synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-08-01 08:28:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow regular users to push files (#4500)

Browse Source 
- As part of merging support for Template RBAC
  and user groups a permission check on reading files
  was relaxed.

  With the addition of admin roles on individual templates, regular
  users are now able to push template versions if they have
  inherited the 'admin' role for a template. In order to do so
  they need to be able to create and read their own files. Since
  collisions on hash in the past were ignored, this means that a regular user
  who pushes a template version with a file hash that collides with
  an existing hash will not be able to read the file (since it belongs to
  another user).

  This commit fixes the underlying problem which was that
  the files table had a primary key on the 'hash' column.
  This was not a problem at the time because only template
  admins and other users with similar elevated roles were
  able to read all files regardless of ownership. To fix this
  a new column and primary key 'id' has been introduced to the files
  table. The unique constraint has been updated to be hash+created_by.
  Tables (provisioner_jobs) that referenced files.hash have been updated
  to reference files.id. Relevant API endpoints have also been updated.
This commit is contained in:
Jon Ayers
2022-10-13 18:02:52 -05:00
committed by GitHub
parent a55186cd02
commit 4e57b9fbdc
33 changed files with 265 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
coderd/database/migrations/000059_file_id.up.sql Normal file
View File

@@ -0,0 +1,42 @@
-- This migration updates the files table to move the unique
-- constraint to be hash + created_by. This is necessary to
-- allow regular users who have been granted admin to a specific
-- template to be able to push and read files used for template
-- versions they create.
-- Prior to this collisions on file.hash were not an issue
-- since users who could push files could also read all files.
--
-- This migration also adds a 'files.id' column as the primary
-- key. As a side effect the provisioner_jobs must now reference
-- the files.id column since the 'hash' column is now ambiguous.
BEGIN;
-- Drop the primary key on hash.
ALTER TABLE files DROP CONSTRAINT files_pkey;
-- Add an 'id' column and designate it the primary key.
ALTER TABLE files ADD COLUMN
id uuid NOT NULL PRIMARY KEY DEFAULT gen_random_uuid ();
-- Update the constraint to include the user who created it.
ALTER TABLE files ADD UNIQUE(hash, created_by);
-- Update provisioner_jobs to include a file_id column.
-- This must be temporarily nullable.
ALTER TABLE provisioner_jobs ADD COLUMN file_id uuid;
-- Update all the rows to point to key in the files table.
UPDATE provisioner_jobs
SET
file_id = files.id
FROM
files
WHERE
provisioner_jobs.storage_source = files.hash;
-- Enforce NOT NULL on file_id now.
ALTER TABLE provisioner_jobs ALTER COLUMN file_id SET NOT NULL;
-- Drop storage_source since it is no longer useful for anything.
ALTER TABLE provisioner_jobs DROP COLUMN storage_source;
COMMIT;