synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-18 14:17:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: move AsSystemRestricted to caller (#10163)

Browse Source 
Moves escalation to SystemRestricted out of the function that queries the database for the User. This is in prepartion for a refactor such that we don't need SystemRestricted in `ExtractUserParam` middleware.
This commit is contained in:
Spike Curtis
2023-10-10 15:57:51 +04:00
committed by GitHub
parent 8a47262faf
commit 78b9201b31
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
coderd/httpmw/userparam.go
View File

@ -40,7 +40,11 @@ func ExtractUserParam(db database.Store, redirectToLoginOnMe bool) func(http.Han
return func(next http.Handler) http.Handler { return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
ctx := r.Context() ctx := r.Context()
user, ok := extractUserContext(ctx, db, rw, r, redirectToLoginOnMe) // We need to call as SystemRestricted because this middleware is called from
// organizations/{organization}/members/{user}/ paths, and we need to allow
// org-admins to call these paths --- they might not have sitewide read permissions on users.
// nolint:gocritic
user, ok := extractUserContext(dbauthz.AsSystemRestricted(ctx), db, rw, r, redirectToLoginOnMe)
if !ok { if !ok {
// response already handled // response already handled
return return
@ -77,8 +81,7 @@ func extractUserContext(ctx context.Context, db database.Store, rw http.Response
}) })
return database.User{}, false return database.User{}, false
} }
//nolint:gocritic // System needs to be able to get user from param. user, err := db.GetUserByID(ctx, apiKey.UserID)
user, err := db.GetUserByID(dbauthz.AsSystemRestricted(ctx), apiKey.UserID)
if httpapi.Is404Error(err) { if httpapi.Is404Error(err) {
httpapi.ResourceNotFound(rw) httpapi.ResourceNotFound(rw)
return database.User{}, false return database.User{}, false
@ -94,8 +97,7 @@ func extractUserContext(ctx context.Context, db database.Store, rw http.Response
} }
if userID, err := uuid.Parse(userQuery); err == nil { if userID, err := uuid.Parse(userQuery); err == nil {
//nolint:gocritic // If the userQuery is a valid uuid user, err = db.GetUserByID(ctx, userID)
user, err = db.GetUserByID(dbauthz.AsSystemRestricted(ctx), userID)
if err != nil { if err != nil {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: userErrorMessage, Message: userErrorMessage,
@ -106,8 +108,8 @@ func extractUserContext(ctx context.Context, db database.Store, rw http.Response
return user, true return user, true
} }
// nolint:gocritic // Try as a username last // Try as a username last
user, err := db.GetUserByEmailOrUsername(dbauthz.AsSystemRestricted(ctx), database.GetUserByEmailOrUsernameParams{ user, err := db.GetUserByEmailOrUsername(ctx, database.GetUserByEmailOrUsernameParams{
Username: userQuery, Username: userQuery,
}) })
if err != nil { if err != nil {