Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit11d8c0a

Browse files
committed
Apply a new authorization check for GetProvisionerJobByIDForUpdate
1 parentc800494 commit11d8c0a

File tree

2 files changed

+26
-12
lines changed

2 files changed

+26
-12
lines changed

‎coderd/database/dbauthz/dbauthz.go‎

Lines changed: 25 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -2439,38 +2439,51 @@ func (q *querier) GetProvisionerDaemonsWithStatusByOrganization(ctx context.Cont
24392439
returnfetchWithPostFilter(q.auth,policy.ActionRead,q.db.GetProvisionerDaemonsWithStatusByOrganization)(ctx,arg)
24402440
}
24412441

2442-
func (q*querier)GetProvisionerJobByID(ctx context.Context,id uuid.UUID) (database.ProvisionerJob,error) {
2443-
job,err:=q.db.GetProvisionerJobByID(ctx,id)
2444-
iferr!=nil {
2445-
return database.ProvisionerJob{},err
2446-
}
2447-
2442+
func (q*querier)authorizeProvisionerJob(ctx context.Context,job database.ProvisionerJob)error {
24482443
switchjob.Type {
24492444
casedatabase.ProvisionerJobTypeWorkspaceBuild:
24502445
// Authorized call to get workspace build. If we can read the build, we
24512446
// can read the job.
2452-
_,err:=q.GetWorkspaceBuildByJobID(ctx,id)
2447+
_,err:=q.GetWorkspaceBuildByJobID(ctx,job.ID)
24532448
iferr!=nil {
2454-
returndatabase.ProvisionerJob{},xerrors.Errorf("fetch related workspace build: %w",err)
2449+
returnxerrors.Errorf("fetch related workspace build: %w",err)
24552450
}
24562451
casedatabase.ProvisionerJobTypeTemplateVersionDryRun,database.ProvisionerJobTypeTemplateVersionImport:
24572452
// Authorized call to get template version.
24582453
_,err:=authorizedTemplateVersionFromJob(ctx,q,job)
24592454
iferr!=nil {
2460-
returndatabase.ProvisionerJob{},xerrors.Errorf("fetch related template version: %w",err)
2455+
returnxerrors.Errorf("fetch related template version: %w",err)
24612456
}
24622457
default:
2463-
return database.ProvisionerJob{},xerrors.Errorf("unknown job type: %q",job.Type)
2458+
returnxerrors.Errorf("unknown job type: %q",job.Type)
2459+
}
2460+
returnnil
2461+
}
2462+
2463+
func (q*querier)GetProvisionerJobByID(ctx context.Context,id uuid.UUID) (database.ProvisionerJob,error) {
2464+
job,err:=q.db.GetProvisionerJobByID(ctx,id)
2465+
iferr!=nil {
2466+
return database.ProvisionerJob{},err
2467+
}
2468+
2469+
iferr:=q.authorizeProvisionerJob(ctx,job);err!=nil {
2470+
return database.ProvisionerJob{},err
24642471
}
24652472

24662473
returnjob,nil
24672474
}
24682475

24692476
func (q*querier)GetProvisionerJobByIDForUpdate(ctx context.Context,id uuid.UUID) (database.ProvisionerJob,error) {
2470-
iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceProvisionerJobs);err!=nil {
2477+
job,err:=q.db.GetProvisionerJobByIDForUpdate(ctx,id)
2478+
iferr!=nil {
2479+
return database.ProvisionerJob{},err
2480+
}
2481+
2482+
iferr:=q.authorizeProvisionerJob(ctx,job);err!=nil {
24712483
return database.ProvisionerJob{},err
24722484
}
2473-
returnq.db.GetProvisionerJobByIDForUpdate(ctx,id)
2485+
2486+
returnjob,nil
24742487
}
24752488

24762489
func (q*querier)GetProvisionerJobTimingsByJobID(ctx context.Context,jobID uuid.UUID) ([]database.ProvisionerJobTiming,error) {

‎codersdk/workspacebuilds.go‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,7 @@ const (
131131
)
132132

133133
typeCancelWorkspaceBuildParamsstruct {
134+
// ExpectStatus ensures the build is in the expected status before canceling.
134135
ExpectStatusCancelWorkspaceBuildStatus`json:"expect_status,omitempty"`
135136
}
136137

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp