Skip to content

feat: add multiple API key scopes support with granular permissions #19015

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: thomask33/07-15-fix_oauth2_allow_custom_uri_schemes_without_reverse_domain_notation_for_native_apps
Choose a base branch
from
Draft

feat: add multiple API key scopes support with granular permissions #19015

wants to merge 1 commit into from

Conversation

ThomasK33
Copy link
Member

Change-Id: I5857fd833f8114d53f575b9fa48a8e5e7dbfdb2c
Signed-off-by: Thomas Kosiewski tk@coder.com

@ThomasK33
feat: add multiple API key scopes support with granular permissions
7d68b72 
Change-Id: I5857fd833f8114d53f575b9fa48a8e5e7dbfdb2c
Signed-off-by: Thomas Kosiewski <tk@coder.com>
This was referenced Jul 23, 2025
Open
Open
This was referenced Jul 23, 2025
Open
Open
Open
Open
Draft
@ThomasK33 Graphite App
Copy link
Member Author

ThomasK33 commented Jul 23, 2025
edited
Loading

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

This stack of pull requests is managed by Graphite. Learn more about stacking.

Emyrk
Emyrk reviewed Jul 23, 2025
View reviewed changes
coderd/rbac/scopes.go
Comment on lines +177 to +187
Site: Permissions(map[string][]policy.Action{
ResourceWorkspace.Type: {policy.ActionRead, policy.ActionCreate, policy.ActionUpdate, policy.ActionDelete},
}),
Org: map[string][]Permission{
ResourceWorkspace.Type: {
{ResourceType: ResourceWorkspace.Type, Action: policy.ActionRead},
{ResourceType: ResourceWorkspace.Type, Action: policy.ActionCreate},
{ResourceType: ResourceWorkspace.Type, Action: policy.ActionUpdate},
{ResourceType: ResourceWorkspace.Type, Action: policy.ActionDelete},
},
},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Org level does not make sense in Scope. Just keep it all at the site level.
Remove the org permissions here and the others

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Emyrk Emyrk Emyrk left review comments

@aslilac aslilac Awaiting requested review from aslilac aslilac will be requested when the pull request is marked ready for review aslilac is a code owner

Assignees

@ThomasK33 ThomasK33

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ThomasK33 @Emyrk