feat: Add permissions for links (#1407)

2025-07-08 11:39:50 +00:00 · 2022-05-13 09:25:57 -05:00
parent 64a8b4ac47
commit e6168ba238
16 changed files with 192 additions and 47 deletions
--- a/coderd/rbac/object.go
+++ b/coderd/rbac/object.go
@ -17,6 +17,10 @@ var (
 		Type: "template",
 	}

+	ResourceUser = Object{
+		Type: "user",
+	}
+
 	// ResourceUserRole might be expanded later to allow more granular permissions
 	// to modifying roles. For now, this covers all possible roles, so having this permission
 	// allows granting/deleting **ALL** roles.
--- a/coderd/roles.go
+++ b/coderd/roles.go
@ -40,12 +40,12 @@ func (api *api) checkPermissions(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

-	var params codersdk.UserPermissionCheckRequest
+	var params codersdk.UserAuthorizationRequest
 	if !httpapi.Read(rw, r, &params) {
 		return
 	}

-	response := make(codersdk.UserPermissionCheckResponse)
+	response := make(codersdk.UserAuthorizationResponse)
 	for k, v := range params.Checks {
 		if v.Object.ResourceType == "" {
 			httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
--- a/coderd/roles_test.go
+++ b/coderd/roles_test.go
@ -12,7 +12,7 @@ import (
 	"github.com/coder/coder/codersdk"
 )

-func TestPermissionCheck(t *testing.T) {
+func TestAuthorization(t *testing.T) {
 	t.Parallel()

 	client := coderdtest.New(t, nil)
@ -28,29 +28,29 @@ func TestPermissionCheck(t *testing.T) {
 		myself            = "read-myself"
 		myWorkspace       = "read-my-workspace"
 	)
-	params := map[string]codersdk.UserPermissionCheck{
+	params := map[string]codersdk.UserAuthorization{
 		allUsers: {
-			Object: codersdk.UserPermissionCheckObject{
+			Object: codersdk.UserAuthorizationObject{
 				ResourceType: "users",
 			},
 			Action: "read",
 		},
 		myself: {
-			Object: codersdk.UserPermissionCheckObject{
+			Object: codersdk.UserAuthorizationObject{
 				ResourceType: "users",
 				OwnerID:      "me",
 			},
 			Action: "read",
 		},
 		myWorkspace: {
-			Object: codersdk.UserPermissionCheckObject{
+			Object: codersdk.UserAuthorizationObject{
 				ResourceType: "workspaces",
 				OwnerID:      "me",
 			},
 			Action: "read",
 		},
 		readOrgWorkspaces: {
-			Object: codersdk.UserPermissionCheckObject{
+			Object: codersdk.UserAuthorizationObject{
 				ResourceType:   "workspaces",
 				OrganizationID: admin.OrganizationID.String(),
 			},
@ -61,7 +61,7 @@ func TestPermissionCheck(t *testing.T) {
 	testCases := []struct {
 		Name   string
 		Client *codersdk.Client
-		Check  codersdk.UserPermissionCheckResponse
+		Check  codersdk.UserAuthorizationResponse
 	}{
 		{
 			Name:   "Admin",
@ -90,7 +90,7 @@ func TestPermissionCheck(t *testing.T) {
 		c := c
 		t.Run(c.Name, func(t *testing.T) {
 			t.Parallel()
-			resp, err := c.Client.CheckPermissions(context.Background(), codersdk.UserPermissionCheckRequest{Checks: params})
+			resp, err := c.Client.CheckPermissions(context.Background(), codersdk.UserAuthorizationRequest{Checks: params})
 			require.NoError(t, err, "check perms")
 			require.Equal(t, resp, c.Check)
 		})