mirror of
https://github.com/coder/coder.git
synced 2025-07-03 16:13:58 +00:00
feat!: drop reading other 'user' permission (#8650)
* feat: drop reading other 'user' permission Members of the platform can no longer read or list other users. Resources that have "created_by" or "initiated_by" still retain user context, but only include username and avatar url. Attempting to read a user found via those means will result in a 404. * Hide /users page for regular users * make groups a privledged endpoint * Permissions page for template perms * Admin for a given template enables an endpoint for listing users/groups.
This commit is contained in:
Steven Masley
GitHub
@ -1108,7 +1108,7 @@ func (q *querier) GetProvisionerLogsAfterID(ctx context.Context, arg database.Ge
|
||||
}
|
||||
|
||||
func (q *querier) GetQuotaAllowanceForUser(ctx context.Context, userID uuid.UUID) (int64, error) {
|
||||
err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceUser.WithID(userID))
|
||||
err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceUserObject(userID))
|
||||
if err != nil {
|
||||
return -1, err
|
||||
}
|
||||
@ -1116,7 +1116,7 @@ func (q *querier) GetQuotaAllowanceForUser(ctx context.Context, userID uuid.UUID
|
||||
}
|
||||
|
||||
func (q *querier) GetQuotaConsumedForUser(ctx context.Context, userID uuid.UUID) (int64, error) {
|
||||
err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceUser.WithID(userID))
|
||||
err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceUserObject(userID))
|
||||
if err != nil {
|
||||
return -1, err
|
||||
}
|
||||
@ -1390,7 +1390,7 @@ func (q *querier) GetUsers(ctx context.Context, arg database.GetUsersParams) ([]
|
||||
// itself.
|
||||
func (q *querier) GetUsersByIDs(ctx context.Context, ids []uuid.UUID) ([]database.User, error) {
|
||||
for _, uid := range ids {
|
||||
if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceUser.WithID(uid)); err != nil {
|
||||
if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceUserObject(uid)); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
@ -1899,7 +1899,7 @@ func (q *querier) InsertUserGroupsByName(ctx context.Context, arg database.Inser
|
||||
|
||||
// TODO: Should this be in system.go?
|
||||
func (q *querier) InsertUserLink(ctx context.Context, arg database.InsertUserLinkParams) (database.UserLink, error) {
|
||||
if err := q.authorizeContext(ctx, rbac.ActionUpdate, rbac.ResourceUser.WithID(arg.UserID)); err != nil {
|
||||
if err := q.authorizeContext(ctx, rbac.ActionUpdate, rbac.ResourceUserObject(arg.UserID)); err != nil {
|
||||
return database.UserLink{}, err
|
||||
}
|
||||
return q.db.InsertUserLink(ctx, arg)
|
||||
@ -2614,24 +2614,24 @@ func (q *querier) GetAuthorizedTemplates(ctx context.Context, arg database.GetTe
|
||||
}
|
||||
|
||||
func (q *querier) GetTemplateGroupRoles(ctx context.Context, id uuid.UUID) ([]database.TemplateGroup, error) {
|
||||
// An actor is authorized to read template group roles if they are authorized to read the template.
|
||||
// An actor is authorized to read template group roles if they are authorized to update the template.
|
||||
template, err := q.db.GetTemplateByID(ctx, id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err := q.authorizeContext(ctx, rbac.ActionRead, template); err != nil {
|
||||
if err := q.authorizeContext(ctx, rbac.ActionUpdate, template); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return q.db.GetTemplateGroupRoles(ctx, id)
|
||||
}
|
||||
|
||||
func (q *querier) GetTemplateUserRoles(ctx context.Context, id uuid.UUID) ([]database.TemplateUser, error) {
|
||||
// An actor is authorized to query template user roles if they are authorized to read the template.
|
||||
// An actor is authorized to query template user roles if they are authorized to update the template.
