From b2b6b91f8844075b939a902b6c2c5af35f25ad2e Mon Sep 17 00:00:00 2001
From: John Collier <jcollier@redhat.com>
Date: Thu, 30 Jan 2025 18:04:10 -0500
Subject: [PATCH] [RHDHPAI-519] Allow software templates to be viewed, but not
 executed

Signed-off-by: John Collier <jcollier@redhat.com>
---
 developer-hub/app-config.yaml       | 5 +++++
 developer-hub/rhdh-rbac-policy.yaml | 1 +
 2 files changed, 6 insertions(+)

diff --git a/developer-hub/app-config.yaml b/developer-hub/app-config.yaml
index 7cf5c73..fc43dc2 100644
--- a/developer-hub/app-config.yaml
+++ b/developer-hub/app-config.yaml
@@ -61,6 +61,11 @@ data:
                 - resolver: emailMatchingUserEntityProfileEmail
       rules:
           - allow: [Component, Group, User, Resource, Location, Template, API]
+      locations:
+        - type: url
+          target: https://github.com/redhat-ai-dev/ai-lab-template/blob/main/all.yaml
+          rules:
+            - allow: [Location, Template]
     lightspeed:
       servers:
       - id: 'ollama-server'
diff --git a/developer-hub/rhdh-rbac-policy.yaml b/developer-hub/rhdh-rbac-policy.yaml
index d2130e8..33e1a60 100644
--- a/developer-hub/rhdh-rbac-policy.yaml
+++ b/developer-hub/rhdh-rbac-policy.yaml
@@ -21,6 +21,7 @@ data:
     p, role:default/rhdhpai-users, catalog.entity.create, create, allow
     p, role:default/rhdhpai-users, scaffolder-template, read, allow
     p, role:default/rhdhpai-users, scaffolder.task.read, read, allow
+    p, role:default/rhdhpai-users, scaffolder.task.create, create, allow
 
     g, user:default/afred, role:default/rhdhpai-users
     g, user:default/bsutter, role:default/rhdhpai-users