mirror of
https://github.com/coder/coder.git
synced 2026-06-02 20:48:20 +00:00
Michael Suchacz
5a8d0016a5
> Mux updated this PR on behalf of Mike. ## Stack Context This PR is the storage, permissions, API, and SDK layer for experimental personal skills. #25362 has landed on `main`, so this branch is restacked directly on `main`. Stack order: 1. #25363 storage, permissions, API, and SDK 2. #25365 API test coverage 3. #25366 chattool and chatd integration 4. #25066 settings UI and docs 5. #25386 personal skills slash menu ## What? Adds the `user_skills` database table, generated queries, RBAC resources and scopes, audit resource handling, experimental user-scoped CRUD endpoints, SDK types, and generated API/site types. Follow-up review and restack fixes: - Enforce a bounded personal skill description in parser and database constraints. - Return `403 Forbidden` for unauthorized create and update attempts. - Return explicit conflict responses when soft-deleted users are targeted. - Keep user admins out of personal skills, while site owners can read and delete but not create or update. - Document trigger-raised constraint names and keep schema constants covered by tests. - Reuse `UserSkillMetadata` in the full `UserSkill` SDK response type. - Generate user skill IDs in Go instead of relying on a database default. - Rebase on latest `main` and renumber the user skills migration to `000502_user_skills`. ## Why? Personal skills need durable user-owned storage with owner authorization, limited site-owner moderation, and a hidden API surface before chatd can consume them. ## Validation - `make gen` - `go test ./coderd/database -run '^TestUserSkillSchemaConstants$' -count=1` - `go test ./coderd/database/dbauthz -run '^TestMethodTestSuite/TestUserSkills$' -count=1` - `go test ./coderd -run '^TestPatchUserSkill$' -count=1` - `go test ./codersdk ./coderd/database/db2sdk` - `make lint` - pre-commit hook on `97fd58108d`
65 KiB
Generated
65 KiB
Generated
Members
List organization members
Code samples
# Example request using curl
curl -X GET http://coder-server:8080/api/v2/organizations/{organization}/members \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
GET /api/v2/organizations/{organization}/members
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string | true | Organization ID |
Example responses
200 Response
[
{
"avatar_url": "string",
"created_at": "2019-08-24T14:15:22Z",
"email": "string",
"global_roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"has_ai_seat": true,
"is_service_account": true,
"last_seen_at": "2019-08-24T14:15:22Z",
"login_type": "",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"status": "active",
"updated_at": "2019-08-24T14:15:22Z",
"user_created_at": "2019-08-24T14:15:22Z",
"user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
"user_updated_at": "2019-08-24T14:15:22Z",
"username": "string"
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | array of codersdk.OrganizationMemberWithUserData |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
[array item] |
array | false | ||
» avatar_url |
string | false | ||
» created_at |
string(date-time) | false | ||
» email |
string | false | ||
» global_roles |
array | false | ||
»» display_name |
string | false | ||
»» name |
string | false | ||
»» organization_id |
string | false | ||
» has_ai_seat |
boolean | false | Has ai seat intentionally omits omitempty so the API always includes the field, even when false. | |
» is_service_account |
boolean | false | ||
» last_seen_at |
string(date-time) | false | ||
» login_type |
codersdk.LoginType | false | ||
» name |
string | false | ||
» organization_id |
string(uuid) | false | ||
» roles |
array | false | ||
» status |
codersdk.UserStatus | false | ||
» updated_at |
string(date-time) | false | ||
» user_created_at |
string(date-time) | false | ||
» user_id |
string(uuid) | false | ||
» user_updated_at |
string(date-time) | false | ||
» username |
string | false |
Enumerated Values
| Property | Value(s) |
|---|---|
login_type |
``, github, none, oidc, password, token |
status |
active, suspended |
To perform this operation, you must be authenticated. Learn more.
