Skip to content

Commit 0227439

Browse files
spikecurtisspikecurtis
committed
chore: move AsSystemRestricted to caller
1 parent 59a9753 commit 0227439

File tree

1 file changed

+9
-7
lines changed

1 file changed

+9
-7
lines changed

coderd/httpmw/userparam.go

+9-7
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,11 @@ func ExtractUserParam(db database.Store, redirectToLoginOnMe bool) func(http.Han
4040
return func(next http.Handler) http.Handler {
4141
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
4242
ctx := r.Context()
43-
user, ok := extractUserContext(ctx, db, rw, r, redirectToLoginOnMe)
43+
// We need to call as SystemRestricted because this middleware is called from
44+
// organizations/{organization}/members/{user}/ paths, and we need to allow
45+
// org-admins to call these paths --- they might not have sitewide read permissions on users.
46+
// nolint:gocritic
47+
user, ok := extractUserContext(dbauthz.AsSystemRestricted(ctx), db, rw, r, redirectToLoginOnMe)
4448
if !ok {
4549
// response already handled
4650
return
@@ -77,8 +81,7 @@ func extractUserContext(ctx context.Context, db database.Store, rw http.Response
7781
})
7882
return database.User{}, false
7983
}
80-
//nolint:gocritic // System needs to be able to get user from param.
81-
user, err := db.GetUserByID(dbauthz.AsSystemRestricted(ctx), apiKey.UserID)
84+
user, err := db.GetUserByID(ctx, apiKey.UserID)
8285
if httpapi.Is404Error(err) {
8386
httpapi.ResourceNotFound(rw)
8487
return database.User{}, false
@@ -94,8 +97,7 @@ func extractUserContext(ctx context.Context, db database.Store, rw http.Response
9497
}
9598

9699
if userID, err := uuid.Parse(userQuery); err == nil {
97-
//nolint:gocritic // If the userQuery is a valid uuid
98-
user, err = db.GetUserByID(dbauthz.AsSystemRestricted(ctx), userID)
100+
user, err = db.GetUserByID(ctx, userID)
99101
if err != nil {
100102
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
101103
Message: userErrorMessage,
@@ -106,8 +108,8 @@ func extractUserContext(ctx context.Context, db database.Store, rw http.Response
106108
return user, true
107109
}
108110

109-
// nolint:gocritic // Try as a username last
110-
user, err := db.GetUserByEmailOrUsername(dbauthz.AsSystemRestricted(ctx), database.GetUserByEmailOrUsernameParams{
111+
// Try as a username last
112+
user, err := db.GetUserByEmailOrUsername(ctx, database.GetUserByEmailOrUsernameParams{
111113
Username: userQuery,
112114
})
113115
if err != nil {

0 commit comments

Comments
 (0)