fix: Users that can update a template can also read the file (#6776)

* fix: Users that can update a template can also read the file This currently has a strange RBAC story. An issue will be filed to streamline this. This is a hotfix to resolve current functionality * Only showsource code tab if the user has permission to edit the template --------- Co-authored-by: Bruno Quaresma <bruno_nonato_quaresma@hotmail.com>
2025-07-09 11:45:56 +00:00 · 2023-03-27 09:21:41 -05:00
parent fc21e159b8
commit 7fa5afa268
9 changed files with 262 additions and 13 deletions
--- a/coderd/database/dbauthz/system.go
+++ b/coderd/database/dbauthz/system.go
@ -10,6 +10,13 @@ import (
 	"github.com/coder/coder/coderd/rbac"
 )

+func (q *querier) GetFileTemplates(ctx context.Context, fileID uuid.UUID) ([]database.GetFileTemplatesRow, error) {
+	if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceSystem); err != nil {
+		return nil, err
+	}
+	return q.db.GetFileTemplates(ctx, fileID)
+}
+
 // GetWorkspaceAppsByAgentIDs
 // The workspace/job is already fetched.
 func (q *querier) GetWorkspaceAppsByAgentIDs(ctx context.Context, ids []uuid.UUID) ([]database.WorkspaceApp, error) {