wip

brettkolodny · brettkolodny · commit 06ff95c196c9 · 2025-03-07T20:46:50.000Z
diff --git a/coderd/database/dbauthz/dbauthz.go b/coderd/database/dbauthz/dbauthz.go
@@ -3582,7 +3582,10 @@ func (q *querier) OrganizationMembers(ctx context.Context, arg database.Organiza
 }
 
 func (q *querier) PaginatedOrganizationMembers(ctx context.Context, arg database.PaginatedOrganizationMembersParams) ([]database.PaginatedOrganizationMembersRow, error) {
-	return fetchWithPostFilter(q.auth, policy.ActionRead, q.db.PaginatedOrganizationMembers)(ctx, arg)
+	if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceOrganizationMember.InOrg(arg.OrganizationID)); err != nil {
+		return nil, err
+	}
+	return q.db.PaginatedOrganizationMembers(ctx, arg)
 }
 
 func (q *querier) ReduceWorkspaceAgentShareLevelToAuthenticatedByTemplate(ctx context.Context, templateID uuid.UUID) error {
diff --git a/coderd/database/dbauthz/dbauthz_test.go b/coderd/database/dbauthz/dbauthz_test.go
@@ -987,18 +987,12 @@ func (s *MethodTestSuite) TestOrganization() {
 	}))
 	s.Run("PaginatedOrganizationMembers", s.Subtest(func(db database.Store, check *expects) {
 		o := dbgen.Organization(s.T(), db, database.Organization{})
-		u := dbgen.User(s.T(), db, database.User{})
-		mem := dbgen.OrganizationMember(s.T(), db, database.OrganizationMember{
-			OrganizationID: o.ID,
-			UserID:         u.ID,
-			Roles:          []string{rbac.RoleOrgAdmin()},
-		})
 
 		check.Args(database.PaginatedOrganizationMembersParams{
-			OrganizationID: uuid.UUID{},
+			OrganizationID: o.ID,
 			LimitOpt:       1,
 		}).Asserts(
-			mem, policy.ActionRead,
+			rbac.ResourceOrganizationMember.InOrg(o.ID), policy.ActionRead,
 		)
 	}))
 	s.Run("UpdateMemberRoles", s.Subtest(func(db database.Store, check *expects) {

Original file line number	Diff line number	Diff line change
`@@ -3582,7 +3582,10 @@ func (q *querier) OrganizationMembers(ctx context.Context, arg database.Organiza`
`3582`	`3582`	`}`
`3583`	`3583`
`3584`	`3584`	`func (q *querier) PaginatedOrganizationMembers(ctx context.Context, arg database.PaginatedOrganizationMembersParams) ([]database.PaginatedOrganizationMembersRow, error) {`
`3585`		`- return fetchWithPostFilter(q.auth, policy.ActionRead, q.db.PaginatedOrganizationMembers)(ctx, arg)`
	`3585`	`+ if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceOrganizationMember.InOrg(arg.OrganizationID)); err != nil {`
	`3586`	`+ return nil, err`
	`3587`	`+ }`
	`3588`	`+ return q.db.PaginatedOrganizationMembers(ctx, arg)`
`3586`	`3589`	`}`
`3587`	`3590`
`3588`	`3591`	`func (q *querier) ReduceWorkspaceAgentShareLevelToAuthenticatedByTemplate(ctx context.Context, templateID uuid.UUID) error {`