chore: Rbac errors should be returned, and not hidden behind 404 (#7122)

* chore: Rbac errors should be returned, and not hidden behind 404 SqlErrNoRows was hiding actual errors * Replace sql.ErrNoRow checks * Remove sql err no rows check from dbauthz test * Fix to use dbauthz system user
2025-07-03 16:13:58 +00:00 · 2023-04-13 13:06:16 -05:00
parent fa64c58e56
commit 38e5b9679b
23 changed files with 50 additions and 72 deletions
--- a/coderd/users.go
+++ b/coderd/users.go
@ -314,7 +314,7 @@ func (api *API) postUser(rw http.ResponseWriter, r *http.Request) {
 	}

 	_, err = api.Database.GetOrganizationByID(ctx, req.OrganizationID)
-	if errors.Is(err, sql.ErrNoRows) {
+	if httpapi.Is404Error(err) {
 		httpapi.Write(ctx, rw, http.StatusNotFound, codersdk.Response{
 			Message: fmt.Sprintf("Organization does not exist with the provided id %q.", req.OrganizationID),
 		})
@ -938,7 +938,7 @@ func (api *API) organizationByUserAndName(rw http.ResponseWriter, r *http.Reques
 	ctx := r.Context()
 	organizationName := chi.URLParam(r, "organizationname")
 	organization, err := api.Database.GetOrganizationByName(ctx, organizationName)
-	if errors.Is(err, sql.ErrNoRows) || rbac.IsUnauthorizedError(err) {
+	if httpapi.Is404Error(err) {
 		httpapi.ResourceNotFound(rw)
 		return
 	}