NotificationsYou must be signed in to change notification settings
Fork927
Star10.1k

Commitef9936f

committed

Merge remote-tracking branch 'origin/main' into stevenmasley/rbac_views

2 parents4c0cd84 +418a8a7 commitef9936fCopy full SHA for ef9936f

File tree

5 files changed

+65

-127

lines changed

coderd
- database/dbauthz
- templates.go
- workspaces.go

5 files changed

+65

-127

lines changed

`‎coderd/database/dbauthz/querier.go`

Lines changed: 0 additions & 115 deletions

Original file line number	Diff line number	Diff line change
`@@ -251,12 +251,6 @@ func (q *querier) GetProvisionerJobByID(ctx context.Context, id uuid.UUID) (data`
`251`	`251`	`returnjob,nil`
`252`	`252`	`}`
`253`	`253`
`254`		`-func (q*querier)GetProvisionerJobsByIDs(ctx context.Context,ids []uuid.UUID) ([]database.ProvisionerJob,error) {`
`255`		`-// TODO: This is missing authorization and is incorrect. This call is used by telemetry, and by 1 http route.`
`256`		`-// That http handler should find a better way to fetch these jobs with easier rbac authz.`
`257`		`-returnq.db.GetProvisionerJobsByIDs(ctx,ids)`
`258`		`-}`
`259`		`-`
`260`	`254`	`func (q*querier)GetProvisionerLogsByIDBetween(ctx context.Context,arg database.GetProvisionerLogsByIDBetweenParams) ([]database.ProvisionerJobLog,error) {`
`261`	`255`	`// Authorized read on job lets the actor also read the logs.`
`262`	`256`	`_,err:=q.GetProvisionerJobByID(ctx,arg.JobID)`
`@@ -725,35 +719,6 @@ func (q *querier) GetTemplateVersionVariables(ctx context.Context, templateVersi`
`725`	`719`	`returnq.db.GetTemplateVersionVariables(ctx,templateVersionID)`
`726`	`720`	`}`
`727`	`721`
`728`		`-func (q*querier)GetTemplateVersionsByIDs(ctx context.Context,ids []uuid.UUID) ([]database.TemplateVersion,error) {`
`729`		`-// TODO: This is so inefficient`
`730`		`-versions,err:=q.db.GetTemplateVersionsByIDs(ctx,ids)`
`731`		`-iferr!=nil {`
`732`		`-returnnil,err`
`733`		`-}`
`734`		`-checked:=make(map[uuid.UUID]bool)`
`735`		`-for_,v:=rangeversions {`
`736`		`-if_,ok:=checked[v.TemplateID.UUID];ok {`
`737`		`-continue`
`738`		`-}`
`739`		`-`
`740`		`-obj:=v.RBACObjectNoTemplate()`
`741`		`-template,err:=q.db.GetTemplateByID(ctx,v.TemplateID.UUID)`
`742`		`-iferr==nil {`
`743`		`-obj=v.RBACObject(template)`
`744`		`-}`
`745`		`-iferr!=nil&&!xerrors.Is(err,sql.ErrNoRows) {`
`746`		`-returnnil,err`
`747`		`-}`
`748`		`-iferr:=q.authorizeContext(ctx,rbac.ActionRead,obj);err!=nil {`
`749`		`-returnnil,err`
`750`		`-}`
`751`		`-checked[v.TemplateID.UUID]=true`
`752`		`-}`
`753`		`-`
`754`		`-returnversions,nil`
`755`		`-}`
`756`		`-`
`757`	`722`	`func (q*querier)GetTemplateVersionsByTemplateID(ctx context.Context,arg database.GetTemplateVersionsByTemplateIDParams) ([]database.TemplateVersion,error) {`
`758`	`723`	`// An actor can read template versions if they can read the related template.`
`759`	`724`	`template,err:=q.db.GetTemplateByID(ctx,arg.TemplateID)`
`@@ -1013,11 +978,6 @@ func (q *querier) GetUsersWithCount(ctx context.Context, arg database.GetUsersPa`
