NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commitc034e83

authored

feat: Add RBAC to /workspace endpoints (#1566)

* feat: Add RBAC to /workspace endpoints

1 parentf3fe2a0 commitc034e83Copy full SHA for c034e83

File tree

7 files changed

+215

-35

lines changed

coderd

7 files changed

+215

-35

lines changed

`‎coderd/coderd.go`

Lines changed: 2 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -149,7 +149,7 @@ func New(options *Options) (http.Handler, func()) {`
`149`	`149`	`r.Get("/",api.workspacesByOrganization)`
`150`	`150`	`r.Route("/{user}",func(r chi.Router) {`
`151`	`151`	`r.Use(httpmw.ExtractUserParam(options.Database))`
`152`		`-r.Get("/{workspace}",api.workspaceByOwnerAndName)`
	`152`	`+r.Get("/{workspacename}",api.workspaceByOwnerAndName)`
`153`	`153`	`r.Get("/",api.workspacesByOwner)`
`154`	`154`	`})`
`155`	`155`	`})`
`@@ -237,8 +237,6 @@ func New(options *Options) (http.Handler, func()) {`
`237`	`237`	`r.Route("/password",func(r chi.Router) {`
`238`	`238`	`r.Put("/",api.putUserPassword)`
`239`	`239`	`})`
`240`		`-r.Get("/organizations",api.organizationsByUser)`
`241`		`-r.Post("/organizations",api.postOrganizationsByUser)`
`242`	`240`	`// These roles apply to the site wide permissions.`
`243`	`241`	`r.Put("/roles",api.putUserRoles)`
`244`	`242`	`r.Get("/roles",api.userRoles)`
`@@ -316,6 +314,7 @@ func New(options *Options) (http.Handler, func()) {`
`316`	`314`	`r.Route("/workspacebuilds/{workspacebuild}",func(r chi.Router) {`
`317`	`315`	`r.Use(`
`318`	`316`	`apiKeyMiddleware,`
	`317`	`+authRolesMiddleware,`
`319`	`318`	`httpmw.ExtractWorkspaceBuildParam(options.Database),`
`320`	`319`	`httpmw.ExtractWorkspaceParam(options.Database),`
`321`	`320`	`)`

