From 88605b9d01c36c901af1a910c6a068bf9211c07b Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Thu, 12 Oct 2023 10:52:32 -0500 Subject: [PATCH] chore: add display name to member role (#10239) * chore: add display name to member role * Do not let member role be assignable * Ignore org member role for assignability atm --- coderd/rbac/roles.go | 2 +- coderd/roles.go | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/coderd/rbac/roles.go b/coderd/rbac/roles.go index a54d8db381..b94c90059a 100644 --- a/coderd/rbac/roles.go +++ b/coderd/rbac/roles.go @@ -143,7 +143,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) { memberRole := Role{ Name: member, - DisplayName: "", + DisplayName: "Member", Site: Permissions(map[string][]Action{ ResourceRoleAssignment.Type: {ActionRead}, // All users can see the provisioner daemons. diff --git a/coderd/roles.go b/coderd/roles.go index bbee06d692..d985d7dca1 100644 --- a/coderd/roles.go +++ b/coderd/roles.go @@ -58,7 +58,10 @@ func (api *API) assignableOrgRoles(rw http.ResponseWriter, r *http.Request) { func assignableRoles(actorRoles rbac.ExpandableRoles, roles []rbac.Role) []codersdk.AssignableRoles { assignable := make([]codersdk.AssignableRoles, 0) for _, role := range roles { - if role.DisplayName == "" { + // The member role is implied, and not assignable. + // If there is no display name, then the role is also unassigned. + // This is not the ideal logic, but works for now. + if role.Name == rbac.RoleMember() || (role.DisplayName == "") { continue } assignable = append(assignable, codersdk.AssignableRoles{