`1013`	`978`	`returnusers,rowUsers[0].Count,nil`
`1014`	`979`	`}`
`1015`	`980`
`1016`		`-// TODO: Remove this and use a filter on GetUsers`
`1017`		`-func (q*querier)GetUsersByIDs(ctx context.Context,ids []uuid.UUID) ([]database.User,error) {`
`1018`		`-returnfetchWithPostFilter(q.auth,q.db.GetUsersByIDs)(ctx,ids)`
`1019`		`-}`
`1020`		`-`
`1021`	`981`	`func (q*querier)InsertUser(ctx context.Context,arg database.InsertUserParams) (database.User,error) {`
`1022`	`982`	`// Always check if the assigned roles can actually be assigned by this actor.`
`1023`	`983`	`impliedRoles:=append([]string{rbac.RoleMember()},arg.RBACRoles...)`
`@@ -1219,37 +1179,6 @@ func (q *querier) GetWorkspaceAgentByInstanceID(ctx context.Context, authInstanc`
`1219`	`1179`	`returnagent,nil`
`1220`	`1180`	`}`
`1221`	`1181`
`1222`		`-// GetWorkspaceAgentsByResourceIDs is an all or nothing call. If the user cannot read`
`1223`		`-// a single agent, the entire call will fail.`
`1224`		`-func (q*querier)GetWorkspaceAgentsByResourceIDs(ctx context.Context,ids []uuid.UUID) ([]database.WorkspaceAgent,error) {`
`1225`		`-if_,ok:=ActorFromContext(ctx);!ok {`
`1226`		`-returnnil,NoActorError`
`1227`		`-}`
`1228`		`-// TODO: Make this more efficient. This is annoying because all these resources should be owned by the same workspace.`
`1229`		`-// So the authz check should just be 1 check, but we cannot do that easily here. We should see if all callers can`
`1230`		`-// instead do something like GetWorkspaceAgentsByWorkspaceID.`
`1231`		`-agents,err:=q.db.GetWorkspaceAgentsByResourceIDs(ctx,ids)`
`1232`		`-iferr!=nil {`
`1233`		`-returnnil,err`
`1234`		`-}`
`1235`		`-`
`1236`		`-for_,a:=rangeagents {`
`1237`		`-// Check if we can fetch the workspace by the agent ID.`
`1238`		`-_,err:=q.GetWorkspaceByAgentID(ctx,a.ID)`
`1239`		`-iferr==nil {`
`1240`		`-continue`
`1241`		`-}`
`1242`		`-iferrors.Is(err,sql.ErrNoRows)&&!errors.As(err,&NotAuthorizedError{}) {`
`1243`		`-// The agent is not tied to a workspace, likely from an orphaned template version.`
`1244`		`-// Just return it.`
`1245`		`-continue`
`1246`		`-}`
`1247`		`-// Otherwise, we cannot read the workspace, so we cannot read the agent.`
`1248`		`-returnnil,err`
`1249`		`-}`
`1250`		`-returnagents,nil`
`1251`		`-}`
`1252`		`-`
`1253`	`1182`	`func (q*querier)UpdateWorkspaceAgentLifecycleStateByID(ctx context.Context,arg database.UpdateWorkspaceAgentLifecycleStateByIDParams)error {`
`1254`	`1183`	`agent,err:=q.db.GetWorkspaceAgentByID(ctx,arg.ID)`
`1255`	`1184`	`iferr!=nil {`
`@@ -1302,20 +1231,6 @@ func (q *querier) GetWorkspaceAppsByAgentID(ctx context.Context, agentID uuid.UU`
`1302`	`1231`	`returnq.db.GetWorkspaceAppsByAgentID(ctx,agentID)`
`1303`	`1232`	`}`
`1304`	`1233`
`1305`		`-// GetWorkspaceAppsByAgentIDs is an all or nothing call. If the user cannot read a single app, the entire call will fail.`
`1306`		`-func (q*querier)GetWorkspaceAppsByAgentIDs(ctx context.Context,ids []uuid.UUID) ([]database.WorkspaceApp,error) {`
`1307`		`-// TODO: This should be reworked. All these apps are likely owned by the same workspace, so we should be able to`
