shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: don't allow sharing admins to change own role (#21634)

Browse Source 
resolve coder/internal#1280
This commit is contained in:
Jaayden Halko
2026-01-30 18:27:30 +07:00
committed by GitHub
parent a464ab67c6
commit 4847920407
2 changed files with 76 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
coderd/workspaces.go
+8
View File
@@ -2353,6 +2353,14 @@ func (api *API) patchWorkspaceACL(rw http.ResponseWriter, r *http.Request) {
return
}
apiKey := httpmw.APIKey(r)
if _, ok := req.UserRoles[apiKey.UserID.String()]; ok {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: "You cannot change your own workspace sharing role.",
})
return
}
validErrs := acl.Validate(ctx, api.Database, WorkspaceACLUpdateValidator(req))
if len(validErrs) > 0 {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{