From 8726ae755d6cd30b87bf2f693e1fcae6cb77402a Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Fri, 27 Sep 2024 11:14:43 -0500 Subject: [PATCH 1/2] chore: allow user admins to configure idp sync --- coderd/rbac/roles.go | 1 + 1 file changed, 1 insertion(+) diff --git a/coderd/rbac/roles.go b/coderd/rbac/roles.go index 7e0cf0c757da5..14700500266a1 100644 --- a/coderd/rbac/roles.go +++ b/coderd/rbac/roles.go @@ -460,6 +460,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) { ResourceOrganizationMember.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete}, ResourceGroup.Type: ResourceGroup.AvailableActions(), ResourceGroupMember.Type: ResourceGroupMember.AvailableActions(), + ResourceIdpsyncSettings.Type: {policy.ActionRead, policy.ActionUpdate}, }), }, User: []Permission{}, From 9abb49b2788447cb26895692b8c143f9ff9d0d88 Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Fri, 27 Sep 2024 11:21:15 -0500 Subject: [PATCH 2/2] update test --- coderd/rbac/roles_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/coderd/rbac/roles_test.go b/coderd/rbac/roles_test.go index bf537f815cb2b..c5a759f4d1da6 100644 --- a/coderd/rbac/roles_test.go +++ b/coderd/rbac/roles_test.go @@ -718,11 +718,11 @@ func TestRolePermissions(t *testing.T) { Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate}, Resource: rbac.ResourceIdpsyncSettings.InOrg(orgID), AuthorizeMap: map[bool][]hasAuthSubjects{ - true: {owner, orgAdmin}, + true: {owner, orgAdmin, orgUserAdmin}, false: { orgMemberMe, otherOrgAdmin, memberMe, userAdmin, templateAdmin, - orgAuditor, orgUserAdmin, orgTemplateAdmin, + orgAuditor, orgTemplateAdmin, otherOrgMember, otherOrgAuditor, otherOrgUserAdmin, otherOrgTemplateAdmin, }, },