|
||||
template, err := q.db.GetTemplateByID(ctx, id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err := q.authorizeContext(ctx, rbac.ActionRead, template); err != nil {
|
||||
if err := q.authorizeContext(ctx, rbac.ActionUpdate, template); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return q.db.GetTemplateUserRoles(ctx, id)
|
||||
|
||||
@ -521,7 +521,7 @@ func (s *MethodTestSuite) TestOrganization() {
|
||||
ma := dbgen.OrganizationMember(s.T(), db, database.OrganizationMember{OrganizationID: oa.ID})
|
||||
mb := dbgen.OrganizationMember(s.T(), db, database.OrganizationMember{OrganizationID: ob.ID})
|
||||
check.Args([]uuid.UUID{ma.UserID, mb.UserID}).
|
||||
Asserts(rbac.ResourceUser.WithID(ma.UserID), rbac.ActionRead, rbac.ResourceUser.WithID(mb.UserID), rbac.ActionRead)
|
||||
Asserts(rbac.ResourceUserObject(ma.UserID), rbac.ActionRead, rbac.ResourceUserObject(mb.UserID), rbac.ActionRead)
|
||||
}))
|
||||
s.Run("GetOrganizationMemberByUserID", s.Subtest(func(db database.Store, check *expects) {
|
||||
mem := dbgen.OrganizationMember(s.T(), db, database.OrganizationMember{})
|
||||
@ -698,11 +698,11 @@ func (s *MethodTestSuite) TestTemplate() {
|
||||
}))
|
||||
s.Run("GetTemplateGroupRoles", s.Subtest(func(db database.Store, check *expects) {
|
||||
t1 := dbgen.Template(s.T(), db, database.Template{})
|
||||
check.Args(t1.ID).Asserts(t1, rbac.ActionRead)
|
||||
check.Args(t1.ID).Asserts(t1, rbac.ActionUpdate)
|
||||
}))
|
||||
s.Run("GetTemplateUserRoles", s.Subtest(func(db database.Store, check *expects) {
|
||||
t1 := dbgen.Template(s.T(), db, database.Template{})
|
||||
check.Args(t1.ID).Asserts(t1, rbac.ActionRead)
|
||||
check.Args(t1.ID).Asserts(t1, rbac.ActionUpdate)
|
||||
}))
|
||||
s.Run("GetTemplateVersionByID", s.Subtest(func(db database.Store, check *expects) {
|
||||
t1 := dbgen.Template(s.T(), db, database.Template{})
|
||||
|
||||
@ -194,14 +194,15 @@ func (w Workspace) LockedRBAC() rbac.Object {
|
||||
func (m OrganizationMember) RBACObject() rbac.Object {
|
||||
return rbac.ResourceOrganizationMember.
|
||||
WithID(m.UserID).
|
||||
InOrg(m.OrganizationID)
|
||||
InOrg(m.OrganizationID).
|
||||
WithOwner(m.UserID.String())
|
||||
}
|
||||
|
||||
func (m GetOrganizationIDsByMemberIDsRow) RBACObject() rbac.Object {
|
||||
// TODO: This feels incorrect as we are really returning a list of orgmembers.
|
||||
// This return type should be refactored to return a list of orgmembers, not this
|
||||
// special type.
|
||||
return rbac.ResourceUser.WithID(m.UserID)
|
||||
return rbac.ResourceUserObject(m.UserID)
|
||||
}
|
||||
|
||||
func (o Organization) RBACObject() rbac.Object {
|
||||
@ -233,7 +234,7 @@ func (f File) RBACObject() rbac.Object {
|
||||
// If you are trying to get the RBAC object for the UserData, use
|
||||
// u.UserDataRBACObject() instead.
|
||||
func (u User) RBACObject() rbac.Object {
|
||||
return rbac.ResourceUser.WithID(u.ID)
|
||||
return rbac.ResourceUserObject(u.ID)
|
||||
}
|
||||
|
||||
func (u User) UserDataRBACObject() rbac.Object {
|
||||
@ -241,7 +242,7 @@ func (u User) UserDataRBACObject() rbac.Object {
|
||||
}
|
||||
|
||||
func (u GetUsersRow) RBACObject() rbac.Object {
|
||||
return rbac.ResourceUser.WithID(u.ID)
|
||||
return rbac.ResourceUserObject(u.ID)
|
||||
}
|
||||
|
||||
func (u GitSSHKey) RBACObject() rbac.Object {
|
||||
|
||||
Reference in New Issue
Block a user