NotificationsYou must be signed in to change notification settings
Fork906
Star10k

Commitd5360a6

authored

chore: fetch workspaces by username with organization permissions (#17707)

Closes#17691`ExtractOrganizationMembersParam` will allow fetching a user with onlyorganization permissions. If the user belongs to 0 orgs, then the user "does not exist" from an org perspective. But if you are a site-wide admin, then the user does exist.

1 parentd93a9cf commitd5360a6Copy full SHA for d5360a6

File tree

6 files changed

+185

-74

lines changed

coderd
enterprise/coderd
- workspaces_test.go

6 files changed

+185

-74

lines changed

`‎coderd/coderd.go`

Lines changed: 12 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -1189,26 +1189,32 @@ func New(options Options) API {`
`1189`	`1189`	`})`
`1190`	`1190`	`r.Route("/{user}",func(r chi.Router) {`
`1191`	`1191`	`r.Group(func(r chi.Router) {`
`1192`		`-r.Use(httpmw.ExtractUserParamOptional(options.Database))`
	`1192`	`+r.Use(httpmw.ExtractOrganizationMembersParam(options.Database,api.HTTPAuth.Authorize))`
`1193`	`1193`	`// Creating workspaces does not require permissions on the user, only the`
`1194`	`1194`	`// organization member. This endpoint should match the authz story of`
`1195`	`1195`	`// postWorkspacesByOrganization`
`1196`	`1196`	`r.Post("/workspaces",api.postUserWorkspaces)`
	`1197`	`+r.Route("/workspace/{workspacename}",func(r chi.Router) {`
	`1198`	`+r.Get("/",api.workspaceByOwnerAndName)`
	`1199`	`+r.Get("/builds/{buildnumber}",api.workspaceBuildByBuildNumber)`
	`1200`	`+})`
	`1201`	`+})`
	`1202`	`+`
	`1203`	`+r.Group(func(r chi.Router) {`
	`1204`	`+r.Use(httpmw.ExtractUserParam(options.Database))`
`1197`	`1205`
`1198`	`1206`	`// Similarly to creating a workspace, evaluating parameters for a`
`1199`	`1207`	`// new workspace should also match the authz story of`
`1200`	`1208`	`// postWorkspacesByOrganization`
	`1209`	`+// TODO: Do not require site wide read user permission. Make this work`
	`1210`	`+// with org member permissions.`
`1201`	`1211`	`r.Route("/templateversions/{templateversion}",func(r chi.Router) {`
`1202`	`1212`	`r.Use(`
`1203`	`1213`	`httpmw.ExtractTemplateVersionParam(options.Database),`
`1204`	`1214`	`httpmw.RequireExperiment(api.Experiments,codersdk.ExperimentDynamicParameters),`
`1205`	`1215`	`)`
`1206`	`1216`	`r.Get("/parameters",api.templateVersionDynamicParameters)`
`1207`	`1217`	`})`
`1208`		`-})`
`1209`		`-`
`1210`		`-r.Group(func(r chi.Router) {`
`1211`		`-r.Use(httpmw.ExtractUserParam(options.Database))`
`1212`	`1218`
`1213`	`1219`	`r.Post("/convert-login",api.postConvertLoginType)`
`1214`	`1220`	`r.Delete("/",api.deleteUser)`
`@@ -1250,10 +1256,7 @@ func New(options Options) API {`
`1250`	`1256`	`r.Get("/",api.organizationsByUser)`
`1251`	`1257`	`r.Get("/{organizationname}",api.organizationByUserAndName)`
`1252`	`1258`	`})`
`1253`		`-r.Route("/workspace/{workspacename}",func(r chi.Router) {`
`1254`		`-r.Get("/",api.workspaceByOwnerAndName)`
`1255`		`-r.Get("/builds/{buildnumber}",api.workspaceBuildByBuildNumber)`
`1256`		`-})`
	`1259`	`+`
`1257`	`1260`	`r.Get("/gitsshkey",api.gitSSHKey)`
`1258`	`1261`	`r.Put("/gitsshkey",api.regenerateGitSSHKey)`
`1259`	`1262`	`r.Route("/notifications",func(r chi.Router) {`

