mirror of
https://github.com/coder/coder.git
synced 2026-06-02 20:48:20 +00:00
Michael Suchacz
5a8d0016a5
> Mux updated this PR on behalf of Mike. ## Stack Context This PR is the storage, permissions, API, and SDK layer for experimental personal skills. #25362 has landed on `main`, so this branch is restacked directly on `main`. Stack order: 1. #25363 storage, permissions, API, and SDK 2. #25365 API test coverage 3. #25366 chattool and chatd integration 4. #25066 settings UI and docs 5. #25386 personal skills slash menu ## What? Adds the `user_skills` database table, generated queries, RBAC resources and scopes, audit resource handling, experimental user-scoped CRUD endpoints, SDK types, and generated API/site types. Follow-up review and restack fixes: - Enforce a bounded personal skill description in parser and database constraints. - Return `403 Forbidden` for unauthorized create and update attempts. - Return explicit conflict responses when soft-deleted users are targeted. - Keep user admins out of personal skills, while site owners can read and delete but not create or update. - Document trigger-raised constraint names and keep schema constants covered by tests. - Reuse `UserSkillMetadata` in the full `UserSkill` SDK response type. - Generate user skill IDs in Go instead of relying on a database default. - Rebase on latest `main` and renumber the user skills migration to `000502_user_skills`. ## Why? Personal skills need durable user-owned storage with owner authorization, limited site-owner moderation, and a hidden API surface before chatd can consume them. ## Validation - `make gen` - `go test ./coderd/database -run '^TestUserSkillSchemaConstants$' -count=1` - `go test ./coderd/database/dbauthz -run '^TestMethodTestSuite/TestUserSkills$' -count=1` - `go test ./coderd -run '^TestPatchUserSkill$' -count=1` - `go test ./codersdk ./coderd/database/db2sdk` - `make lint` - pre-commit hook on `97fd58108d`
132 lines
8.7 KiB
Go
132 lines
8.7 KiB
Go
// Code generated by typegen/main.go. DO NOT EDIT.
|
|
package codersdk
|
|
|
|
type RBACResource string
|
|
|
|
const (
|
|
ResourceWildcard RBACResource = "*"
|
|
ResourceAiModelPrice RBACResource = "ai_model_price"
|
|
ResourceAIProvider RBACResource = "ai_provider"
|
|
ResourceAiSeat RBACResource = "ai_seat"
|
|
ResourceAibridgeInterception RBACResource = "aibridge_interception"
|
|
ResourceApiKey RBACResource = "api_key"
|
|
ResourceAssignOrgRole RBACResource = "assign_org_role"
|
|
ResourceAssignRole RBACResource = "assign_role"
|
|
ResourceAuditLog RBACResource = "audit_log"
|
|
ResourceBoundaryUsage RBACResource = "boundary_usage"
|
|
ResourceChat RBACResource = "chat"
|
|
ResourceConnectionLog RBACResource = "connection_log"
|
|
ResourceCryptoKey RBACResource = "crypto_key"
|
|
ResourceDebugInfo RBACResource = "debug_info"
|
|
ResourceDeploymentConfig RBACResource = "deployment_config"
|
|
ResourceDeploymentStats RBACResource = "deployment_stats"
|
|
ResourceFile RBACResource = "file"
|
|
ResourceGroup RBACResource = "group"
|
|
ResourceGroupMember RBACResource = "group_member"
|
|
ResourceIdpsyncSettings RBACResource = "idpsync_settings"
|
|
ResourceInboxNotification RBACResource = "inbox_notification"
|
|
ResourceLicense RBACResource = "license"
|
|
ResourceNotificationMessage RBACResource = "notification_message"
|
|
ResourceNotificationPreference RBACResource = "notification_preference"
|
|
ResourceNotificationTemplate RBACResource = "notification_template"
|
|
ResourceOauth2App RBACResource = "oauth2_app"
|
|
ResourceOauth2AppCodeToken RBACResource = "oauth2_app_code_token"
|
|
ResourceOauth2AppSecret RBACResource = "oauth2_app_secret"
|
|
ResourceOrganization RBACResource = "organization"
|
|
ResourceOrganizationMember RBACResource = "organization_member"
|
|
ResourcePrebuiltWorkspace RBACResource = "prebuilt_workspace"
|
|
ResourceProvisionerDaemon RBACResource = "provisioner_daemon"
|
|
ResourceProvisionerJobs RBACResource = "provisioner_jobs"
|
|
ResourceReplicas RBACResource = "replicas"
|
|
ResourceSystem RBACResource = "system"
|
|
ResourceTailnetCoordinator RBACResource = "tailnet_coordinator"
|
|
ResourceTask RBACResource = "task"
|
|
ResourceTemplate RBACResource = "template"
|
|
ResourceUsageEvent RBACResource = "usage_event"
|
|
ResourceUser RBACResource = "user"
|
|
ResourceUserSecret RBACResource = "user_secret"
|
|
ResourceUserSkill RBACResource = "user_skill"
|
|
ResourceWebpushSubscription RBACResource = "webpush_subscription"
|
|
ResourceWorkspace RBACResource = "workspace"
|
|
ResourceWorkspaceAgentDevcontainers RBACResource = "workspace_agent_devcontainers"
|
|
ResourceWorkspaceAgentResourceMonitor RBACResource = "workspace_agent_resource_monitor"
|
|
ResourceWorkspaceDormant RBACResource = "workspace_dormant"
|
|
ResourceWorkspaceProxy RBACResource = "workspace_proxy"
|
|
)
|
|
|
|
type RBACAction string
|
|
|
|
const (
|
|
ActionApplicationConnect RBACAction = "application_connect"
|
|
ActionAssign RBACAction = "assign"
|
|
ActionCreate RBACAction = "create"
|
|
ActionCreateAgent RBACAction = "create_agent"
|
|
ActionDelete RBACAction = "delete"
|
|
ActionDeleteAgent RBACAction = "delete_agent"
|
|
ActionRead RBACAction = "read"
|
|
ActionReadPersonal RBACAction = "read_personal"
|
|
ActionSSH RBACAction = "ssh"
|
|
ActionShare RBACAction = "share"
|
|
ActionUnassign RBACAction = "unassign"
|
|
ActionUpdate RBACAction = "update"
|
|
ActionUpdateAgent RBACAction = "update_agent"
|
|
ActionUpdatePersonal RBACAction = "update_personal"
|
|
ActionUse RBACAction = "use"
|
|
ActionViewInsights RBACAction = "view_insights"
|
|
ActionWorkspaceStart RBACAction = "start"
|
|
ActionWorkspaceStop RBACAction = "stop"
|
|
)
|
|
|
|
// RBACResourceActions is the mapping of resources to which actions are valid for
|
|
// said resource type.