Get member roles by organization
Code samples
# Example request using curl
curl -X GET http://coder-server:8080/api/v2/organizations/{organization}/members/roles \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
GET /api/v2/organizations/{organization}/members/roles
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string(uuid) | true | Organization ID |
Example responses
200 Response
[
{
"assignable": true,
"built_in": true,
"display_name": "string",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"organization_member_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"organization_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | array of codersdk.AssignableRoles |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
[array item] |
array | false | ||
» assignable |
boolean | false | ||
» built_in |
boolean | false | Built in roles are immutable | |
» display_name |
string | false | ||
» name |
string | false | ||
» organization_id |
string(uuid) | false | ||
» organization_member_permissions |
array | false | Organization member permissions are specific for the organization in the field 'OrganizationID' above. | |
»» action |
codersdk.RBACAction | false | ||
»» negate |
boolean | false | Negate makes this a negative permission | |
»» resource_type |
codersdk.RBACResource | false | ||
» organization_permissions |
array | false | Organization permissions are specific for the organization in the field 'OrganizationID' above. | |
» site_permissions |
array | false | ||
» user_permissions |
array | false |
Enumerated Values
| Property | Value(s) |
|---|---|
action |
application_connect, assign, create, create_agent, delete, delete_agent, read, read_personal, share, ssh, start, stop, unassign, update, update_agent, update_personal, use, view_insights |
resource_type |
*, ai_model_price, ai_provider, ai_seat, aibridge_interception, api_key, assign_org_role, assign_role, audit_log, boundary_usage, chat, connection_log, crypto_key, debug_info, deployment_config, deployment_stats, file, group, group_member, idpsync_settings, inbox_notification, license, notification_message, notification_preference, notification_template, oauth2_app, oauth2_app_code_token, oauth2_app_secret, organization, organization_member, prebuilt_workspace, provisioner_daemon, provisioner_jobs, replicas, system, tailnet_coordinator, task, template, usage_event, user, user_secret, user_skill, webpush_subscription, workspace, workspace_agent_devcontainers, workspace_agent_resource_monitor, workspace_dormant, workspace_proxy |
To perform this operation, you must be authenticated. Learn more.
Update a custom organization role
Code samples
# Example request using curl
curl -X PUT http://coder-server:8080/api/v2/organizations/{organization}/members/roles \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
PUT /api/v2/organizations/{organization}/members/roles
Body parameter
{
"display_name": "string",
"name": "string",
"organization_member_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"organization_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string(uuid) | true | Organization ID |
body |
body | codersdk.CustomRoleRequest | true | Update role request |
Example responses
200 Response
[
{
"display_name": "string",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"organization_member_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"organization_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | array of codersdk.Role |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
[array item] |
array | false | ||
» display_name |
string | false | ||
» name |
string | false | ||
» organization_id |
string(uuid) | false | ||
» organization_member_permissions |
array | false | Organization member permissions are specific for the organization in the field 'OrganizationID' above. | |
»» action |
codersdk.RBACAction | false | ||
»» negate |
boolean | false | Negate makes this a negative permission | |
»» resource_type |
codersdk.RBACResource | false | ||
» organization_permissions |
array | false | Organization permissions are specific for the organization in the field 'OrganizationID' above. | |
» site_permissions |
array | false | ||
» user_permissions |
array | false |
Enumerated Values
| Property | Value(s) |
|---|---|
action |
application_connect, assign, create, create_agent, delete, delete_agent, read, read_personal, share, ssh, start, stop, unassign, update, update_agent, update_personal, use, view_insights |
resource_type |
*, ai_model_price, ai_provider, ai_seat, aibridge_interception, api_key, assign_org_role, assign_role, audit_log, boundary_usage, chat, connection_log, crypto_key, debug_info, deployment_config, deployment_stats, file, group, group_member, idpsync_settings, inbox_notification, license, notification_message, notification_preference, notification_template, oauth2_app, oauth2_app_code_token, oauth2_app_secret, organization, organization_member, prebuilt_workspace, provisioner_daemon, provisioner_jobs, replicas, system, tailnet_coordinator, task, template, usage_event, user, user_secret, user_skill, webpush_subscription, workspace, workspace_agent_devcontainers, workspace_agent_resource_monitor, workspace_dormant, workspace_proxy |
To perform this operation, you must be authenticated. Learn more.