`‎coderd/httpmw/organizationparam.go`

Lines changed: 128 additions & 24 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,12 +11,15 @@ import (`
`11`	`11`	`"github.com/coder/coder/v2/coderd/database"`
`12`	`12`	`"github.com/coder/coder/v2/coderd/database/dbauthz"`
`13`	`13`	`"github.com/coder/coder/v2/coderd/httpapi"`
	`14`	`+"github.com/coder/coder/v2/coderd/rbac"`
	`15`	`+"github.com/coder/coder/v2/coderd/rbac/policy"`
`14`	`16`	`"github.com/coder/coder/v2/codersdk"`
`15`	`17`	`)`
`16`	`18`
`17`	`19`	`type (`
`18`		`-organizationParamContextKeystruct{}`
`19`		`-organizationMemberParamContextKeystruct{}`
	`20`	`+organizationParamContextKeystruct{}`
	`21`	`+organizationMemberParamContextKeystruct{}`
	`22`	`+organizationMembersParamContextKeystruct{}`
`20`	`23`	`)`
`21`	`24`
`22`	`25`	`// OrganizationParam returns the organization from the ExtractOrganizationParam handler.`
`@@ -38,6 +41,14 @@ func OrganizationMemberParam(r *http.Request) OrganizationMember {`
`38`	`41`	`returnorganizationMember`
`39`	`42`	`}`
`40`	`43`
	`44`	`+funcOrganizationMembersParam(r*http.Request)OrganizationMembers {`
	`45`	`+organizationMembers,ok:=r.Context().Value(organizationMembersParamContextKey{}).(OrganizationMembers)`
	`46`	`+if!ok {`
	`47`	`+panic("developer error: organization members param middleware not provided")`
	`48`	`+}`
	`49`	`+returnorganizationMembers`
	`50`	`+}`
	`51`	`+`
`41`	`52`	`// ExtractOrganizationParam grabs an organization from the "organization" URL parameter.`
`42`	`53`	`// This middleware requires the API key middleware higher in the call stack for authentication.`
`43`	`54`	`funcExtractOrganizationParam(db database.Store)func(http.Handler) http.Handler {`
`@@ -111,35 +122,23 @@ func ExtractOrganizationMemberParam(db database.Store) func(http.Handler) http.H`
`111`	`122`	`returnfunc(next http.Handler) http.Handler {`
`112`	`123`	`returnhttp.HandlerFunc(func(rw http.ResponseWriter,r*http.Request) {`
`113`	`124`	`ctx:=r.Context()`
`114`		-// We need to resolve the `{user}` URL parameter so that we can get the userID and
`115`		`-// username. We do this as SystemRestricted since the caller might have permission`
`116`		`-// to access the OrganizationMember object, but not the User object. So, it is`
`117`		`-// very important that we do not add the User object to the request context or otherwise`
`118`		`-// leak it to the API handler.`
`119`		`-// nolint:gocritic`
`120`		`-user,ok:=ExtractUserContext(dbauthz.AsSystemRestricted(ctx),db,rw,r)`
`121`		`-if!ok {`
`122`		`-return`
`123`		`-}`
`124`	`125`	`organization:=OrganizationParam(r)`
`125`		`-`
`126`		`-organizationMember,err:=database.ExpectOne(db.OrganizationMembers(ctx, database.OrganizationMembersParams{`
`127`		`-OrganizationID:organization.ID,`
`128`		`-UserID:user.ID,`
`129`		`-IncludeSystem:false,`
`130`		`-}))`
`131`		`-ifhttpapi.Is404Error(err) {`
`132`		`-httpapi.ResourceNotFound(rw)`
	`126`	`+_,members,done:=ExtractOrganizationMember(ctx,nil,rw,r,db,organization.ID)`
	`127`	`+ifdone {`
`133`	`128`	`return`
`134`	`129`	`}`
`135`		`-iferr!=nil {`
	`130`	`+`
	`131`	`+iflen(members)!=1 {`
`136`	`132`	`httpapi.Write(ctx,rw,http.StatusInternalServerError, codersdk.Response{`
`137`	`133`	`Message:"Internal error fetching organization member.",`
`138`		`-Detail:err.Error(),`
	`134`	`+// This is a developer error and should never happen.`
	`135`	`+Detail:fmt.Sprintf("Expected exactly one organization member, but got %d.",len(members)),`
`139`	`136`	`})`
`140`	`137`	`return`
`141`	`138`	`}`
`142`	`139`
	`140`	`+organizationMember:=members[0]`
	`141`	`+`
`143`	`142`	`ctx=context.WithValue(ctx,organizationMemberParamContextKey{},OrganizationMember{`
`144`	`143`	`OrganizationMember:organizationMember.OrganizationMember,`
`145`	`144`	`// Here we're making two exceptions to the rule about not leaking data about the user`
`@@ -151,8 +150,113 @@ func ExtractOrganizationMemberParam(db database.Store) func(http.Handler) http.H`
`151`	`150`	`// API handlers need this information for audit logging and returning the owner's`
`152`	`151`	`// username in response to creating a workspace. Additionally, the frontend consumes`
`153`	`152`	`// the Avatar URL and this allows the FE to avoid an extra request.`
`154`		`-Username:user.Username,`
`155`		`-AvatarURL:user.AvatarURL,`
	`153`	`+Username:organizationMember.Username,`
	`154`	`+AvatarURL:organizationMember.AvatarURL,`
	`155`	`+})`
	`156`	`+`
	`157`	`+next.ServeHTTP(rw,r.WithContext(ctx))`
	`158`	`+})`
	`159`	`+}`
	`160`	`+}`
	`161`	`+`