`1308`		`-// do 1 authz call. We should refactor this to be GetWorkspaceAppsByWorkspaceID.`
`1309`		`-for_,id:=rangeids {`
`1310`		`-_,err:=q.GetWorkspaceAgentByID(ctx,id)`
`1311`		`-iferr!=nil {`
`1312`		`-returnnil,err`
`1313`		`-}`
`1314`		`-}`
`1315`		`-`
`1316`		`-returnq.db.GetWorkspaceAppsByAgentIDs(ctx,ids)`
`1317`		`-}`
`1318`		`-`
`1319`	`1234`	`func (q*querier)GetWorkspaceBuildByID(ctx context.Context,buildID uuid.UUID) (database.WorkspaceBuild,error) {`
`1320`	`1235`	`returnfetch(q.log,q.auth,q.db.GetWorkspaceBuildByID)(ctx,buildID)`
`1321`	`1236`	`}`
`@@ -1373,21 +1288,6 @@ func (q *querier) GetWorkspaceResourceByID(ctx context.Context, id uuid.UUID) (d`
`1373`	`1288`	`returnresource,nil`
`1374`	`1289`	`}`
`1375`	`1290`
`1376`		`-// GetWorkspaceResourceMetadataByResourceIDs is an all or nothing call. If a single resource is not authorized, then`
`1377`		`-// an error is returned.`
`1378`		`-func (q*querier)GetWorkspaceResourceMetadataByResourceIDs(ctx context.Context,ids []uuid.UUID) ([]database.WorkspaceResourceMetadatum,error) {`
`1379`		`-// TODO: This is very inefficient. Since all these resources are likely asscoiated with the same workspace.`
`1380`		`-for_,id:=rangeids {`
`1381`		`-// If we can read the resource, we can read the metadata.`
`1382`		`-_,err:=q.GetWorkspaceResourceByID(ctx,id)`
`1383`		`-iferr!=nil {`
`1384`		`-returnnil,err`
`1385`		`-}`
`1386`		`-}`
`1387`		`-`
`1388`		`-returnq.db.GetWorkspaceResourceMetadataByResourceIDs(ctx,ids)`
`1389`		`-}`
`1390`		`-`
`1391`	`1291`	`func (q*querier)GetWorkspaceResourcesByJobID(ctx context.Context,jobID uuid.UUID) ([]database.WorkspaceResource,error) {`
`1392`	`1292`	`job,err:=q.db.GetProvisionerJobByID(ctx,jobID)`
`1393`	`1293`	`iferr!=nil {`
`@@ -1433,21 +1333,6 @@ func (q *querier) GetWorkspaceResourcesByJobID(ctx context.Context, jobID uuid.U`
`1433`	`1333`	`returnq.db.GetWorkspaceResourcesByJobID(ctx,jobID)`
`1434`	`1334`	`}`
`1435`	`1335`
`1436`		`-// GetWorkspaceResourcesByJobIDs is an all or nothing call. If a single resource is not authorized, then`
`1437`		`-// an error is returned.`
`1438`		`-func (q*querier)GetWorkspaceResourcesByJobIDs(ctx context.Context,ids []uuid.UUID) ([]database.WorkspaceResource,error) {`
`1439`		`-// TODO: This is very inefficient. Since all these resources are likely asscoiated with the same workspace.`
`1440`		`-for_,id:=rangeids {`
`1441`		`-// If we can read the resource, we can read the metadata.`
`1442`		`-_,err:=q.GetProvisionerJobByID(ctx,id)`
`1443`		`-iferr!=nil {`
`1444`		`-returnnil,err`
`1445`		`-}`
`1446`		`-}`
`1447`		`-`
`1448`		`-returnq.db.GetWorkspaceResourcesByJobIDs(ctx,ids)`
`1449`		`-}`
`1450`		`-`
`1451`	`1336`	`func (q*querier)InsertWorkspace(ctx context.Context,arg database.InsertWorkspaceParams) (database.Workspace,error) {`
`1452`	`1337`	`obj:=rbac.ResourceWorkspace.WithOwner(arg.OwnerID.String()).InOrg(arg.OrganizationID)`
`1453`	`1338`	`returninsert(q.log,q.auth,obj,q.db.InsertWorkspace)(ctx,arg)`

