.Write(ctx, rw, http.StatusNoContent, nil)
|
||||
}
|
||||
|
||||
func filterInvalidPermissions(permissions []codersdk.Permission) []codersdk.Permission {
|
||||
// Filter out any invalid permissions
|
||||
var validPermissions []codersdk.Permission
|
||||
for _, permission := range permissions {
|
||||
err := rbac.Permission{
|
||||
Negate: permission.Negate,
|
||||
ResourceType: string(permission.ResourceType),
|
||||
Action: policy.Action(permission.Action),
|
||||
}.Valid()
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
validPermissions = append(validPermissions, permission)
|
||||
}
|
||||
return validPermissions
|
||||
}
|
||||
|
||||
func sdkPermissionToDB(p codersdk.Permission) database.CustomRolePermission {
|
||||
return database.CustomRolePermission{
|
||||
Negate: p.Negate,
|
||||
|
Reference in New Issue
Block a user