From 599ddcb5494de845ce6fe8e91240facf3b8fb466 Mon Sep 17 00:00:00 2001
From: Justin Li <juan.y.li@mail.mcgill.ca>
Date: Mon, 20 Nov 2023 16:56:44 -0500
Subject: [PATCH] fix: Add missing CancelRunAction to WorkspaceWriteRole (#649)

We have encountered the issue that a team member with permission to
manage workspace cannot cancel a pending run. This PR adds the missing
`CancelRunAction` to the `WorkspaceWriteRole`.
---
 internal/rbac/role.go      | 1 +
 internal/rbac/role_test.go | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/internal/rbac/role.go b/internal/rbac/role.go
index 34cc82b5f..081542382 100644
--- a/internal/rbac/role.go
+++ b/internal/rbac/role.go
@@ -66,6 +66,7 @@ var (
 		name: "write",
 		permissions: map[Action]bool{
 			ApplyRunAction:                        true,
+			CancelRunAction:                       true,
 			LockWorkspaceAction:                   true,
 			UnlockWorkspaceAction:                 true,
 			CreateWorkspaceVariableAction:         true,
diff --git a/internal/rbac/role_test.go b/internal/rbac/role_test.go
index 3ec548902..1e52aa704 100644
--- a/internal/rbac/role_test.go
+++ b/internal/rbac/role_test.go
@@ -12,12 +12,14 @@ func TestRole_IsAllowed(t *testing.T) {
 	assert.True(t, WorkspacePlanRole.IsAllowed(TailLogsAction))
 
 	assert.True(t, WorkspaceWriteRole.IsAllowed(ApplyRunAction))
+	assert.True(t, WorkspaceWriteRole.IsAllowed(CancelRunAction))
 	assert.True(t, WorkspaceWriteRole.IsAllowed(CreateRunAction))
 	assert.True(t, WorkspaceWriteRole.IsAllowed(ListRunsAction))
 	assert.True(t, WorkspaceWriteRole.IsAllowed(TailLogsAction))
 
 	assert.True(t, WorkspaceAdminRole.IsAllowed(SetWorkspacePermissionAction))
 	assert.True(t, WorkspaceAdminRole.IsAllowed(ApplyRunAction))
+	assert.True(t, WorkspaceWriteRole.IsAllowed(CancelRunAction))
 	assert.True(t, WorkspaceAdminRole.IsAllowed(CreateRunAction))
 	assert.True(t, WorkspaceAdminRole.IsAllowed(ListRunsAction))
 	assert.True(t, WorkspaceAdminRole.IsAllowed(TailLogsAction))
@@ -25,6 +27,7 @@ func TestRole_IsAllowed(t *testing.T) {
 	assert.True(t, WorkspaceManagerRole.IsAllowed(CreateWorkspaceAction))
 	assert.True(t, WorkspaceManagerRole.IsAllowed(SetWorkspacePermissionAction))
 	assert.True(t, WorkspaceManagerRole.IsAllowed(ApplyRunAction))
+	assert.True(t, WorkspaceWriteRole.IsAllowed(CancelRunAction))
 	assert.True(t, WorkspaceManagerRole.IsAllowed(CreateRunAction))
 	assert.True(t, WorkspaceManagerRole.IsAllowed(ListRunsAction))
 	assert.True(t, WorkspaceManagerRole.IsAllowed(TailLogsAction))