	`162`	`+// ExtractOrganizationMember extracts all user memberships from the "user" URL`
	`163`	`+// parameter. If orgID is uuid.Nil, then it will return all memberships for the`
	`164`	`+// user, otherwise it will only return memberships to the org.`
	`165`	`+//`
	`166`	+// If `user` is returned, that means the caller can use the data. This is returned because
	`167`	`+// it is possible to have a user with 0 organizations. So the user != nil, with 0 memberships.`
	`168`	`+funcExtractOrganizationMember(ctx context.Context,authfunc(rhttp.Request,action policy.Action,object rbac.Objecter)bool,rw http.ResponseWriter,rhttp.Request,db database.Store,orgID uuid.UUID) (*database.User, []database.OrganizationMembersRow,bool) {`
	`169`	+// We need to resolve the `{user}` URL parameter so that we can get the userID and
	`170`	`+// username. We do this as SystemRestricted since the caller might have permission`
	`171`	`+// to access the OrganizationMember object, but not the User object. So, it is`
	`172`	`+// very important that we do not add the User object to the request context or otherwise`
	`173`	`+// leak it to the API handler.`
	`174`	`+// nolint:gocritic`
	`175`	`+user,ok:=ExtractUserContext(dbauthz.AsSystemRestricted(ctx),db,rw,r)`
	`176`	`+if!ok {`
	`177`	`+returnnil,nil,true`
	`178`	`+}`
	`179`	`+`
	`180`	`+organizationMembers,err:=db.OrganizationMembers(ctx, database.OrganizationMembersParams{`
	`181`	`+OrganizationID:orgID,`
	`182`	`+UserID:user.ID,`
	`183`	`+IncludeSystem:false,`
	`184`	`+})`
	`185`	`+ifhttpapi.Is404Error(err) {`
	`186`	`+httpapi.ResourceNotFound(rw)`
	`187`	`+returnnil,nil,true`
	`188`	`+}`
	`189`	`+iferr!=nil {`
	`190`	`+httpapi.Write(ctx,rw,http.StatusInternalServerError, codersdk.Response{`
	`191`	`+Message:"Internal error fetching organization member.",`
	`192`	`+Detail:err.Error(),`
	`193`	`+})`
	`194`	`+returnnil,nil,true`
	`195`	`+}`
	`196`	`+`
	`197`	`+// Only return the user data if the caller can read the user object.`
	`198`	`+ifauth!=nil&&auth(r,policy.ActionRead,user) {`
	`199`	`+return&user,organizationMembers,false`
	`200`	`+}`
	`201`	`+`
	`202`	`+// If the user cannot be read and 0 memberships exist, throw a 404 to not`
	`203`	`+// leak the user existence.`
	`204`	`+iflen(organizationMembers)==0 {`
	`205`	`+httpapi.ResourceNotFound(rw)`
	`206`	`+returnnil,nil,true`
	`207`	`+}`
	`208`	`+`
	`209`	`+returnnil,organizationMembers,false`
	`210`	`+}`
	`211`	`+`
	`212`	`+typeOrganizationMembersstruct {`
	`213`	+// User is `nil` if the caller is not allowed access to the site wide
	`214`	`+// user object.`
	`215`	`+User*database.User`
	`216`	+// Memberships can only be length 0 if `user != nil`. If `user == nil`, then
	`217`	`+// memberships will be at least length 1.`
	`218`	`+Memberships []OrganizationMember`
	`219`	`+}`
	`220`	`+`
	`221`	`+func (omOrganizationMembers)UserID() uuid.UUID {`
	`222`	`+ifom.User!=nil {`
	`223`	`+returnom.User.ID`
	`224`	`+}`
	`225`	`+`
	`226`	`+iflen(om.Memberships)>0 {`
	`227`	`+returnom.Memberships[0].UserID`
	`228`	`+}`
	`229`	`+returnuuid.Nil`
	`230`	`+}`
	`231`	`+`
	`232`	`+// ExtractOrganizationMembersParam grabs all user organization memberships.`
	`233`	`+// Only requires the "user" URL parameter.`
	`234`	`+//`
	`235`	`+// Use this if you want to grab as much information for a user as you can.`
	`236`	`+// From an organization context, site wide user information might not available.`
	`237`	`+funcExtractOrganizationMembersParam(db database.Store,authfunc(r*http.Request,action policy.Action,object rbac.Objecter)bool)func(http.Handler) http.Handler {`
	`238`	`+returnfunc(next http.Handler) http.Handler {`
	`239`	`+returnhttp.HandlerFunc(func(rw http.ResponseWriter,r*http.Request) {`
	`240`	`+ctx:=r.Context()`
	`241`	`+`
	`242`	`+// Fetch all memberships`
	`243`	`+user,members,done:=ExtractOrganizationMember(ctx,auth,rw,r,db,uuid.Nil)`
	`244`	`+ifdone {`
	`245`	`+return`
	`246`	`+}`
	`247`	`+`
	`248`	`+orgMembers:=make([]OrganizationMember,0,len(members))`
	`249`	`+for_,organizationMember:=rangemembers {`
	`250`	`+orgMembers=append(orgMembers,OrganizationMember{`
	`251`	`+OrganizationMember:organizationMember.OrganizationMember,`
	`252`	`+Username:organizationMember.Username,`
	`253`	`+AvatarURL:organizationMember.AvatarURL,`
	`254`	`+})`
	`255`	`+}`
	`256`	`+`
	`257`	`+ctx=context.WithValue(ctx,organizationMembersParamContextKey{},OrganizationMembers{`
	`258`	`+User:user,`
	`259`	`+Memberships:orgMembers,`
`156`	`260`	`})`
`157`	`261`	`next.ServeHTTP(rw,r.WithContext(ctx))`
`158`	`262`	`})`

