Skip to content

Commit a5e8911

Browse files
kylecarbskylecarbs
authored
fix: index template versions by template and name (coder#5993)
* fix: index template versions by template and name We were incorrectly returning template versions by name relative to organizations. This could result in an incorrect version being returned if multiple templates had versions with the same name. * Fix auth referencing * Fix route location * Fix authorize route name * Fix previous call * Fix authorize route name
1 parent ea7e55f commit a5e8911

File tree

17 files changed

+248
-214
lines changed

17 files changed

+248
-214
lines changed

coderd/apidoc/docs.go

Lines changed: 44 additions & 30 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/apidoc/swagger.json

Lines changed: 42 additions & 28 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/coderd.go

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -398,16 +398,18 @@ func New(options *Options) *API {
398398
httpmw.ExtractOrganizationParam(options.Database),
399399
)
400400
r.Get("/", api.organization)
401-
r.Route("/templateversions", func(r chi.Router) {
402-
r.Post("/", api.postTemplateVersionsByOrganization)
403-
r.Get("/{templateversionname}", api.templateVersionByOrganizationAndName)
404-
r.Get("/{templateversionname}/previous", api.previousTemplateVersionByOrganizationAndName)
405-
})
401+
r.Post("/templateversions", api.postTemplateVersionsByOrganization)
406402
r.Route("/templates", func(r chi.Router) {
407403
r.Post("/", api.postTemplateByOrganization)
408404
r.Get("/", api.templatesByOrganization)
409-
r.Get("/{templatename}", api.templateByOrganizationAndName)
410405
r.Get("/examples", api.templateExamples)
406+
r.Route("/{templatename}", func(r chi.Router) {
407+
r.Get("/", api.templateByOrganizationAndName)
408+
r.Route("/versions/{templateversionname}", func(r chi.Router) {
409+
r.Get("/", api.templateVersionByOrganizationTemplateAndName)
410+
r.Get("/previous", api.previousTemplateVersionByOrganizationTemplateAndName)
411+
})
412+
})
411413
})
412414
r.Route("/members", func(r chi.Router) {
413415
r.Get("/roles", api.assignableOrgRoles)

coderd/coderdtest/authorize.go

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -239,6 +239,14 @@ func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {
239239
AssertAction: rbac.ActionRead,
240240
AssertObject: templateObj,
241241
},
242+
"GET:/api/v2/organizations/{organization}/templates/{templatename}/versions/{templateversionname}": {
243+
AssertAction: rbac.ActionRead,
244+
AssertObject: templateObj,
245+
},
246+
"GET:/api/v2/organizations/{organization}/templates/{templatename}/versions/{templateversionname}/previous": {
247+
AssertAction: rbac.ActionRead,
248+
AssertObject: templateObj,
249+
},
242250
"POST:/api/v2/organizations/{organization}/members/{user}/workspaces": {
243251
AssertAction: rbac.ActionCreate,
244252
// No ID when creating
@@ -252,12 +260,10 @@ func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {
252260
"GET:/api/v2/applications/auth-redirect": {AssertAction: rbac.ActionCreate, AssertObject: rbac.ResourceAPIKey},
253261

254262
// These endpoints need payloads to get to the auth part. Payloads will be required
255-
"PUT:/api/v2/users/{user}/roles": {StatusCode: http.StatusBadRequest, NoAuthorize: true},
256-
"PUT:/api/v2/organizations/{organization}/members/{user}/roles": {NoAuthorize: true},
257-
"POST:/api/v2/workspaces/{workspace}/builds": {StatusCode: http.StatusBadRequest, NoAuthorize: true},
258-
"POST:/api/v2/organizations/{organization}/templateversions": {StatusCode: http.StatusBadRequest, NoAuthorize: true},
259-
"GET:/api/v2/organizations/{organization}/templateversions/{templateversionname}": {StatusCode: http.StatusBadRequest, NoAuthorize: true},
260-
"GET:/api/v2/organizations/{organization}/templateversions/{templateversionname}/previous": {StatusCode: http.StatusBadRequest, NoAuthorize: true},
263+
"PUT:/api/v2/users/{user}/roles": {StatusCode: http.StatusBadRequest, NoAuthorize: true},
264+
"PUT:/api/v2/organizations/{organization}/members/{user}/roles": {NoAuthorize: true},
265+
"POST:/api/v2/workspaces/{workspace}/builds": {StatusCode: http.StatusBadRequest, NoAuthorize: true},
266+
"POST:/api/v2/organizations/{organization}/templateversions": {StatusCode: http.StatusBadRequest, NoAuthorize: true},
261267

262268
// Endpoints that use the SQLQuery filter.
263269
"GET:/api/v2/workspaces/": {

coderd/database/databasefake/databasefake.go

Lines changed: 0 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1797,26 +1797,6 @@ func (q *fakeQuerier) GetTemplateVersionParameters(_ context.Context, templateVe
17971797
return parameters, nil
17981798
}
17991799

1800-
func (q *fakeQuerier) GetTemplateVersionByOrganizationAndName(_ context.Context, arg database.GetTemplateVersionByOrganizationAndNameParams) (database.TemplateVersion, error) {
1801-
if err := validateDatabaseType(arg); err != nil {
1802-
return database.TemplateVersion{}, err
1803-
}
1804-
1805-
q.mutex.RLock()
1806-
defer q.mutex.RUnlock()
1807-
1808-
for _, templateVersion := range q.templateVersions {
1809-
if templateVersion.OrganizationID != arg.OrganizationID {
1810-
continue
1811-
}
1812-
if !strings.EqualFold(templateVersion.Name, arg.Name) {
1813-
continue
1814-
}
1815-
return templateVersion, nil
1816-
}
1817-
return database.TemplateVersion{}, sql.ErrNoRows
1818-
}
1819-
18201800
func (q *fakeQuerier) GetTemplateVersionByID(_ context.Context, templateVersionID uuid.UUID) (database.TemplateVersion, error) {
18211801
q.mutex.RLock()
18221802
defer q.mutex.RUnlock()

coderd/database/querier.go

Lines changed: 0 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)