mirror of
https://github.com/coder/coder.git
synced 2025-07-03 16:13:58 +00:00
feat: improve RBAC preconditions for Insights endpoint (#8794)
This commit is contained in:
@ -64,10 +64,6 @@ func (api *API) deploymentDAUs(rw http.ResponseWriter, r *http.Request) {
|
||||
// @Router /insights/user-latency [get]
|
||||
func (api *API) insightsUserLatency(rw http.ResponseWriter, r *http.Request) {
|
||||
ctx := r.Context()
|
||||
if !api.Authorize(r, rbac.ActionRead, rbac.ResourceDeploymentValues) {
|
||||
httpapi.Forbidden(rw)
|
||||
return
|
||||
}
|
||||
|
||||
p := httpapi.NewQueryParamParser().
|
||||
Required("start_time").
|
||||
@ -100,6 +96,10 @@ func (api *API) insightsUserLatency(rw http.ResponseWriter, r *http.Request) {
|
||||
TemplateIDs: templateIDs,
|
||||
})
|
||||
if err != nil {
|
||||
if httpapi.Is404Error(err) {
|
||||
httpapi.ResourceNotFound(rw)
|
||||
return
|
||||
}
|
||||
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
|
||||
Message: "Internal error fetching user latency.",
|
||||
Detail: err.Error(),
|
||||
@ -154,10 +154,6 @@ func (api *API) insightsUserLatency(rw http.ResponseWriter, r *http.Request) {
|
||||
// @Router /insights/templates [get]
|
||||
func (api *API) insightsTemplates(rw http.ResponseWriter, r *http.Request) {
|
||||
ctx := r.Context()
|
||||
if !api.Authorize(r, rbac.ActionRead, rbac.ResourceDeploymentValues) {
|
||||
httpapi.Forbidden(rw)
|
||||
return
|
||||
}
|
||||
|
||||
p := httpapi.NewQueryParamParser().
|
||||
Required("start_time").
|
||||
@ -191,6 +187,7 @@ func (api *API) insightsTemplates(rw http.ResponseWriter, r *http.Request) {
|
||||
|
||||
var usage database.GetTemplateInsightsRow
|
||||
var dailyUsage []database.GetTemplateDailyInsightsRow
|
||||
|
||||
// Use a transaction to ensure that we get consistent data between
|
||||
// the full and interval report.
|
||||
err := api.Database.InTx(func(db database.Store) error {
|
||||
@ -218,6 +215,10 @@ func (api *API) insightsTemplates(rw http.ResponseWriter, r *http.Request) {
|
||||
|
||||
return nil
|
||||
}, nil)
|
||||
if httpapi.Is404Error(err) {
|
||||
httpapi.ResourceNotFound(rw)
|
||||
return
|
||||
}
|
||||
if err != nil {
|
||||
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
|
||||
Message: "Internal error fetching template insights.",
|
||||
|
Reference in New Issue
Block a user