shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-03 13:08:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b5a625549e3fd45dfce6dad6f92a2f8082003d3b
coder/coderd/database
T
History
Cian Johnston b5a625549e feat: migrate agents-access to org-scoped system role for proper chat RBAC (#24438) 
The agents-access role previously granted chat permissions at user
scope, but chats are org-scoped objects. Rego skips user-level perms
when org_owner is set, making the grants invisible. Handler-level
band-aids used synthetic non-org-scoped objects as a workaround.

  - Migrates agents-access from users.rbac_roles (site-level) to
    organization_members.roles (org-scoped) via DB migration
  - Redefines agents-access as a predefined org-scoped builtin role
    alongside organization-admin, organization-auditor, etc., with
    Member permissions granting chat create/read/update
  - Excludes ResourceChat from OrgMemberPermissions so org membership
    alone no longer grants chat access
  - Fixes handler Authorize checks to use org-scoped objects with
semantically correct actions (ActionUpdate for message/tool operations)
  - Grants org admins the ability to assign agents-access

Closes #24250
Fixes CODAGT-174

Note: this does not update the "Usage" endpoints. Tracked by CODAGT-161.
> 🤖
2026-04-23 17:59:42 +01:00
..
awsiamrds
test(coderd/database/awsiamrds): fix unclosed pubsub (#16202)
2025-01-20 17:25:31 +00:00
db2sdk
feat: sort AI sessions by last prompt time (#24440)
2026-04-22 12:06:49 -04:00
dbauthz
feat: migrate agents-access to org-scoped system role for proper chat RBAC (#24438)
2026-04-23 17:59:42 +01:00
dbfake
ci: add InTx linter replacing ruleguard rule (#24422)
2026-04-17 00:07:30 +10:00
dbgen
feat: byok-observability for aibridge (#23808)
2026-04-08 13:24:28 -04:00
dbmetrics
fix(coderd): allow deleting chat providers used in historical chats (#24568)
2026-04-22 19:34:34 +10:00
dbmock
fix(coderd): allow deleting chat providers used in historical chats (#24568)
2026-04-22 19:34:34 +10:00
dbpurge
chore: add client_type field to chats and telemetry (#24342)
2026-04-16 23:57:05 +10:00
dbrollup
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
dbtestutil
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
dbtime
fix(coderd/database): aggregate user engagement statistics by interval (#16150)
2025-01-16 17:34:53 +02:00
gen/dump
build(Makefile): enable parallel make -j gen with correct dependency graph (#22612)
2026-03-05 11:58:10 +00:00
gentest
fix: use SQL-level auth filtering for chat listing (#23159)
2026-03-17 12:46:24 -04:00
migrations
feat: migrate agents-access to org-scoped system role for proper chat RBAC (#24438)
2026-04-23 17:59:42 +01:00
provisionerjobs
pubsub
chore: split Pubsub interface into Publisher and Subscriber (#24442)
2026-04-17 22:58:33 -04:00
queries
fix(coderd): reject API operations on archived chats (#24633)
2026-04-23 19:03:33 +03:00
sdk2db
chore(coderd/database): remove deprecated db2sdk.List(Lazy)? methods (#21902)
2026-02-03 17:52:07 +00:00
.gitignore
check_constraint.go
feat: provider key policies and user provider settings (#23751)
2026-04-02 19:46:42 +02:00
connector.go
fix: use authenticated urls for pubsub (#14261)
2024-08-26 15:04:04 +00:00
constants.go
feat: allow TemplateAdmin to delete prebuilds via auth layer (#18333)
2025-06-20 17:36:32 +01:00
db_test.go
ci: add InTx linter replacing ruleguard rule (#24422)
2026-04-17 00:07:30 +10:00
db.go
chore: remove dbmem comment references (#22056)
2026-02-12 09:06:33 +00:00
dump.sql
fix(coderd): allow deleting chat providers used in historical chats (#24568)
2026-04-22 19:34:34 +10:00
errors.go
chore: improve build deadline code (#19203)
2025-08-07 11:00:31 +10:00
foreign_key_constraint.go
fix(coderd): allow deleting chat providers used in historical chats (#24568)
2026-04-22 19:34:34 +10:00
generate.sh
build(Makefile): use atomic writes for remaining gen targets (#22670)
2026-03-05 22:32:18 +02:00
lock.go
fix: make boundary usage telemetry collection atomic (#21907)
2026-02-06 09:52:17 -07:00
modelmethods_internal_test.go
feat: add deployment-wide option to disable workspace sharing (#21172)
2025-12-09 08:13:09 -08:00
modelmethods.go
fix: exclude subagent chats from sidebar pagination (#24404)
2026-04-20 13:19:59 +03:00
modelqueries_internal_test.go
feat: add chat debug log tables, queries, and SDK types (#23913)
2026-04-13 15:06:06 +02:00
modelqueries.go
feat: sort AI sessions by last prompt time (#24440)
2026-04-22 12:06:49 -04:00
models.go
feat: allow approved external MCP tools in root plan mode (#24509)
2026-04-21 12:26:12 +02:00
no_slim.go
chore: avoid depending on rbac in slim builds (#17959)
2025-05-22 19:48:23 +10:00
oidcclaims_test.go
chore: remove dbmem (#18803)
2025-07-09 09:46:31 +02:00
pglocks.go
chore: update golang to 1.24.1 (#17035)
2025-03-26 01:56:39 -05:00
querier_test.go
feat: migrate agents-access to org-scoped system role for proper chat RBAC (#24438)
2026-04-23 17:59:42 +01:00
querier.go
fix(coderd): allow deleting chat providers used in historical chats (#24568)
2026-04-22 19:34:34 +10:00
queries.sql.go
fix(coderd): reject API operations on archived chats (#24633)
2026-04-23 19:03:33 +03:00
sqlc.yaml
feat: track chat file associations with chat_file_links on chats (#23537)
2026-04-07 12:05:29 +01:00
tx_test.go
chore: add tx metrics and logs for serialization errors (#15215)
2024-10-25 12:14:15 -04:00
tx.go
chore: add tx metrics and logs for serialization errors (#15215)
2024-10-25 12:14:15 -04:00
types.go
feat: add sharing info to /workspaces endpoint (#21049)
2025-12-15 08:42:08 -08:00
unique_constraint.go
feat: add chat debug log tables, queries, and SDK types (#23913)
2026-04-13 15:06:06 +02:00