`‎coderd/httpmw/organizationparam_test.go`

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,8 @@ import (`
`16`	`16`	`"github.com/coder/coder/v2/coderd/database/dbmem"`
`17`	`17`	`"github.com/coder/coder/v2/coderd/database/dbtime"`
`18`	`18`	`"github.com/coder/coder/v2/coderd/httpmw"`
	`19`	`+"github.com/coder/coder/v2/coderd/rbac"`
	`20`	`+"github.com/coder/coder/v2/coderd/rbac/policy"`
`19`	`21`	`"github.com/coder/coder/v2/codersdk"`
`20`	`22`	`"github.com/coder/coder/v2/testutil"`
`21`	`23`	`)`
`@@ -167,6 +169,10 @@ func TestOrganizationParam(t *testing.T) {`
`167`	`169`	`httpmw.ExtractOrganizationParam(db),`
`168`	`170`	`httpmw.ExtractUserParam(db),`
`169`	`171`	`httpmw.ExtractOrganizationMemberParam(db),`
	`172`	`+httpmw.ExtractOrganizationMembersParam(db,func(r*http.Request,_ policy.Action,_ rbac.Objecter)bool {`
	`173`	`+// Assume the caller cannot read the member`
	`174`	`+returnfalse`
	`175`	`+}),`
`170`	`176`	`)`
`171`	`177`	`rtr.Get("/",func(rw http.ResponseWriter,r*http.Request) {`
`172`	`178`	`org:=httpmw.OrganizationParam(r)`
`@@ -190,6 +196,11 @@ func TestOrganizationParam(t *testing.T) {`
`190`	`196`	`assert.NotEmpty(t,orgMem.OrganizationMember.UpdatedAt)`
`191`	`197`	`assert.NotEmpty(t,orgMem.OrganizationMember.UserID)`
`192`	`198`	`assert.NotEmpty(t,orgMem.OrganizationMember.Roles)`
	`199`	`+`
	`200`	`+orgMems:=httpmw.OrganizationMembersParam(r)`
	`201`	`+assert.NotZero(t,orgMems)`
	`202`	`+assert.Equal(t,orgMem.UserID,orgMems.Memberships[0].UserID)`
	`203`	`+assert.Nil(t,orgMems.User,"user data should not be available, hard coded false authorize")`
`193`	`204`	`})`
`194`	`205`
`195`	`206`	`// Try by ID`