`‎coderd/database/dbauthz/querier_test.go`

Lines changed: 8 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -622,7 +622,7 @@ func (s *MethodTestSuite) TestTemplate() {`
`622`	`622`	`TemplateID: uuid.NullUUID{UUID:t2.ID,Valid:true},`
`623`	`623`	`})`
`624`	`624`	`check.Args([]uuid.UUID{tv1.ID,tv2.ID,tv3.ID}).`
`625`		`-Asserts(t1,rbac.ActionRead,t2,rbac.ActionRead).`
	`625`	`+Asserts(/t1, rbac.ActionRead, t2, rbac.ActionRead/).`
`626`	`626`	`Returns(slice.New(tv1,tv2,tv3))`
`627`	`627`	`}))`
`628`	`628`	`s.Run("GetTemplateVersionsByTemplateID",s.Subtest(func(db database.Store,check*expects) {`
`@@ -797,7 +797,7 @@ func (s *MethodTestSuite) TestUser() {`
`797`	`797`	`a:=dbgen.User(s.T(),db, database.User{CreatedAt:database.Now().Add(-time.Hour)})`
`798`	`798`	`b:=dbgen.User(s.T(),db, database.User{CreatedAt:database.Now()})`
`799`	`799`	`check.Args([]uuid.UUID{a.ID,b.ID}).`
`800`		`-Asserts(a,rbac.ActionRead,b,rbac.ActionRead).`
	`800`	`+Asserts(/a, rbac.ActionRead, b, rbac.ActionRead/).`
`801`	`801`	`Returns(slice.New(a,b))`
`802`	`802`	`}))`
`803`	`803`	`s.Run("InsertUser",s.Subtest(func(db database.Store,check*expects) {`
`@@ -972,7 +972,7 @@ func (s *MethodTestSuite) TestWorkspace() {`
`972`	`972`	`build:=dbgen.WorkspaceBuild(s.T(),db, database.WorkspaceBuild{WorkspaceID:ws.ID,JobID:uuid.New()}).WithWorkspace(ws)`
`973`	`973`	`res:=dbgen.WorkspaceResource(s.T(),db, database.WorkspaceResource{JobID:build.JobID})`
`974`	`974`	`agt:=dbgen.WorkspaceAgent(s.T(),db, database.WorkspaceAgent{ResourceID:res.ID})`
`975`		`-check.Args([]uuid.UUID{res.ID}).Asserts(ws,rbac.ActionRead).`
	`975`	`+check.Args([]uuid.UUID{res.ID}).Asserts(/ws, rbac.ActionRead/).`
`976`	`976`	`Returns([]database.WorkspaceAgent{agt})`
`977`	`977`	`}))`
`978`	`978`	`s.Run("UpdateWorkspaceAgentLifecycleStateByID",s.Subtest(func(db database.Store,check*expects) {`
`@@ -1030,7 +1030,7 @@ func (s *MethodTestSuite) TestWorkspace() {`
`1030`	`1030`	`b:=dbgen.WorkspaceApp(s.T(),db, database.WorkspaceApp{AgentID:bAgt.ID})`
`1031`	`1031`
`1032`	`1032`	`check.Args([]uuid.UUID{a.AgentID,b.AgentID}).`
`1033`		`-Asserts(aWs,rbac.ActionRead,bWs,rbac.ActionRead).`
	`1033`	`+Asserts(/aWs, rbac.ActionRead, bWs, rbac.ActionRead/).`
`1034`	`1034`	`Returns([]database.WorkspaceApp{a,b})`
`1035`	`1035`	`}))`
`1036`	`1036`	`s.Run("GetWorkspaceBuildByID",s.Subtest(func(db database.Store,check*expects) {`
`@@ -1093,7 +1093,7 @@ func (s *MethodTestSuite) TestWorkspace() {`
`1093`	`1093`	`a:=dbgen.WorkspaceResource(s.T(),db, database.WorkspaceResource{JobID:build.JobID})`
`1094`	`1094`	`b:=dbgen.WorkspaceResource(s.T(),db, database.WorkspaceResource{JobID:build.JobID})`
`1095`	`1095`	`check.Args([]uuid.UUID{a.ID,b.ID}).`
`1096`		`-Asserts(ws, []rbac.Action{rbac.ActionRead,rbac.ActionRead})`
	`1096`	`+Asserts(/ws, []rbac.Action{rbac.ActionRead, rbac.ActionRead}/)`
`1097`	`1097`	`}))`
`1098`	`1098`	`s.Run("Build/GetWorkspaceResourcesByJobID",s.Subtest(func(db database.Store,check*expects) {`
`1099`	`1099`	`ws:=dbgen.Workspace(s.T(),db, database.Workspace{})`
`@@ -1115,7 +1115,9 @@ func (s *MethodTestSuite) TestWorkspace() {`
`1115`	`1115`	`ws:=dbgen.Workspace(s.T(),db, database.Workspace{})`
`1116`	`1116`	`build:=dbgen.WorkspaceBuild(s.T(),db, database.WorkspaceBuild{WorkspaceID:ws.ID,JobID:uuid.New()}).WithWorkspace(ws)`
`1117`	`1117`	`wJob:=dbgen.ProvisionerJob(s.T(),db, database.ProvisionerJob{ID:build.JobID,Type:database.ProvisionerJobTypeWorkspaceBuild})`
`1118`		`-check.Args([]uuid.UUID{tJob.ID,wJob.ID}).Asserts(v.RBACObject(tpl),rbac.ActionRead,ws,rbac.ActionRead).Returns([]database.WorkspaceResource{})`
	`1118`	`+check.Args([]uuid.UUID{tJob.ID,wJob.ID}).`
	`1119`	`+Asserts(/v.RBACObject(tpl), rbac.ActionRead, ws, rbac.ActionRead/ ).`
	`1120`	`+Returns([]database.WorkspaceResource{})`
`1119`	`1121`	`}))`
`1120`	`1122`	`s.Run("InsertWorkspace",s.Subtest(func(db database.Store,check*expects) {`
`1121`	`1123`	`u:=dbgen.User(s.T(),db, database.User{})`

