fix(coderd/rbac): allow user admin all perms on ResourceUserData (#10556)

2023-11-07 08:54:12 +00:00 · 2023-11-07 08:54:12 +00:00 · 4208c30d32
parent f84485d2c4
commit 4208c30d32
2 changed files with 3 additions and 2 deletions
--- a/coderd/rbac/roles.go
+++ b/coderd/rbac/roles.go
@ -206,6 +206,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
 		Site: Permissions(map[string][]Action{
 			ResourceRoleAssignment.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
 			ResourceUser.Type:           {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+			ResourceUserData.Type:       {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
 			// Full perms to manage org members
 			ResourceOrganizationMember.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
 			ResourceGroup.Type:              {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
--- a/coderd/rbac/roles_test.go
+++ b/coderd/rbac/roles_test.go
@ -274,8 +274,8 @@ func TestRolePermissions(t *testing.T) {
 			Actions:  []rbac.Action{rbac.ActionCreate, rbac.ActionRead, rbac.ActionUpdate, rbac.ActionDelete},
 			Resource: rbac.ResourceUserData.WithID(currentUser).WithOwner(currentUser.String()),
 			AuthorizeMap: map[bool][]authSubject{
-				true:  {owner, orgMemberMe, memberMe},
-				false: {orgAdmin, otherOrgAdmin, otherOrgMember, templateAdmin, userAdmin},
+				true:  {owner, orgMemberMe, memberMe, userAdmin},
+				false: {orgAdmin, otherOrgAdmin, otherOrgMember, templateAdmin},
 			},
 		},
 		{