synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-09 11:45:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: use system context for fetching template information (#15205)

Browse Source 
The authz check is Update() on the original template. This is not ideal,
but it follows the existing behavior. We are implicitly granting this
read access since template admins need to be able to see what
users/groups exist to assign.
This commit is contained in:
Steven Masley
2024-10-23 17:03:17 -05:00
committed by GitHub
parent fed70bdeb8
commit 163631e79c
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
enterprise/coderd/templates.go
View File

@ -66,7 +66,9 @@ func (api *API) templateAvailablePermissions(rw http.ResponseWriter, r *http.Req
httpapi.InternalServerError(rw, err) httpapi.InternalServerError(rw, err)
return return
} }
memberCount, err := api.Database.GetGroupMembersCountByGroupID(ctx, group.Group.ID)
// nolint:gocritic
memberCount, err := api.Database.GetGroupMembersCountByGroupID(dbauthz.AsSystemRestricted(ctx), group.Group.ID)
if err != nil { if err != nil {
httpapi.InternalServerError(rw, err) httpapi.InternalServerError(rw, err)
return return

4
enterprise/coderd/templates_test.go
View File

@ -1494,6 +1494,10 @@ func TestUpdateTemplateACL(t *testing.T) {
}, },
} }
// Group adds complexity to the /available endpoint
// Intentionally omit user2
coderdtest.CreateGroup(t, client, user.OrganizationID, "some-group", user3)
ctx := testutil.Context(t, testutil.WaitLong) ctx := testutil.Context(t, testutil.WaitLong)
err := client1.UpdateTemplateACL(ctx, template.ID, req) err := client1.UpdateTemplateACL(ctx, template.ID, req)