shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add service_accounts workspace sharing mode (#23093)

Browse Source 
Introduce a three-way workspace sharing setting (none, everyone,
service_accounts) replacing the boolean workspace_sharing_disabled.
In service_accounts mode, only service account-owned workspaces can be
shared while regular members' share permissions are removed. Adds a
new organization-service-account system role with per-org permissions
reconciled alongside the existing organization-member system role.

Related to:
https://linear.app/codercom/issue/PLAT-28/feat-service-accounts-sharing-mode-and-rbac-role

---------

Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
Co-authored-by: Kayla はな <mckayla@hey.com>
This commit is contained in:
George K
2026-03-17 12:16:43 -07:00
committed by GitHub
parent 6b76e30321
commit 91ec0f1484
38 changed files with 1437 additions and 421 deletions
Download Patch File Download Diff File Expand all files Collapse all files
coderd/workspaces.go
+6 -2
View File
@@ -2487,7 +2487,11 @@ func (api *API) patchWorkspaceACL(rw http.ResponseWriter, r *http.Request) {
return nil
}, nil)
if err != nil {
httpapi.InternalServerError(rw, err)
if dbauthz.IsNotAuthorizedError(err) {
httpapi.Forbidden(rw)
} else {
httpapi.InternalServerError(rw, err)
}
return
}
@@ -2566,7 +2570,7 @@ func (api *API) allowWorkspaceSharing(ctx context.Context, rw http.ResponseWrite
httpapi.InternalServerError(rw, err)
return false
}
if org.WorkspaceSharingDisabled {
if org.ShareableWorkspaceOwners == database.ShareableWorkspaceOwnersNone {
httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{
Message: "Workspace sharing is disabled for this organization.",
})