|
|
var RBACResourceActions = map[RBACResource][]RBACAction{
|
|
ResourceWildcard: {},
|
|
ResourceAiModelPrice: {ActionRead, ActionUpdate},
|
|
ResourceAIProvider: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
ResourceAiSeat: {ActionCreate, ActionRead},
|
|
ResourceAibridgeInterception: {ActionCreate, ActionRead, ActionUpdate},
|
|
ResourceApiKey: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
ResourceAssignOrgRole: {ActionAssign, ActionCreate, ActionDelete, ActionRead, ActionUnassign, ActionUpdate},
|
|
ResourceAssignRole: {ActionAssign, ActionRead, ActionUnassign},
|
|
ResourceAuditLog: {ActionCreate, ActionRead},
|
|
ResourceBoundaryUsage: {ActionDelete, ActionRead, ActionUpdate},
|
|
ResourceChat: {ActionCreate, ActionDelete, ActionRead, ActionShare, ActionUpdate},
|
|
ResourceConnectionLog: {ActionRead, ActionUpdate},
|
|
ResourceCryptoKey: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
ResourceDebugInfo: {ActionRead},
|
|
ResourceDeploymentConfig: {ActionRead, ActionUpdate},
|
|
ResourceDeploymentStats: {ActionRead},
|
|
ResourceFile: {ActionCreate, ActionRead},
|
|
ResourceGroup: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
ResourceGroupMember: {ActionRead},
|
|
ResourceIdpsyncSettings: {ActionRead, ActionUpdate},
|
|
ResourceInboxNotification: {ActionCreate, ActionRead, ActionUpdate},
|
|
ResourceLicense: {ActionCreate, ActionDelete, ActionRead},
|
|
ResourceNotificationMessage: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
ResourceNotificationPreference: {ActionRead, ActionUpdate},
|
|
ResourceNotificationTemplate: {ActionRead, ActionUpdate},
|
|
ResourceOauth2App: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
ResourceOauth2AppCodeToken: {ActionCreate, ActionDelete, ActionRead},
|
|
ResourceOauth2AppSecret: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
ResourceOrganization: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
ResourceOrganizationMember: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
ResourcePrebuiltWorkspace: {ActionDelete, ActionUpdate},
|
|
ResourceProvisionerDaemon: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
ResourceProvisionerJobs: {ActionCreate, ActionRead, ActionUpdate},
|
|
ResourceReplicas: {ActionRead},
|
|
ResourceSystem: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
ResourceTailnetCoordinator: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
ResourceTask: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
ResourceTemplate: {ActionCreate, ActionDelete, ActionRead, ActionUpdate, ActionUse, ActionViewInsights},
|
|
ResourceUsageEvent: {ActionCreate, ActionRead, ActionUpdate},
|
|
ResourceUser: {ActionCreate, ActionDelete, ActionRead, ActionReadPersonal, ActionUpdate, ActionUpdatePersonal},
|
|
ResourceUserSecret: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
ResourceUserSkill: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
ResourceWebpushSubscription: {ActionCreate, ActionDelete, ActionRead},
|
|
ResourceWorkspace: {ActionApplicationConnect, ActionCreate, ActionCreateAgent, ActionDelete, ActionDeleteAgent, ActionRead, ActionShare, ActionSSH, ActionWorkspaceStart, ActionWorkspaceStop, ActionUpdate, ActionUpdateAgent},
|
|
ResourceWorkspaceAgentDevcontainers: {ActionCreate},
|
|
ResourceWorkspaceAgentResourceMonitor: {ActionCreate, ActionRead, ActionUpdate},
|
|
ResourceWorkspaceDormant: {ActionApplicationConnect, ActionCreate, ActionCreateAgent, ActionDelete, ActionDeleteAgent, ActionRead, ActionShare, ActionSSH, ActionWorkspaceStart, ActionWorkspaceStop, ActionUpdate, ActionUpdateAgent},
|
|
ResourceWorkspaceProxy: {ActionCreate, ActionDelete, ActionRead, ActionUpdate},
|
|
}
|