coder/coderPublic

NotificationsYou must be signed in to change notification settings
Fork927
Star10.1k

Replace`rbac.ResourceSystem` usage in`dbauthz.InsertWorkspaceApp` #18210

New issue

Closed

#18223

Closed

Replacerbac.ResourceSystem usage indbauthz.InsertWorkspaceApp#18210

#18223

Assignees

Description

DanielleMaywood

opened

on Jun 3, 2025

CurrentlyInsertWorkspaceApp relies onrbac.ResourceSystem

coder/coderd/database/dbauthz/dbauthz.go

Lines 3853 to 3858 inda9a313

	func (q*querier)InsertWorkspaceApp(ctx context.Context,arg database.InsertWorkspaceAppParams) (database.WorkspaceApp,error) {
	iferr:=q.authorizeContext(ctx,policy.ActionCreate,rbac.ResourceSystem);err!=nil {
	return database.WorkspaceApp{},err
	}
	returnq.db.InsertWorkspaceApp(ctx,arg)
	}

This is problematic as calling this requiresAsSystemRestricted, which grants far too many permissions.

Metadata

Assignees

DanielleMaywood

Labels

No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Replace`rbac.ResourceSystem` usage in`dbauthz.InsertWorkspaceApp` #18210

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Movatterモバイル変換

Replacerbac.ResourceSystem usage indbauthz.InsertWorkspaceApp #18210

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Replace`rbac.ResourceSystem` usage in`dbauthz.InsertWorkspaceApp` #18210