coder/coderd/database/migrations/000457_chat_access_role.down.sql at 581f3bdd14bbdea7ea5c016bbdd672643eed2b2e - coder - Gitea: Git with a cup of tea

shishantbiswas/coder

mirror of https://github.com/coder/coder.git synced 2026-06-03 13:08:25 +00:00

Files

T

Cian Johnston 3ce82bb885 feat: add chat-access site-wide role to gate chat creation (#23724 )

- Add `chat-access` built-in role granting chat CRUD at User scope
- Exclude `ResourceChat` from member, org member, and org service
account `allPermsExcept` calls
- Allow system, owner, and user-admin to assign the new role
- Migration auto-assigns role to users who have ever created a chat
- Update RBAC test matrix: `memberMe` denied, `chatAccessUser` allowed

**Breaking change**: Members without `chat-access` lose chat creation
ability. Migration covers existing chat creators. Members who have never
created a chat do not get this role automatically applied.

> 🤖 This PR was created by a Coder Agent and reviewed by me.

2026-03-31 10:07:21 +01:00

5 lines

167 B

SQL

Raw Blame History

 -- Remove 'agents-access' from all users who have it.
 UPDATE users
 SET rbac_roles = array_remove(rbac_roles, 'agents-access')
 WHERE 'agents-access' = ANY(rbac_roles);