`‎coderd/database/dbauthz/system.go`

Lines changed: 50 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,56 @@ import (`
`14`	`14`	// to these objects. Might need a negative permission on the `Owner` role to
`15`	`15`	`// prevent owners.`
`16`	`16`
	`17`	`+// GetWorkspaceAppsByAgentIDs`
	`18`	`+// The workspace/job is already fetched.`
	`19`	`+// TODO: This function should be removed/replaced with something with proper auth.`
	`20`	`+func (q*querier)GetWorkspaceAppsByAgentIDs(ctx context.Context,ids []uuid.UUID) ([]database.WorkspaceApp,error) {`
	`21`	`+returnq.db.GetWorkspaceAppsByAgentIDs(ctx,ids)`
	`22`	`+}`
	`23`	`+`
	`24`	`+// GetWorkspaceAgentsByResourceIDs`
	`25`	`+// The workspace/job is already fetched.`
	`26`	`+// TODO: This function should be removed/replaced with something with proper auth.`
	`27`	`+func (q*querier)GetWorkspaceAgentsByResourceIDs(ctx context.Context,ids []uuid.UUID) ([]database.WorkspaceAgent,error) {`
	`28`	`+returnq.db.GetWorkspaceAgentsByResourceIDs(ctx,ids)`
	`29`	`+}`
	`30`	`+`
	`31`	`+// GetWorkspaceResourceMetadataByResourceIDs is only used for build data.`
	`32`	`+// The workspace/job is already fetched.`
	`33`	`+// TODO: This function should be removed/replaced with something with proper auth.`
	`34`	`+func (q*querier)GetWorkspaceResourceMetadataByResourceIDs(ctx context.Context,ids []uuid.UUID) ([]database.WorkspaceResourceMetadatum,error) {`
	`35`	`+returnq.db.GetWorkspaceResourceMetadataByResourceIDs(ctx,ids)`
	`36`	`+}`
	`37`	`+`
	`38`	`+// GetUsersByIDs is only used for usernames on workspace return data.`
	`39`	`+// This function should be replaced by joining this data to the workspace query`
	`40`	`+// itself.`
	`41`	`+// TODO: This function should be removed/replaced with something with proper auth.`
	`42`	`+// A SQL compiled filter is an option.`
	`43`	`+func (q*querier)GetUsersByIDs(ctx context.Context,ids []uuid.UUID) ([]database.User,error) {`
	`44`	`+returnq.db.GetUsersByIDs(ctx,ids)`
	`45`	`+}`
	`46`	`+`
	`47`	`+func (q*querier)GetProvisionerJobsByIDs(ctx context.Context,ids []uuid.UUID) ([]database.ProvisionerJob,error) {`
	`48`	`+// TODO: This is missing authorization and is incorrect. This call is used by telemetry, and by 1 http route.`
	`49`	`+// That http handler should find a better way to fetch these jobs with easier rbac authz.`
	`50`	`+returnq.db.GetProvisionerJobsByIDs(ctx,ids)`
	`51`	`+}`
	`52`	`+`
	`53`	`+// GetTemplateVersionsByIDs is only used for workspace build data.`
	`54`	`+// The workspace is already fetched.`
	`55`	`+// TODO: Find a way to replace this with proper authz.`
	`56`	`+func (q*querier)GetTemplateVersionsByIDs(ctx context.Context,ids []uuid.UUID) ([]database.TemplateVersion,error) {`
	`57`	`+returnq.db.GetTemplateVersionsByIDs(ctx,ids)`
	`58`	`+}`
	`59`	`+`
	`60`	`+// GetWorkspaceResourcesByJobIDs is only used for workspace build data.`
	`61`	`+// The workspace is already fetched.`
	`62`	`+// TODO: Find a way to replace this with proper authz.`
	`63`	`+func (q*querier)GetWorkspaceResourcesByJobIDs(ctx context.Context,ids []uuid.UUID) ([]database.WorkspaceResource,error) {`
	`64`	`+returnq.db.GetWorkspaceResourcesByJobIDs(ctx,ids)`
	`65`	`+}`
	`66`	`+`
`17`	`67`	`func (q*querier)UpdateUserLinkedID(ctx context.Context,arg database.UpdateUserLinkedIDParams) (database.UserLink,error) {`
`18`	`68`	`returnq.db.UpdateUserLinkedID(ctx,arg)`
`19`	`69`	`}`

