* chore: Rbac errors should be returned, and not hidden behind 404
SqlErrNoRows was hiding actual errors
* Replace sql.ErrNoRow checks
* Remove sql err no rows check from dbauthz test
* Fix to use dbauthz system user
* feat: dbauthz always on, out of experimental
* Add ability to do rbac checks in unit tests
* Remove AuthorizeAllEndpoints
* Remove duplicate rbac checks
* chore: Skip authz on various functions used for api data building
API already fetches the parent object and does the rbac check. Until
these functions are optimized, skipping authz is better.
It leaves us no worse off than the status quo
feat: Add initial AuthzQuerier implementation
- Adds package database/dbauthz that adds a database.Store implementation where each method goes through AuthZ checks
- Implements all database.Store methods on AuthzQuerier
- Updates and fixes unit tests where required
- Updates coderd initialization to use AuthzQuerier if codersdk.ExperimentAuthzQuerier is enabled
* docs: audit, deploymentconfig, files, parameters
* Fix: mark as binary
* Fix: show format in docs
* Fix: use .swaggo
* Fix: swagger notice
* Swagger notice
* chore: Rewrite rbac rego -> SQL clause
Previous code was challenging to read with edge cases
- bug: OrgAdmin could not make new groups
- Also refactor some function names
* Show display_name field in the template settings
* Show template.display_name on pages: Templates, CreateWorkspace
* Fix: template.display_name pattern
* make fmt/prettier
* Fix tests
* Fix: make fmt/prettier
* Fix: merge
* Fix: autoFocus
* i18n: display_name
- As part of merging support for Template RBAC
and user groups a permission check on reading files
was relaxed.
With the addition of admin roles on individual templates, regular
users are now able to push template versions if they have
inherited the 'admin' role for a template. In order to do so
they need to be able to create and read their own files. Since
collisions on hash in the past were ignored, this means that a regular user
who pushes a template version with a file hash that collides with
an existing hash will not be able to read the file (since it belongs to
another user).
This commit fixes the underlying problem which was that
the files table had a primary key on the 'hash' column.
This was not a problem at the time because only template
admins and other users with similar elevated roles were
able to read all files regardless of ownership. To fix this
a new column and primary key 'id' has been introduced to the files
table. The unique constraint has been updated to be hash+created_by.
Tables (provisioner_jobs) that referenced files.hash have been updated
to reference files.id. Relevant API endpoints have also been updated.
* chore: Refactor Enterprise code to layer on top of AGPL
This is an experiment to invert the import order of the Enterprise
code to layer on top of AGPL.
* Fix Garrett's comments
* Add pointer.Handle to atomically obtain references
This uses a context to ensure the same value persists through
multiple executions to `Load()`.
* Remove entitlements API from AGPL coderd
* Remove AGPL Coder entitlements endpoint test
* Fix warnings output
* Add command-line flag to toggle audit logging
* Fix hasLicense being set
* Remove features interface
* Fix audit logging default
* Add bash as a dependency
* Add comment
* Add tests for resync and pubsub, and add back previous exp backoff retry
* Separate authz code again
* Add pointer loading example from comment
* Fix duplicate test, remove pointer.Handle
* Fix expired license
* Add entitlements struct
* Fix context passing
This PR makes the following changes:
- enforces lower and upper limits on template `max_ttl_ms`
- adds a migration to enforce 7-day cap on `max_ttl`
- allows setting template `max_ttl` to 0
- updates template edit CLI help to be clearer
