@@ -243,24 +243,30 @@ func (r *dynamicRenderer) getWorkspaceOwnerData(ctx context.Context, ownerID uui
243243return nil // already fetched
244244}
245245
246- // You only need to be able to read the organization member to get the owner
247- // data. Only the terraform files can therefore leak more information than the
248- // caller should have access to. All this info should be public assuming you can
249- // read the user though.
250- mem ,err := database .ExpectOne (r .db .OrganizationMembers (ctx , database.OrganizationMembersParams {
251- OrganizationID :r .data .templateVersion .OrganizationID ,
252- UserID :ownerID ,
253- IncludeSystem :false ,
254- }))
246+ user ,err := r .db .GetUserByID (ctx ,ownerID )
255247if err != nil {
256- return err
257- }
248+ // If the user failed to read, we also try to read the user from their
249+ // organization member. You only need to be able to read the organization member
250+ // to get the owner data.
251+ //
252+ // Only the terraform files can therefore leak more information than the
253+ // caller should have access to. All this info should be public assuming you can
254+ // read the user though.
255+ mem ,err := database .ExpectOne (r .db .OrganizationMembers (ctx , database.OrganizationMembersParams {
256+ OrganizationID :r .data .templateVersion .OrganizationID ,
257+ UserID :ownerID ,
258+ IncludeSystem :false ,
259+ }))
260+ if err != nil {
261+ return xerrors .Errorf ("fetch user: %w" ,err )
262+ }
258263
259- // User data is required for the form. Org member is checked above
260- // nolint:gocritic
261- user ,err := r .db .GetUserByID (dbauthz .AsProvisionerd (ctx ),mem .OrganizationMember .UserID )
262- if err != nil {
263- return xerrors .Errorf ("fetch user: %w" ,err )
264+ // Org member fetched, so use the provisioner context to fetch the user.
265+ //nolint:gocritic // Has the correct permissions, and matches the provisioning flow.
266+ user ,err = r .db .GetUserByID (dbauthz .AsProvisionerd (ctx ),mem .OrganizationMember .UserID )
267+ if err != nil {
268+ return xerrors .Errorf ("fetch user: %w" ,err )
269+ }
264270}
265271
266272// nolint:gocritic // This is kind of the wrong query to use here, but it
@@ -314,10 +320,10 @@ func (r *dynamicRenderer) getWorkspaceOwnerData(ctx context.Context, ownerID uui
314320}
315321
316322r .currentOwner = & previewtypes.WorkspaceOwner {
317- ID :mem . OrganizationMember . UserID .String (),
318- Name :mem .Username ,
319- FullName :mem .Name ,
320- Email :mem .Email ,
323+ ID :user . ID .String (),
324+ Name :user .Username ,
325+ FullName :user .Name ,
326+ Email :user .Email ,
321327LoginType :string (user .LoginType ),
322328RBACRoles :ownerRoles ,
323329SSHPublicKey :key .PublicKey ,