`‎coderd/coderd_test.go`

Lines changed: 71 additions & 20 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ package coderd_test`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"context"`
	`5`	`+"io"`
`5`	`6`	`"net/http"`
`6`	`7`	`"strings"`
`7`	`8`	`"testing"`
`@@ -48,13 +49,18 @@ func TestAuthorizeAllEndpoints(t *testing.T) {`
`48`	`49`	`coderdtest.AwaitTemplateVersionJob(t,client,version.ID)`
`49`	`50`	`template:=coderdtest.CreateTemplate(t,client,admin.OrganizationID,version.ID)`
`50`	`51`	`workspace:=coderdtest.CreateWorkspace(t,client,admin.OrganizationID,template.ID)`
	`52`	`+coderdtest.AwaitWorkspaceBuildJob(t,client,workspace.LatestBuild.ID)`
`51`	`53`
`52`	`54`	`// Always fail auth from this point forward`
`53`	`55`	`authorizer.AlwaysReturn=rbac.ForbiddenWithInternal(xerrors.New("fake implementation"),nil,nil)`
`54`	`56`
	`57`	`+// Some quick reused objects`
	`58`	`+workspaceRBACObj:=rbac.ResourceWorkspace.InOrg(organization.ID).WithID(workspace.ID.String()).WithOwner(workspace.OwnerID.String())`
	`59`	`+`
`55`	`60`	`// skipRoutes allows skipping routes from being checked.`
`56`	`61`	`typerouteCheckstruct {`
`57`	`62`	`NoAuthorizebool`
	`63`	`+AssertAction rbac.Action`
`58`	`64`	`AssertObject rbac.Object`
`59`	`65`	`StatusCodeint`
`60`	`66`	`}`
`@@ -84,13 +90,7 @@ func TestAuthorizeAllEndpoints(t *testing.T) {`
`84`	`90`	`"GET:/api/v2/workspaceagents/{workspaceagent}/turn": {NoAuthorize:true},`
`85`	`91`
`86`	`92`	`// TODO: @emyrk these need to be fixed by adding authorize calls`
`87`		`-"GET:/api/v2/workspaceresources/{workspaceresource}": {NoAuthorize:true},`
`88`		`-"GET:/api/v2/workspacebuilds/{workspacebuild}": {NoAuthorize:true},`
`89`		`-"GET:/api/v2/workspacebuilds/{workspacebuild}/logs": {NoAuthorize:true},`
`90`		`-"GET:/api/v2/workspacebuilds/{workspacebuild}/resources": {NoAuthorize:true},`
`91`		`-"GET:/api/v2/workspacebuilds/{workspacebuild}/state": {NoAuthorize:true},`
`92`		`-"PATCH:/api/v2/workspacebuilds/{workspacebuild}/cancel": {NoAuthorize:true},`
`93`		`-"GET:/api/v2/workspaces/{workspace}/builds/{workspacebuildname}": {NoAuthorize:true},`
	`93`	`+"GET:/api/v2/workspaceresources/{workspaceresource}": {NoAuthorize:true},`
`94`	`94`
`95`	`95`	`"GET:/api/v2/users/oauth2/github/callback": {NoAuthorize:true},`
`96`	`96`
`@@ -123,15 +123,9 @@ func TestAuthorizeAllEndpoints(t *testing.T) {`
`123`	`123`
`124`	`124`	`"POST:/api/v2/users/{user}/organizations": {NoAuthorize:true},`
`125`	`125`
`126`		`-"GET:/api/v2/workspaces/{workspace}": {NoAuthorize:true},`
`127`		`-"PUT:/api/v2/workspaces/{workspace}/autostart": {NoAuthorize:true},`
`128`		`-"PUT:/api/v2/workspaces/{workspace}/autostop": {NoAuthorize:true},`
`129`		`-"GET:/api/v2/workspaces/{workspace}/builds": {NoAuthorize:true},`
`130`		`-"POST:/api/v2/workspaces/{workspace}/builds": {NoAuthorize:true},`
`131`		`-"GET:/api/v2/workspaces/{workspace}/watch": {NoAuthorize:true},`
`132`		`-`
`133`		`-"POST:/api/v2/files": {NoAuthorize:true},`
`134`		`-"GET:/api/v2/files/{hash}": {NoAuthorize:true},`
	`126`	`+"POST:/api/v2/files": {NoAuthorize:true},`
	`127`	`+"GET:/api/v2/files/{hash}": {NoAuthorize:true},`
	`128`	`+"GET:/api/v2/workspaces/{workspace}/watch": {NoAuthorize:true},`
`135`	`129`
`136`	`130`	`// These endpoints have more assertions. This is good, add more endpoints to assert if you can!`
`137`	`131`	`"GET:/api/v2/organizations/{organization}": {AssertObject:rbac.ResourceOrganization.InOrg(admin.OrganizationID)},`
`@@ -141,11 +135,60 @@ func TestAuthorizeAllEndpoints(t *testing.T) {`
`141`	`135`	`"GET:/api/v2/organizations/{organization}/workspaces/{user}/{workspace}": {`
`142`	`136`	`AssertObject:rbac.ResourceWorkspace.InOrg(organization.ID).WithID(workspace.ID.String()).WithOwner(workspace.OwnerID.String()),`
`143`	`137`	`},`
	`138`	`+"GET:/api/v2/workspaces/{workspace}/builds/{workspacebuildname}": {`
	`139`	`+AssertAction:rbac.ActionRead,`
	`140`	`+AssertObject:workspaceRBACObj,`
	`141`	`+},`
	`142`	`+"GET:/api/v2/organizations/{organization}/workspaces/{user}/{workspacename}": {`
