fix: correct perms for forbidden error in TemplateScheduleStore.Load (#11286)

* chore: TemplateScheduleStore.Load() throwing forbidden error
* fix: workspace agent scope to include template

coderd/database/dbmem/dbmem.go

@@ -3796,6 +3796,7 @@ func (q *FakeQuerier) GetWorkspaceAgentAndOwnerByAuthToken(_ context.Context, au
 					}
 					var row database.GetWorkspaceAgentAndOwnerByAuthTokenRow
 					row.WorkspaceID = ws.ID
+					row.TemplateID = ws.TemplateID
 					usr, err := q.getUserByIDNoLock(ws.OwnerID)
 					if err != nil {
 						return database.GetWorkspaceAgentAndOwnerByAuthTokenRow{}, sql.ErrNoRows
@@ -3805,6 +3806,7 @@ func (q *FakeQuerier) GetWorkspaceAgentAndOwnerByAuthToken(_ context.Context, au
 					// We also need to get org roles for the user
 					row.OwnerName = usr.Username
 					row.WorkspaceAgent = agt
+					row.TemplateVersionID = build.TemplateVersionID
 					for _, mem := range q.organizationMembers {
 						if mem.UserID == usr.ID {
 							row.OwnerRoles = append(row.OwnerRoles, fmt.Sprintf("organization-member:%s", mem.OrganizationID.String()))

coderd/database/queries.sql.go

@@ -7781,6 +7781,8 @@ SELECT
 	users.id AS owner_id,
 	users.username AS owner_name,
 	users.status AS owner_status,
+	workspaces.template_id AS template_id,
+	workspace_builds.template_version_id AS template_version_id,
 	array_cat(
 		array_append(users.rbac_roles, 'member'),
 		array_append(ARRAY[]::text[], 'organization-member:' || organization_members.organization_id::text)
@@ -7823,20 +7825,23 @@ GROUP BY
 	workspaces.id,
 	users.id,
 	organization_members.organization_id,
-	workspace_builds.build_number
+	workspace_builds.build_number,
+	workspace_builds.template_version_id
 ORDER BY
 	workspace_builds.build_number DESC
 LIMIT 1
 `
 
 type GetWorkspaceAgentAndOwnerByAuthTokenRow struct {
-	WorkspaceAgent WorkspaceAgent `db:"workspace_agent" json:"workspace_agent"`
-	WorkspaceID    uuid.UUID      `db:"workspace_id" json:"workspace_id"`
-	OwnerID        uuid.UUID      `db:"owner_id" json:"owner_id"`
-	OwnerName      string         `db:"owner_name" json:"owner_name"`
-	OwnerStatus    UserStatus     `db:"owner_status" json:"owner_status"`
-	OwnerRoles     []string       `db:"owner_roles" json:"owner_roles"`
-	OwnerGroups    []string       `db:"owner_groups" json:"owner_groups"`
+	WorkspaceAgent    WorkspaceAgent `db:"workspace_agent" json:"workspace_agent"`
+	WorkspaceID       uuid.UUID      `db:"workspace_id" json:"workspace_id"`
+	OwnerID           uuid.UUID      `db:"owner_id" json:"owner_id"`
+	OwnerName         string         `db:"owner_name" json:"owner_name"`
+	OwnerStatus       UserStatus     `db:"owner_status" json:"owner_status"`
+	TemplateID        uuid.UUID      `db:"template_id" json:"template_id"`
+	TemplateVersionID uuid.UUID      `db:"template_version_id" json:"template_version_id"`
+	OwnerRoles        []string       `db:"owner_roles" json:"owner_roles"`
+	OwnerGroups       []string       `db:"owner_groups" json:"owner_groups"`
 }
 
 func (q *sqlQuerier) GetWorkspaceAgentAndOwnerByAuthToken(ctx context.Context, authToken uuid.UUID) (GetWorkspaceAgentAndOwnerByAuthTokenRow, error) {
@@ -7877,6 +7882,8 @@ func (q *sqlQuerier) GetWorkspaceAgentAndOwnerByAuthToken(ctx context.Context, a
 		&i.OwnerID,
 		&i.OwnerName,
 		&i.OwnerStatus,
+		&i.TemplateID,
+		&i.TemplateVersionID,
 		pq.Array(&i.OwnerRoles),
 		pq.Array(&i.OwnerGroups),
 	)

coderd/database/queries/workspaceagents.sql

@@ -219,6 +219,8 @@ SELECT
 	users.id AS owner_id,
 	users.username AS owner_name,
 	users.status AS owner_status,
+	workspaces.template_id AS template_id,
+	workspace_builds.template_version_id AS template_version_id,
 	array_cat(
 		array_append(users.rbac_roles, 'member'),
 		array_append(ARRAY[]::text[], 'organization-member:' || organization_members.organization_id::text)
@@ -261,7 +263,8 @@ GROUP BY
 	workspaces.id,
 	users.id,
 	organization_members.organization_id,
-	workspace_builds.build_number
+	workspace_builds.build_number,
+	workspace_builds.template_version_id
 ORDER BY
 	workspace_builds.build_number DESC
 LIMIT 1;