fix: Allow fetching of non-personal workspaces (#1495)

RBAC should cover this anyways!
2025-07-06 15:41:45 +00:00 · 2022-05-16 17:47:31 -05:00
parent 1ed69b95fc
commit 9b1ef29694
2 changed files with 0 additions and 33 deletions
--- a/coderd/httpmw/workspaceparam.go
+++ b/coderd/httpmw/workspaceparam.go
@ -44,14 +44,6 @@ func ExtractWorkspaceParam(db database.Store) func(http.Handler) http.Handler {
 				return
 			}

-			apiKey := APIKey(r)
-			if apiKey.UserID != workspace.OwnerID {
-				httpapi.Write(rw, http.StatusUnauthorized, httpapi.Response{
-					Message: "getting non-personal workspaces isn't supported",
-				})
-				return
-			}
-
 			ctx := context.WithValue(r.Context(), workspaceParamContextKey{}, workspace)
 			next.ServeHTTP(rw, r.WithContext(ctx))
 		})
--- a/coderd/httpmw/workspaceparam_test.go
+++ b/coderd/httpmw/workspaceparam_test.go
@ -92,31 +92,6 @@ func TestWorkspaceParam(t *testing.T) {
 		require.Equal(t, http.StatusNotFound, res.StatusCode)
 	})

-	t.Run("NonPersonal", func(t *testing.T) {
-		t.Parallel()
-		db := databasefake.New()
-		rtr := chi.NewRouter()
-		rtr.Use(
-			httpmw.ExtractAPIKey(db, nil),
-			httpmw.ExtractWorkspaceParam(db),
-		)
-		rtr.Get("/", nil)
-		r, _ := setup(db)
-		workspace, err := db.InsertWorkspace(context.Background(), database.InsertWorkspaceParams{
-			ID:      uuid.New(),
-			OwnerID: uuid.New(),
-			Name:    "hello",
-		})
-		require.NoError(t, err)
-		chi.RouteContext(r.Context()).URLParams.Add("workspace", workspace.ID.String())
-		rw := httptest.NewRecorder()
-		rtr.ServeHTTP(rw, r)
-
-		res := rw.Result()
-		defer res.Body.Close()
-		require.Equal(t, http.StatusUnauthorized, res.StatusCode)
-	})
-
 	t.Run("Found", func(t *testing.T) {
 		t.Parallel()
 		db := databasefake.New()