chore: implement typed database for custom permissions (breaks existing custom roles) (#13457)

* chore: typed database custom permissions * add migration to fix any custom roles out there
2025-07-03 16:13:58 +00:00 · 2024-06-04 09:27:44 -05:00
parent 168d2d6ba0
commit e3206612e1
17 changed files with 257 additions and 267 deletions
--- a/coderd/database/types.go
+++ b/coderd/database/types.go
@ -112,3 +112,33 @@ func (m *StringMapOfInt) Scan(src interface{}) error {
 func (m StringMapOfInt) Value() (driver.Value, error) {
 	return json.Marshal(m)
 }
+
+type CustomRolePermissions []CustomRolePermission
+
+func (a *CustomRolePermissions) Scan(src interface{}) error {
+	switch v := src.(type) {
+	case string:
+		return json.Unmarshal([]byte(v), &a)
+	case []byte:
+		return json.Unmarshal(v, &a)
+	}
+	return xerrors.Errorf("unexpected type %T", src)
+}
+
+func (a CustomRolePermissions) Value() (driver.Value, error) {
+	return json.Marshal(a)
+}
+
+type CustomRolePermission struct {
+	Negate       bool          `json:"negate"`
+	ResourceType string        `json:"resource_type"`
+	Action       policy.Action `json:"action"`
+}
+
+func (a CustomRolePermission) String() string {
+	str := a.ResourceType + "." + string(a.Action)
+	if a.Negate {
+		return "-" + str
+	}
+	return str
+}