Insert a custom organization role
Code samples
# Example request using curl
curl -X POST http://coder-server:8080/api/v2/organizations/{organization}/members/roles \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
POST /api/v2/organizations/{organization}/members/roles
Body parameter
{
"display_name": "string",
"name": "string",
"organization_member_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"organization_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string(uuid) | true | Organization ID |
body |
body | codersdk.CustomRoleRequest | true | Insert role request |
Example responses
200 Response
[
{
"display_name": "string",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"organization_member_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"organization_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | array of codersdk.Role |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
[array item] |
array | false | ||
» display_name |
string | false | ||
» name |
string | false | ||
» organization_id |
string(uuid) | false | ||
» organization_member_permissions |
array | false | Organization member permissions are specific for the organization in the field 'OrganizationID' above. | |
»» action |
codersdk.RBACAction | false | ||
»» negate |
boolean | false | Negate makes this a negative permission | |
»» resource_type |
codersdk.RBACResource | false | ||
» organization_permissions |
array | false | Organization permissions are specific for the organization in the field 'OrganizationID' above. | |
» site_permissions |
array | false | ||
» user_permissions |
array | false |
Enumerated Values
| Property | Value(s) |
|---|---|
action |
application_connect, assign, create, create_agent, delete, delete_agent, read, read_personal, share, ssh, start, stop, unassign, update, update_agent, update_personal, use, view_insights |
resource_type |
*, ai_model_price, ai_provider, ai_seat, aibridge_interception, api_key, assign_org_role, assign_role, audit_log, boundary_usage, chat, connection_log, crypto_key, debug_info, deployment_config, deployment_stats, file, group, group_member, idpsync_settings, inbox_notification, license, notification_message, notification_preference, notification_template, oauth2_app, oauth2_app_code_token, oauth2_app_secret, organization, organization_member, prebuilt_workspace, provisioner_daemon, provisioner_jobs, replicas, system, tailnet_coordinator, task, template, usage_event, user, user_secret, user_skill, webpush_subscription, workspace, workspace_agent_devcontainers, workspace_agent_resource_monitor, workspace_dormant, workspace_proxy |
To perform this operation, you must be authenticated. Learn more.
Delete a custom organization role
Code samples
# Example request using curl
curl -X DELETE http://coder-server:8080/api/v2/organizations/{organization}/members/roles/{roleName} \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
DELETE /api/v2/organizations/{organization}/members/roles/{roleName}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string(uuid) | true | Organization ID |
roleName |
path | string | true | Role name |
Example responses
200 Response
[
{
"display_name": "string",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"organization_member_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"organization_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | array of codersdk.Role |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
[array item] |
array | false | ||
» display_name |
string | false | ||
» name |
string | false | ||
» organization_id |
string(uuid) | false | ||
» organization_member_permissions |
array | false | Organization member permissions are specific for the organization in the field 'OrganizationID' above. | |
»» action |
codersdk.RBACAction | false | ||
»» negate |
boolean | false | Negate makes this a negative permission | |
»» resource_type |
codersdk.RBACResource | false | ||
» organization_permissions |
array | false | Organization permissions are specific for the organization in the field 'OrganizationID' above. | |
» site_permissions |
array | false | ||
» user_permissions |
array | false |
Enumerated Values
| Property | Value(s) |
|---|---|
action |
application_connect, assign, create, create_agent, delete, delete_agent, read, read_personal, share, ssh, start, stop, unassign, update, update_agent, update_personal, use, view_insights |
resource_type |
*, ai_model_price, ai_provider, ai_seat, aibridge_interception, api_key, assign_org_role, assign_role, audit_log, boundary_usage, chat, connection_log, crypto_key, debug_info, deployment_config, deployment_stats, file, group, group_member, idpsync_settings, inbox_notification, license, notification_message, notification_preference, notification_template, oauth2_app, oauth2_app_code_token, oauth2_app_secret, organization, organization_member, prebuilt_workspace, provisioner_daemon, provisioner_jobs, replicas, system, tailnet_coordinator, task, template, usage_event, user, user_secret, user_skill, webpush_subscription, workspace, workspace_agent_devcontainers, workspace_agent_resource_monitor, workspace_dormant, workspace_proxy |
To perform this operation, you must be authenticated. Learn more.
