Enable users to create invitations

Invitations are now properly validated (#129) to disallow privilege escalation.
appuio · Mar 29, 2023 · 026a8fa · 026a8fa
1 parent 26c4f8a
commit 026a8fa
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/config/user-rbac/basic-user-role.yml b/config/user-rbac/basic-user-role.yml
@@ -28,6 +28,9 @@ rules:
 - apiGroups: ["user.appuio.io"]
   resources: ["invitations"]
   verbs: ["get", "watch", "list"]
+- apiGroups: ["rbac.appuio.io", "user.appuio.io"]
+  resources: ["invitations"]
+  verbs: ["create"]
 # Allow redeeming invitations
 - apiGroups: ["user.appuio.io"]
   resources: ["invitationredeemrequests"]