shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-03 21:18:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,434 Commits 1,143 Branches 344 Tags
1a774ab7ce99063a2e01beb94de3fcbccaf84dbe
Commit Graph

5 Commits

Author SHA1 Message Date
Steven Masley f23836d426 chore: add more scopes to the curated catalog (#20746) 
Just noticed when writing docs. These are probably obvious scopes to
allow
 2025-11-14 08:30:10 -06:00
Mathias Fredriksson 299a54a99b feat(coderd): add tasks rbac object (#20234) 
This change adds RBAC for tasks.

Updates coder/internal#948
Supersedes coder/coder#20212
 2025-10-13 12:02:22 +03:00
Thomas Kosiewski 79126ab6c7 feat: implement composite API key scopes for workspaces and templates (#19945) 
# Add Composite API Key Scopes

This PR adds high-level composite API key scopes to simplify token creation with common permission sets:

- `coder:workspaces.create` - Create and update workspaces
- `coder:workspaces.operate` - Read and update workspaces
- `coder:workspaces.delete` - Read and delete workspaces
- `coder:workspaces.access` - Read, SSH, and connect to workspace applications
- `coder:templates.build` - Read templates and create/read files
- `coder:templates.author` - Full template management with insights
- `coder:apikeys.manage_self` - Manage your own API keys

These composite scopes are persisted in the database and expanded during authorization, providing a more intuitive way to grant permissions compared to the granular resource:action scopes.
 2025-09-29 13:17:08 +02:00
Thomas Kosiewski d0db9ec88f feat: add multi-scope support to API keys (#19917) 
# Canonicalize API Key Scopes

This PR introduces canonical API key scopes with a `coder:` namespace prefix to avoid collisions with low-level resource:action names. It:

1. Renames special API key scopes in the database:
   - `all` → `coder:all`
   - `application_connect` → `coder:application_connect`

2. Adds support for a new `scopes` field in the API key creation request, allowing multiple scopes to be specified while maintaining backward compatibility with the singular `scope` field.

3. Updates the API documentation to reflect these changes, including the new endpoint for listing public API key scopes.

4. Ensures backward compatibility by mapping between legacy and canonical scope names in relevant code paths.
 2025-09-26 11:56:34 +02:00
Thomas Kosiewski 47c92ad1d2 feat: add public RBAC scope catalog for user-requestable permissions (#19913) 
# Add a curated catalog of public RBAC scopes

This PR introduces a curated catalog of public RBAC scopes that are exposed to users. It adds:

- A `publicLowLevel` map in `scopes_catalog.go` that defines which resource:action pairs are user-requestable
- `IsPublicLowLevel()` function to check if a scope is in the public catalog
- `PublicLowLevelScopeNames()` function that returns a sorted list of public scopes
- Tests to verify the catalog entries are valid and properly sorted
- Updated documentation in the check-scopes README to clarify that public scopes should be added to this catalog

This change helps distinguish between internal-only scopes and those that should be exposed to users in the API.
 2025-09-26 11:30:28 +02:00