Get organization member
Code samples
# Example request using curl
curl -X GET http://coder-server:8080/api/v2/organizations/{organization}/members/{user} \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
GET /api/v2/organizations/{organization}/members/{user}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string | true | Organization ID |
user |
path | string | true | User ID, name, or me |
Example responses
200 Response
{
"avatar_url": "string",
"created_at": "2019-08-24T14:15:22Z",
"email": "string",
"global_roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"has_ai_seat": true,
"is_service_account": true,
"last_seen_at": "2019-08-24T14:15:22Z",
"login_type": "",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"status": "active",
"updated_at": "2019-08-24T14:15:22Z",
"user_created_at": "2019-08-24T14:15:22Z",
"user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
"user_updated_at": "2019-08-24T14:15:22Z",
"username": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | codersdk.OrganizationMemberWithUserData |
To perform this operation, you must be authenticated. Learn more.
Add organization member
Code samples
# Example request using curl
curl -X POST http://coder-server:8080/api/v2/organizations/{organization}/members/{user} \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
POST /api/v2/organizations/{organization}/members/{user}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string | true | Organization ID |
user |
path | string | true | User ID, name, or me |
Example responses
200 Response
{
"created_at": "2019-08-24T14:15:22Z",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"updated_at": "2019-08-24T14:15:22Z",
"user_id": "a169451c-8525-4352-b8ca-070dd449a1a5"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | codersdk.OrganizationMember |
To perform this operation, you must be authenticated. Learn more.
Remove organization member
Code samples
# Example request using curl
curl -X DELETE http://coder-server:8080/api/v2/organizations/{organization}/members/{user} \
-H 'Coder-Session-Token: API_KEY'
DELETE /api/v2/organizations/{organization}/members/{user}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string | true | Organization ID |
user |
path | string | true | User ID, name, or me |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | No Content |
To perform this operation, you must be authenticated. Learn more.
Assign role to organization member
Code samples
# Example request using curl
curl -X PUT http://coder-server:8080/api/v2/organizations/{organization}/members/{user}/roles \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
PUT /api/v2/organizations/{organization}/members/{user}/roles
Body parameter
{
"roles": [
"string"
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string | true | Organization ID |
user |
path | string | true | User ID, name, or me |
body |
body | codersdk.UpdateRoles | true | Update roles request |
Example responses
200 Response
{
"created_at": "2019-08-24T14:15:22Z",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"updated_at": "2019-08-24T14:15:22Z",
"user_id": "a169451c-8525-4352-b8ca-070dd449a1a5"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | codersdk.OrganizationMember |
To perform this operation, you must be authenticated. Learn more.