	`143`	`+AssertAction:rbac.ActionRead,`
	`144`	`+AssertObject:workspaceRBACObj,`
	`145`	`+},`
`144`	`146`	`"GET:/api/v2/organizations/{organization}/workspaces": {StatusCode:http.StatusOK,AssertObject:rbac.ResourceWorkspace},`
`145`		`-"GET:/api/v2/workspaces": {StatusCode:http.StatusOK,AssertObject:rbac.ResourceWorkspace},`
	`147`	`+"GET:/api/v2/workspacebuilds/{workspacebuild}": {`
	`148`	`+AssertAction:rbac.ActionRead,`
	`149`	`+AssertObject:workspaceRBACObj,`
	`150`	`+},`
	`151`	`+"GET:/api/v2/workspacebuilds/{workspacebuild}/logs": {`
	`152`	`+AssertAction:rbac.ActionRead,`
	`153`	`+AssertObject:workspaceRBACObj,`
	`154`	`+},`
	`155`	`+"GET:/api/v2/workspaces/{workspace}/builds": {`
	`156`	`+AssertAction:rbac.ActionRead,`
	`157`	`+AssertObject:workspaceRBACObj,`
	`158`	`+},`
	`159`	`+"GET:/api/v2/workspaces/{workspace}": {`
	`160`	`+AssertAction:rbac.ActionRead,`
	`161`	`+AssertObject:workspaceRBACObj,`
	`162`	`+},`
	`163`	`+"PUT:/api/v2/workspaces/{workspace}/autostart": {`
	`164`	`+AssertAction:rbac.ActionUpdate,`
	`165`	`+AssertObject:workspaceRBACObj,`
	`166`	`+},`
	`167`	`+"PUT:/api/v2/workspaces/{workspace}/autostop": {`
	`168`	`+AssertAction:rbac.ActionUpdate,`
	`169`	`+AssertObject:workspaceRBACObj,`
	`170`	`+},`
	`171`	`+"PATCH:/api/v2/workspacebuilds/{workspacebuild}/cancel": {`
	`172`	`+AssertAction:rbac.ActionUpdate,`
	`173`	`+AssertObject:workspaceRBACObj,`
	`174`	`+},`
	`175`	`+"GET:/api/v2/workspacebuilds/{workspacebuild}/resources": {`
	`176`	`+AssertAction:rbac.ActionRead,`
	`177`	`+AssertObject:workspaceRBACObj,`
	`178`	`+},`
	`179`	`+"GET:/api/v2/workspacebuilds/{workspacebuild}/state": {`
	`180`	`+AssertAction:rbac.ActionRead,`
	`181`	`+AssertObject:workspaceRBACObj,`
	`182`	`+},`
	`183`	`+"GET:/api/v2/workspaces/": {`
	`184`	`+StatusCode:http.StatusOK,`
	`185`	`+AssertAction:rbac.ActionRead,`
	`186`	`+AssertObject:workspaceRBACObj,`
	`187`	`+},`
`146`	`188`
`147`		`-// These endpoints need payloads to get to the auth part.`
`148`		`-"PUT:/api/v2/users/{user}/roles": {StatusCode:http.StatusBadRequest,NoAuthorize:true},`
	`189`	`+// These endpoints need payloads to get to the auth part. Payloads will be required`
	`190`	`+"PUT:/api/v2/users/{user}/roles": {StatusCode:http.StatusBadRequest,NoAuthorize:true},`
	`191`	`+"POST:/api/v2/workspaces/{workspace}/builds": {StatusCode:http.StatusBadRequest,NoAuthorize:true},`
`149`	`192`	`}`
`150`	`193`
`151`	`194`	`fork,v:=rangeassertRoute {`
`@@ -175,16 +218,24 @@ func TestAuthorizeAllEndpoints(t *testing.T) {`
`175`	`218`	`route=strings.ReplaceAll(route,"{organization}",admin.OrganizationID.String())`
`176`	`219`	`route=strings.ReplaceAll(route,"{user}",admin.UserID.String())`
`177`	`220`	`route=strings.ReplaceAll(route,"{organizationname}",organization.Name)`
`178`		`-route=strings.ReplaceAll(route,"{workspace}",workspace.Name)`
	`221`	`+route=strings.ReplaceAll(route,"{workspace}",workspace.ID.String())`
	`222`	`+route=strings.ReplaceAll(route,"{workspacebuild}",workspace.LatestBuild.ID.String())`
	`223`	`+route=strings.ReplaceAll(route,"{workspacename}",workspace.Name)`
	`224`	`+route=strings.ReplaceAll(route,"{workspacebuildname}",workspace.LatestBuild.Name)`
`179`	`225`
`180`	`226`	`resp,err:=client.Request(context.Background(),method,route,nil)`
`181`	`227`	`require.NoError(t,err,"do req")`
	`228`	`+body,_:=io.ReadAll(resp.Body)`
	`229`	`+t.Logf("Response Body: %q",string(body))`
`182`	`230`	`_=resp.Body.Close()`
`183`	`231`
`184`	`232`	`if!routeAssertions.NoAuthorize {`
`185`	`233`	`assert.NotNil(t,authorizer.Called,"authorizer expected")`
`186`	`234`	`assert.Equal(t,routeAssertions.StatusCode,resp.StatusCode,"expect unauthorized")`
`187`	`235`	`ifauthorizer.Called!=nil {`
	`236`	`+ifrouteAssertions.AssertAction!="" {`
	`237`	`+assert.Equal(t,routeAssertions.AssertAction,authorizer.Called.Action,"resource action")`
	`238`	`+}`
`188`	`239`	`ifrouteAssertions.AssertObject.Type!="" {`
`189`	`240`	`assert.Equal(t,routeAssertions.AssertObject.Type,authorizer.Called.Object.Type,"resource type")`
`190`	`241`	`}`