`‎coderd/workspacebuilds.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -232,7 +232,7 @@ func (api API) workspaceBuilds(rw http.ResponseWriter, r http.Request) {`
`232`	`232`	`// @Router /users/{user}/workspace/{workspacename}/builds/{buildnumber} [get]`
`233`	`233`	`func (apiAPI)workspaceBuildByBuildNumber(rw http.ResponseWriter,rhttp.Request) {`
`234`	`234`	`ctx:=r.Context()`
`235`		`-owner:=httpmw.UserParam(r)`
	`235`	`+mems:=httpmw.OrganizationMembersParam(r)`
`236`	`236`	`workspaceName:=chi.URLParam(r,"workspacename")`
`237`	`237`	`buildNumber,err:=strconv.ParseInt(chi.URLParam(r,"buildnumber"),10,32)`
`238`	`238`	`iferr!=nil {`
`@@ -244,7 +244,7 @@ func (api API) workspaceBuildByBuildNumber(rw http.ResponseWriter, r http.Requ`
`244`	`244`	`}`
`245`	`245`
`246`	`246`	`workspace,err:=api.Database.GetWorkspaceByOwnerIDAndName(ctx, database.GetWorkspaceByOwnerIDAndNameParams{`
`247`		`-OwnerID:owner.ID,`
	`247`	`+OwnerID:mems.UserID(),`
`248`	`248`	`Name:workspaceName,`
`249`	`249`	`})`
`250`	`250`	`ifhttpapi.Is404Error(err) {`

