Skip to content

Commit 0d6f6a0

Browse files
EmyrkEmyrk
committed
Fix getTemplateVersionsByID
1 parent 73655ab commit 0d6f6a0

File tree

1 file changed

+24
-4
lines changed

1 file changed

+24
-4
lines changed

coderd/authzquery/template.go

Lines changed: 24 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -155,12 +155,32 @@ func (q *AuthzQuerier) GetTemplateVersionParameters(ctx context.Context, templat
155155
}
156156

157157
func (q *AuthzQuerier) GetTemplateVersionsByIDs(ctx context.Context, ids []uuid.UUID) ([]database.TemplateVersion, error) {
158-
// An actor can read template versions if they can read the related template.
159-
// There are multiple template IDs, so we will just check that all templates can be read.
160-
if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceTemplate.All()); err != nil {
158+
// TODO: This is so inefficient
159+
versions, err := q.database.GetTemplateVersionsByIDs(ctx, ids)
160+
if err != nil {
161161
return nil, err
162162
}
163-
return q.database.GetTemplateVersionsByIDs(ctx, ids)
163+
checked := make(map[uuid.UUID]bool)
164+
for _, v := range versions {
165+
if _, ok := checked[v.TemplateID.UUID]; ok {
166+
continue
167+
}
168+
169+
obj := v.RBACObjectNoTemplate()
170+
template, err := q.database.GetTemplateByID(ctx, v.TemplateID.UUID)
171+
if err == nil {
172+
obj = v.RBACObject(template)
173+
}
174+
if err != nil && !xerrors.Is(err, sql.ErrNoRows) {
175+
return nil, err
176+
}
177+
if err := q.authorizeContext(ctx, rbac.ActionRead, obj); err != nil {
178+
return nil, err
179+
}
180+
checked[v.TemplateID.UUID] = true
181+
}
182+
183+
return versions, nil
164184
}
165185

166186
func (q *AuthzQuerier) GetTemplateVersionsByTemplateID(ctx context.Context, arg database.GetTemplateVersionsByTemplateIDParams) ([]database.TemplateVersion, error) {

0 commit comments

Comments
 (0)