`‎coderd/users.go`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -568,6 +568,14 @@ func (api api) postOrganizationsByUser(rw http.ResponseWriter, r http.Request)`
`568`	`568`	`if!httpapi.Read(rw,r,&req) {`
`569`	`569`	`return`
`570`	`570`	`}`
	`571`	`+`
	`572`	`+// Create organization uses the organization resource without an OrgID.`
	`573`	`+// This means you need the site wide permission to make a new organization.`
	`574`	`+if!api.Authorize(rw,r,rbac.ActionCreate,`
	`575`	`+rbac.ResourceOrganization) {`
	`576`	`+return`
	`577`	`+}`
	`578`	`+`
`571`	`579`	`_,err:=api.Database.GetOrganizationByName(r.Context(),req.Name)`
`572`	`580`	`iferr==nil {`
`573`	`581`	`httpapi.Write(rw,http.StatusConflict, httpapi.Response{`

`‎coderd/users_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -173,7 +173,7 @@ func TestPostUsers(t *testing.T) {`
`173`	`173`	`client:=coderdtest.New(t,nil)`
`174`	`174`	`first:=coderdtest.CreateFirstUser(t,client)`
`175`	`175`	`notInOrg:=coderdtest.CreateAnotherUser(t,client,first.OrganizationID)`
`176`		`-other:=coderdtest.CreateAnotherUser(t,client,first.OrganizationID)`
	`176`	`+other:=coderdtest.CreateAnotherUser(t,client,first.OrganizationID,rbac.RoleAdmin(),rbac.RoleMember())`
`177`	`177`	`org,err:=other.CreateOrganization(context.Background(),codersdk.Me, codersdk.CreateOrganizationRequest{`
`178`	`178`	`Name:"another",`
`179`	`179`	`})`