Paginated organization members
Code samples
# Example request using curl
curl -X GET http://coder-server:8080/api/v2/organizations/{organization}/paginated-members \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
GET /api/v2/organizations/{organization}/paginated-members
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string | true | Organization ID |
q |
query | string | false | Member search query |
after_id |
query | string(uuid) | false | After ID |
limit |
query | integer | false | Page limit, if 0 returns all members |
offset |
query | integer | false | Page offset |
Example responses
200 Response
[
{
"count": 0,
"members": [
{
"avatar_url": "string",
"created_at": "2019-08-24T14:15:22Z",
"email": "string",
"global_roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"has_ai_seat": true,
"is_service_account": true,
"last_seen_at": "2019-08-24T14:15:22Z",
"login_type": "",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"status": "active",
"updated_at": "2019-08-24T14:15:22Z",
"user_created_at": "2019-08-24T14:15:22Z",
"user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
"user_updated_at": "2019-08-24T14:15:22Z",
"username": "string"
}
]
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | array of codersdk.PaginatedMembersResponse |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
[array item] |
array | false | ||
» count |
integer | false | ||
» members |
array | false | ||
»» avatar_url |
string | false | ||
»» created_at |
string(date-time) | false | ||
»» email |
string | false | ||
»» global_roles |
array | false | ||
»»» display_name |
string | false | ||
»»» name |
string | false | ||
»»» organization_id |
string | false | ||
»» has_ai_seat |
boolean | false | Has ai seat intentionally omits omitempty so the API always includes the field, even when false. | |
»» is_service_account |
boolean | false | ||
»» last_seen_at |
string(date-time) | false | ||
»» login_type |
codersdk.LoginType | false | ||
»» name |
string | false | ||
»» organization_id |
string(uuid) | false | ||
»» roles |
array | false | ||
»» status |
codersdk.UserStatus | false | ||
»» updated_at |
string(date-time) | false | ||
»» user_created_at |
string(date-time) | false | ||
»» user_id |
string(uuid) | false | ||
»» user_updated_at |
string(date-time) | false | ||
»» username |
string | false |
Enumerated Values
| Property | Value(s) |
|---|---|
login_type |
``, github, none, oidc, password, token |
status |
active, suspended |
To perform this operation, you must be authenticated. Learn more.
Get site member roles
Code samples
# Example request using curl
curl -X GET http://coder-server:8080/api/v2/users/roles \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
GET /api/v2/users/roles
Example responses
200 Response
[
{
"assignable": true,
"built_in": true,
"display_name": "string",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"organization_member_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"organization_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | array of codersdk.AssignableRoles |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
[array item] |
array | false | ||
» assignable |
boolean | false | ||
» built_in |
boolean | false | Built in roles are immutable | |
» display_name |
string | false | ||
» name |
string | false | ||
» organization_id |
string(uuid) | false | ||
» organization_member_permissions |
array | false | Organization member permissions are specific for the organization in the field 'OrganizationID' above. | |
»» action |
codersdk.RBACAction | false | ||
»» negate |
boolean | false | Negate makes this a negative permission | |
»» resource_type |
codersdk.RBACResource | false | ||
» organization_permissions |
array | false | Organization permissions are specific for the organization in the field 'OrganizationID' above. | |
» site_permissions |
array | false | ||
» user_permissions |
array | false |
Enumerated Values
| Property | Value(s) |
|---|---|
action |
application_connect, assign, create, create_agent, delete, delete_agent, read, read_personal, share, ssh, start, stop, unassign, update, update_agent, update_personal, use, view_insights |
resource_type |
*, ai_model_price, ai_provider, ai_seat, aibridge_interception, api_key, assign_org_role, assign_role, audit_log, boundary_usage, chat, connection_log, crypto_key, debug_info, deployment_config, deployment_stats, file, group, group_member, idpsync_settings, inbox_notification, license, notification_message, notification_preference, notification_template, oauth2_app, oauth2_app_code_token, oauth2_app_secret, organization, organization_member, prebuilt_workspace, provisioner_daemon, provisioner_jobs, replicas, system, tailnet_coordinator, task, template, usage_event, user, user_secret, user_skill, webpush_subscription, workspace, workspace_agent_devcontainers, workspace_agent_resource_monitor, workspace_dormant, workspace_proxy |
To perform this operation, you must be authenticated. Learn more.