mirror of
https://github.com/coder/coder.git
synced 2026-06-02 20:48:20 +00:00
Cian Johnston
3ce82bb885
- Add `chat-access` built-in role granting chat CRUD at User scope
- Exclude `ResourceChat` from member, org member, and org service
account `allPermsExcept` calls
- Allow system, owner, and user-admin to assign the new role
- Migration auto-assigns role to users who have ever created a chat
- Update RBAC test matrix: `memberMe` denied, `chatAccessUser` allowed
**Breaking change**: Members without `chat-access` lose chat creation
ability. Migration covers existing chat creators. Members who have never
created a chat do not get this role automatically applied.
> 🤖 This PR was created by a Coder Agent and reviewed by me.
6 lines
237 B
SQL
6 lines
237 B
SQL
-- Grant 'agents-access' to every user who has ever created a chat.
|
|
UPDATE users
|
|
SET rbac_roles = array_append(rbac_roles, 'agents-access')
|
|
WHERE id IN (SELECT DISTINCT owner_id FROM chats)
|
|
AND NOT ('agents-access' = ANY(rbac_roles));
|