8000 Handling invalid permissions when creating/updating custom roles · Issue #16632 · coder/coder · GitHub
[go: up one dir, main page]
Skip to content
Handling invalid permissions when creating/updating custom roles #16632
New issue
New issue
Open
Feature
Open
Handling invalid permissions when creating/updating custom roles#16632
Feature
Labels
apiArea: HTTP APIdesign neededRequest for more beauty
@Emyrk

Description

@Emyrk
Emyrk
opened on Feb 19, 2025

When posting a custom role, invalid permissions are omitted by the backend:

coder/enterprise/coderd/roles.go

Lines 154 to 156 in 0f15263

SitePermissions: db2sdk.List(filterInvalidPermissions(req.SitePermissions), sdkPermissionToDB),
OrgPermissions: db2sdk.List(filterInvalidPermissions(req.OrganizationPermissions), sdkPermissionToDB),
UserPermissions: db2sdk.List(filterInvalidPermissions(req.UserPermissions), sdkPermissionToDB),

This was done to prevent an unsolvable error. If an invalid permission was to exist (via some migration or other means). The custom role could never be updated via the UI, as the permissions do not exist to "uncheck".

The solution was to ignore invalid permissions. This has the downside of silently removing things, which could be intuitive.

Invalid permissions should have some UX, maybe a warning?

Metadata

Metadata

Assignees

No one assigned

    Labels

    apiArea: HTTP APIdesign neededRequest for more beauty

    Type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0