`‎coderd/workspacebuilds.go`

Lines changed: 95 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -15,11 +15,25 @@ import (`
`15`	`15`	`"github.com/coder/coder/coderd/database"`
`16`	`16`	`"github.com/coder/coder/coderd/httpapi"`
`17`	`17`	`"github.com/coder/coder/coderd/httpmw"`
	`18`	`+"github.com/coder/coder/coderd/rbac"`
`18`	`19`	`"github.com/coder/coder/codersdk"`
`19`	`20`	`)`
`20`	`21`
`21`	`22`	`func (apiapi)workspaceBuild(rw http.ResponseWriter,rhttp.Request) {`
`22`	`23`	`workspaceBuild:=httpmw.WorkspaceBuildParam(r)`
	`24`	`+workspace,err:=api.Database.GetWorkspaceByID(r.Context(),workspaceBuild.WorkspaceID)`
	`25`	`+iferr!=nil {`
	`26`	`+httpapi.Write(rw,http.StatusInternalServerError, httpapi.Response{`
	`27`	`+Message:"no workspace exists for this job",`
	`28`	`+})`
	`29`	`+return`
	`30`	`+}`
	`31`	`+`
	`32`	`+if!api.Authorize(rw,r,rbac.ActionRead,rbac.ResourceWorkspace.`
	`33`	`+InOrg(workspace.OrganizationID).WithOwner(workspace.OwnerID.String()).WithID(workspace.ID.String())) {`
	`34`	`+return`
	`35`	`+}`
	`36`	`+`
`23`	`37`	`job,err:=api.Database.GetProvisionerJobByID(r.Context(),workspaceBuild.JobID)`
`24`	`38`	`iferr!=nil {`
`25`	`39`	`httpapi.Write(rw,http.StatusInternalServerError, httpapi.Response{`
`@@ -34,6 +48,11 @@ func (api api) workspaceBuild(rw http.ResponseWriter, r http.Request) {`
`34`	`48`	`func (apiapi)workspaceBuilds(rw http.ResponseWriter,rhttp.Request) {`
`35`	`49`	`workspace:=httpmw.WorkspaceParam(r)`
`36`	`50`
	`51`	`+if!api.Authorize(rw,r,rbac.ActionRead,rbac.ResourceWorkspace.`
	`52`	`+InOrg(workspace.OrganizationID).WithOwner(workspace.OwnerID.String()).WithID(workspace.ID.String())) {`
	`53`	`+return`
	`54`	`+}`
	`55`	`+`
`37`	`56`	`paginationParams,ok:=parsePagination(rw,r)`
`38`	`57`	`if!ok {`
`39`	`58`	`return`
`@@ -90,6 +109,11 @@ func (api api) workspaceBuilds(rw http.ResponseWriter, r http.Request) {`
`90`	`109`
`91`	`110`	`func (apiapi)workspaceBuildByName(rw http.ResponseWriter,rhttp.Request) {`
`92`	`111`	`workspace:=httpmw.WorkspaceParam(r)`
	`112`	`+if!api.Authorize(rw,r,rbac.ActionRead,rbac.ResourceWorkspace.`
	`113`	`+InOrg(workspace.OrganizationID).WithOwner(workspace.OwnerID.String()).WithID(workspace.ID.String())) {`
	`114`	`+return`
	`115`	`+}`
	`116`	`+`
`93`	`117`	`workspaceBuildName:=chi.URLParam(r,"workspacebuildname")`
`94`	`118`	`workspaceBuild,err:=api.Database.GetWorkspaceBuildByWorkspaceIDAndName(r.Context(), database.GetWorkspaceBuildByWorkspaceIDAndNameParams{`
`95`	`119`	`WorkspaceID:workspace.ID,`
`@@ -125,6 +149,25 @@ func (api api) postWorkspaceBuilds(rw http.ResponseWriter, r http.Request) {`
`125`	`149`	`if!httpapi.Read(rw,r,&createBuild) {`
`126`	`150`	`return`
`127`	`151`	`}`
	`152`	`+`
	`153`	`+// Rbac action depends on the transition`
	`154`	`+varaction rbac.Action`
	`155`	`+switchcreateBuild.Transition {`
	`156`	`+casedatabase.WorkspaceTransitionDelete:`
	`157`	`+action=rbac.ActionDelete`
	`158`	`+casedatabase.WorkspaceTransitionStart,database.WorkspaceTransitionStop:`
	`159`	`+action=rbac.ActionUpdate`
	`160`	`+default:`
	`161`	`+httpapi.Write(rw,http.StatusInternalServerError, httpapi.Response{`
	`162`	`+Message:fmt.Sprintf("transition not supported: %q",createBuild.Transition),`
	`163`	`+})`
	`164`	`+return`
	`165`	`+}`
	`166`	`+if!api.Authorize(rw,r,action,rbac.ResourceWorkspace.`
	`167`	`+InOrg(workspace.OrganizationID).WithOwner(workspace.OwnerID.String()).WithID(workspace.ID.String())) {`
	`168`	`+return`
	`169`	`+}`
	`170`	`+`
`128`	`171`	`ifcreateBuild.TemplateVersionID==uuid.Nil {`
`129`	`172`	`latestBuild,err:=api.Database.GetLatestWorkspaceBuildByWorkspaceID(r.Context(),workspace.ID)`
`130`	`173`	`iferr!=nil {`
`@@ -269,6 +312,19 @@ func (api api) postWorkspaceBuilds(rw http.ResponseWriter, r http.Request) {`
`269`	`312`
`270`	`313`	`func (apiapi)patchCancelWorkspaceBuild(rw http.ResponseWriter,rhttp.Request) {`
`271`	`314`	`workspaceBuild:=httpmw.WorkspaceBuildParam(r)`
