Skip to content

chore: add an unassign action for roles #16728

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 27, 2025
Merged

chore: add an unassign action for roles #16728

merged 3 commits into from
Feb 27, 2025

Conversation

@aslilac
Copy link
Member

@aslilac aslilac commented Feb 26, 2025

currently, we use ActionDelete to determine whether you can unassign a role, which is terrible, because we also use that to determine if you can delete the role itself.

there is more cleanup to do here, like renaming the roles resources to not start with assign_, but this change means that we can remove organization_role.delete from org user admins, which fixes a UI bug. this was a lot of work to fix a single button, but it needed to be done anyway. 😅

@aslilac aslilac requested a review from Emyrk February 26, 2025 23:44
Emyrk
Emyrk approved these changes Feb 27, 2025
View reviewed changes
Copy link
Member

@Emyrk Emyrk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just 1 nit 👍

coderd/database/dbauthz/dbauthz.go Outdated
// TODO: Handle org scoped lookups
func (q *querier) CustomRoles(ctx context.Context, arg database.CustomRolesParams) ([]database.CustomRole, error) {
if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceAssignRole); err != nil {
roleObject := rbac.ResourceAssignOrgRole
Copy link
Member

@Emyrk Emyrk Feb 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
roleObject := rbac.ResourceAssignOrgRole
roleObject := rbac.ResourceAssignRole

@aslilac aslilac merged commit 91a4a98 into main Feb 27, 2025
35 checks passed
@aslilac aslilac deleted the lilac/action-unassign branch February 27, 2025 17:39
@github-actions github-actions bot locked and limited conversation to collaborators Feb 27, 2025
@stirby
Copy link
Collaborator

stirby commented Mar 4, 2025

/cherry-pick release/2.20

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@Emyrk Emyrk Emyrk approved these changes

Assignees

@aslilac aslilac

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aslilac @stirby @Emyrk