`‎coderd/workspaces.go`

Lines changed: 25 additions & 38 deletions

Original file line number	Diff line number	Diff line change
`@@ -253,7 +253,8 @@ func (api API) workspaces(rw http.ResponseWriter, r http.Request) {`
`253`	`253`	`// @Router /users/{user}/workspace/{workspacename} [get]`
`254`	`254`	`func (apiAPI)workspaceByOwnerAndName(rw http.ResponseWriter,rhttp.Request) {`
`255`	`255`	`ctx:=r.Context()`
`256`		`-owner:=httpmw.UserParam(r)`
	`256`	`+`
	`257`	`+mems:=httpmw.OrganizationMembersParam(r)`
`257`	`258`	`workspaceName:=chi.URLParam(r,"workspacename")`
`258`	`259`	`apiKey:=httpmw.APIKey(r)`
`259`	`260`
`@@ -273,12 +274,12 @@ func (api API) workspaceByOwnerAndName(rw http.ResponseWriter, r http.Request)`
`273`	`274`	`}`
`274`	`275`
`275`	`276`	`workspace,err:=api.Database.GetWorkspaceByOwnerIDAndName(ctx, database.GetWorkspaceByOwnerIDAndNameParams{`
`276`		`-OwnerID:owner.ID,`
	`277`	`+OwnerID:mems.UserID(),`
`277`	`278`	`Name:workspaceName,`
`278`	`279`	`})`
`279`	`280`	`ifincludeDeleted&&errors.Is(err,sql.ErrNoRows) {`
`280`	`281`	`workspace,err=api.Database.GetWorkspaceByOwnerIDAndName(ctx, database.GetWorkspaceByOwnerIDAndNameParams{`
`281`		`-OwnerID:owner.ID,`
	`282`	`+OwnerID:mems.UserID(),`
`282`	`283`	`Name:workspaceName,`
`283`	`284`	`Deleted:includeDeleted,`
`284`	`285`	`})`
`@@ -408,6 +409,7 @@ func (api API) postUserWorkspaces(rw http.ResponseWriter, r http.Request) {`
`408`	`409`	`ctx=r.Context()`
`409`	`410`	`apiKey=httpmw.APIKey(r)`
`410`	`411`	`auditor=api.Auditor.Load()`
	`412`	`+mems=httpmw.OrganizationMembersParam(r)`
`411`	`413`	`)`
`412`	`414`
`413`	`415`	`varreq codersdk.CreateWorkspaceRequest`
`@@ -416,17 +418,16 @@ func (api API) postUserWorkspaces(rw http.ResponseWriter, r http.Request) {`
`416`	`418`	`}`
`417`	`419`
`418`	`420`	`varownerworkspaceOwner`
`419`		`-// This user fetch is an optimization path for the most common case of creating a`
`420`		`-// workspace for 'Me'.`
`421`		`-//`
`422`		-// This is also required to allow `owners` to create workspaces for users
`423`		`-// that are not in an organization.`
`424`		`-user,ok:=httpmw.UserParamOptional(r)`
`425`		`-ifok {`
	`421`	`+ifmems.User!=nil {`
	`422`	`+// This user fetch is an optimization path for the most common case of creating a`
	`423`	`+// workspace for 'Me'.`
	`424`	`+//`
	`425`	+// This is also required to allow `owners` to create workspaces for users
	`426`	`+// that are not in an organization.`
`426`	`427`	`owner=workspaceOwner{`
`427`		`-ID:user.ID,`
`428`		`-Username:user.Username,`
`429`		`-AvatarURL:user.AvatarURL,`
	`428`	`+ID:mems.User.ID,`
	`429`	`+Username:mems.User.Username,`
	`430`	`+AvatarURL:mems.User.AvatarURL,`
`430`	`431`	`}`
`431`	`432`	`}else {`
`432`	`433`	`// A workspace can still be created if the caller can read the organization`
`@@ -443,35 +444,21 @@ func (api API) postUserWorkspaces(rw http.ResponseWriter, r http.Request) {`
`443`	`444`	`return`
`444`	`445`	`}`
`445`	`446`
`446`		`-// We need to fetch the original user as a system user to fetch the`
`447`		`-// user_id. 'ExtractUserContext' handles all cases like usernames,`
`448`		`-// 'Me', etc.`
`449`		`-// nolint:gocritic // The user_id needs to be fetched. This handles all those cases.`
`450`		`-user,ok:=httpmw.ExtractUserContext(dbauthz.AsSystemRestricted(ctx),api.Database,rw,r)`
`451`		`-if!ok {`
`452`		`-return`
`453`		`-}`
`454`		`-`
`455`		`-organizationMember,err:=database.ExpectOne(api.Database.OrganizationMembers(ctx, database.OrganizationMembersParams{`
`456`		`-OrganizationID:template.OrganizationID,`
`457`		`-UserID:user.ID,`
`458`		`-IncludeSystem:false,`
`459`		`-}))`
`460`		`-ifhttpapi.Is404Error(err) {`
	`447`	`+// If the caller can find the organization membership in the same org`
	`448`	`+// as the template, then they can continue.`
	`449`	`+orgIndex:=slices.IndexFunc(mems.Memberships,func(mem httpmw.OrganizationMember)bool {`
	`450`	`+returnmem.OrganizationID==template.OrganizationID`
	`451`	`+})`
	`452`	`+iforgIndex==-1 {`
`461`	`453`	`httpapi.ResourceNotFound(rw)`
`462`	`454`	`return`
`463`	`455`	`}`
`464`		`-iferr!=nil {`
`465`		`-httpapi.Write(ctx,rw,http.StatusInternalServerError, codersdk.Response{`
`466`		`-Message:"Internal error fetching organization member.",`
`467`		`-Detail:err.Error(),`
`468`		`-})`
`469`		`-return`
`470`		`-}`
	`456`	`+`
	`457`	`+member:=mems.Memberships[orgIndex]`
`471`	`458`	`owner=workspaceOwner{`
`472`		`-ID:organizationMember.OrganizationMember.UserID,`
`473`		`-Username:organizationMember.Username,`
`474`		`-AvatarURL:organizationMember.AvatarURL,`
	`459`	`+ID:member.UserID,`
	`460`	`+Username:member.Username,`
	`461`	`+AvatarURL:member.AvatarURL,`
`475`	`462`	`}`
`476`	`463`	`}`
`477`	`464`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitd5360a6

File tree

6 files changed

6 files changed

`‎coderd/coderd.go`

`‎coderd/httpmw/organizationparam.go`

`‎coderd/httpmw/organizationparam_test.go`

`‎coderd/workspacebuilds.go`

`‎coderd/workspaces.go`

0 commit comments