`‎coderd/templates.go`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ import (`
`15`	`15`
`16`	`16`	`"github.com/coder/coder/coderd/audit"`
`17`	`17`	`"github.com/coder/coder/coderd/database"`
	`18`	`+"github.com/coder/coder/coderd/database/dbauthz"`
`18`	`19`	`"github.com/coder/coder/coderd/httpapi"`
`19`	`20`	`"github.com/coder/coder/coderd/httpmw"`
`20`	`21`	`"github.com/coder/coder/coderd/rbac"`
`@@ -82,11 +83,10 @@ func (api API) deleteTemplate(rw http.ResponseWriter, r http.Request) {`
`82`	`83`	`return`
`83`	`84`	`}`
`84`	`85`
`85`		`-// TODO: This just returns the workspaces a user can view. We should use`
`86`		`-// a system function to get all workspaces that use this template.`
`87`		`-// This data should never be exposed to the user aside from a non-zero count.`
`88`		`-// Or we move this into a postgres constraint.`
`89`		`-workspaces,err:=api.Database.GetWorkspaces(ctx, database.GetWorkspacesParams{`
	`86`	`+// This is just to get the workspace count, so we use a system context to`
	`87`	`+// return ALL workspaces. Not just workspaces the user can view.`
	`88`	`+// nolint:gocritic`
	`89`	`+workspaces,err:=api.Database.GetWorkspaces(dbauthz.AsSystemRestricted(ctx), database.GetWorkspacesParams{`
`90`	`90`	`TemplateIds: []uuid.UUID{template.ID},`
`91`	`91`	`})`
`92`	`92`	`iferr!=nil&&!errors.Is(err,sql.ErrNoRows) {`

`‎coderd/workspaces.go`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -571,7 +571,7 @@ func (api API) postWorkspacesByOrganization(rw http.ResponseWriter, r http.Req`
`571`	`571`	`}`
`572`	`572`	`aReq.New=workspace`
`573`	`573`
`574`		`-users,err:=api.Database.GetUsersByIDs(ctx,[]uuid.UUID{user.ID,workspaceBuild.InitiatorID})`
	`574`	`+initiator,err:=api.Database.GetUserByID(ctx,workspaceBuild.InitiatorID)`
`575`	`575`	`iferr!=nil {`
`576`	`576`	`httpapi.Write(ctx,rw,http.StatusInternalServerError, codersdk.Response{`
`577`	`577`	`Message:"Internal error fetching user.",`
`@@ -585,6 +585,7 @@ func (api API) postWorkspacesByOrganization(rw http.ResponseWriter, r http.Req`
`585`	`585`	`WorkspaceBuilds: []telemetry.WorkspaceBuild{telemetry.ConvertWorkspaceBuild(workspaceBuild)},`
`586`	`586`	`})`
`587`	`587`
	`588`	`+users:= []database.User{user,initiator}`
`588`	`589`	`apiBuild,err:=api.convertWorkspaceBuild(`
`589`	`590`	`workspaceBuild,`
`590`	`591`	`workspace,`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitef9936f

File tree

5 files changed

5 files changed

`‎coderd/database/dbauthz/querier.go`

`‎coderd/database/dbauthz/querier_test.go`

`‎coderd/database/dbauthz/system.go`

`‎coderd/templates.go`

`‎coderd/workspaces.go`

0 commit comments