	`315`	`+workspace,err:=api.Database.GetWorkspaceByID(r.Context(),workspaceBuild.WorkspaceID)`
	`316`	`+iferr!=nil {`
	`317`	`+httpapi.Write(rw,http.StatusInternalServerError, httpapi.Response{`
	`318`	`+Message:"no workspace exists for this job",`
	`319`	`+})`
	`320`	`+return`
	`321`	`+}`
	`322`	`+`
	`323`	`+if!api.Authorize(rw,r,rbac.ActionUpdate,rbac.ResourceWorkspace.`
	`324`	`+InOrg(workspace.OrganizationID).WithOwner(workspace.OwnerID.String()).WithID(workspace.ID.String())) {`
	`325`	`+return`
	`326`	`+}`
	`327`	`+`
`272`	`328`	`job,err:=api.Database.GetProvisionerJobByID(r.Context(),workspaceBuild.JobID)`
`273`	`329`	`iferr!=nil {`
`274`	`330`	`httpapi.Write(rw,http.StatusInternalServerError, httpapi.Response{`
`@@ -308,6 +364,19 @@ func (api api) patchCancelWorkspaceBuild(rw http.ResponseWriter, r http.Reques`
`308`	`364`
`309`	`365`	`func (apiapi)workspaceBuildResources(rw http.ResponseWriter,rhttp.Request) {`
`310`	`366`	`workspaceBuild:=httpmw.WorkspaceBuildParam(r)`
	`367`	`+workspace,err:=api.Database.GetWorkspaceByID(r.Context(),workspaceBuild.WorkspaceID)`
	`368`	`+iferr!=nil {`
	`369`	`+httpapi.Write(rw,http.StatusInternalServerError, httpapi.Response{`
	`370`	`+Message:"no workspace exists for this job",`
	`371`	`+})`
	`372`	`+return`
	`373`	`+}`
	`374`	`+`
	`375`	`+if!api.Authorize(rw,r,rbac.ActionRead,rbac.ResourceWorkspace.`
	`376`	`+InOrg(workspace.OrganizationID).WithOwner(workspace.OwnerID.String()).WithID(workspace.ID.String())) {`
	`377`	`+return`
	`378`	`+}`
	`379`	`+`
`311`	`380`	`job,err:=api.Database.GetProvisionerJobByID(r.Context(),workspaceBuild.JobID)`
`312`	`381`	`iferr!=nil {`
`313`	`382`	`httpapi.Write(rw,http.StatusInternalServerError, httpapi.Response{`
`@@ -320,6 +389,19 @@ func (api api) workspaceBuildResources(rw http.ResponseWriter, r http.Request)`
`320`	`389`
`321`	`390`	`func (apiapi)workspaceBuildLogs(rw http.ResponseWriter,rhttp.Request) {`
`322`	`391`	`workspaceBuild:=httpmw.WorkspaceBuildParam(r)`
	`392`	`+workspace,err:=api.Database.GetWorkspaceByID(r.Context(),workspaceBuild.WorkspaceID)`
	`393`	`+iferr!=nil {`
	`394`	`+httpapi.Write(rw,http.StatusInternalServerError, httpapi.Response{`
	`395`	`+Message:"no workspace exists for this job",`
	`396`	`+})`
	`397`	`+return`
	`398`	`+}`
	`399`	`+`
	`400`	`+if!api.Authorize(rw,r,rbac.ActionRead,rbac.ResourceWorkspace.`
	`401`	`+InOrg(workspace.OrganizationID).WithOwner(workspace.OwnerID.String()).WithID(workspace.ID.String())) {`
	`402`	`+return`
	`403`	`+}`
	`404`	`+`
`323`	`405`	`job,err:=api.Database.GetProvisionerJobByID(r.Context(),workspaceBuild.JobID)`
`324`	`406`	`iferr!=nil {`
`325`	`407`	`httpapi.Write(rw,http.StatusInternalServerError, httpapi.Response{`
`@@ -330,8 +412,20 @@ func (api api) workspaceBuildLogs(rw http.ResponseWriter, r http.Request) {`
`330`	`412`	`api.provisionerJobLogs(rw,r,job)`
`331`	`413`	`}`
`332`	`414`
`333`		`-func (api)workspaceBuildState(rw http.ResponseWriter,rhttp.Request) {`
	`415`	`+func (apiapi)workspaceBuildState(rw http.ResponseWriter,rhttp.Request) {`
`334`	`416`	`workspaceBuild:=httpmw.WorkspaceBuildParam(r)`
	`417`	`+workspace,err:=api.Database.GetWorkspaceByID(r.Context(),workspaceBuild.WorkspaceID)`
	`418`	`+iferr!=nil {`
	`419`	`+httpapi.Write(rw,http.StatusInternalServerError, httpapi.Response{`
	`420`	`+Message:"no workspace exists for this job",`
	`421`	`+})`
	`422`	`+return`
	`423`	`+}`
	`424`	`+`
	`425`	`+if!api.Authorize(rw,r,rbac.ActionRead,rbac.ResourceWorkspace.`
	`426`	`+InOrg(workspace.OrganizationID).WithOwner(workspace.OwnerID.String()).WithID(workspace.ID.String())) {`
	`427`	`+return`
	`428`	`+}`
`335`	`429`
`336`	`430`	`rw.Header().Set("Content-Type","application/json")`
`337`	`431`	`rw.WriteHeader(http.StatusOK)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitc034e83

File tree

7 files changed

7 files changed

`‎coderd/coderd.go`

`‎coderd/coderd_test.go`

`‎coderd/users.go`

`‎coderd/users_test.go`

`‎coderd/workspacebuilds.go`

0 commit comments