fix: fetching custom roles from workspace agent context

Emyrk · Emyrk · commit 19b213a35e44 · 2025-01-22T17:48:16.000-06:00
diff --git a/coderd/httpmw/workspaceagent.go b/coderd/httpmw/workspaceagent.go
@@ -109,36 +109,12 @@ func ExtractWorkspaceAgentAndLatestBuild(opts ExtractWorkspaceAgentAndLatestBuil
 				return
 			}
 
-			//nolint:gocritic // System needs to be able to get owner roles.
-			roles, err := opts.DB.GetAuthorizationUserRoles(dbauthz.AsSystemRestricted(ctx), row.WorkspaceTable.OwnerID)
-			if err != nil {
-				httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
-					Message: "Internal error checking workspace agent authorization.",
-					Detail:  err.Error(),
-				})
-				return
-			}
-
-			roleNames, err := roles.RoleNames()
-			if err != nil {
-				httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
-					Message: "Internal server error",
-					Detail:  err.Error(),
-				})
-				return
-			}
-
-			subject := rbac.Subject{
-				ID:     row.WorkspaceTable.OwnerID.String(),
-				Roles:  rbac.RoleIdentifiers(roleNames),
-				Groups: roles.Groups,
-				Scope: rbac.WorkspaceAgentScope(rbac.WorkspaceAgentScopeParams{
-					WorkspaceID: row.WorkspaceTable.ID,
-					OwnerID:     row.WorkspaceTable.OwnerID,
-					TemplateID:  row.WorkspaceTable.TemplateID,
-					VersionID:   row.WorkspaceBuild.TemplateVersionID,
-				}),
-			}.WithCachedASTValue()
+			subject, _, err := UserRBACSubject(ctx, opts.DB, row.WorkspaceTable.OwnerID, rbac.WorkspaceAgentScope(rbac.WorkspaceAgentScopeParams{
+				WorkspaceID: row.WorkspaceTable.ID,
+				OwnerID:     row.WorkspaceTable.OwnerID,
+				TemplateID:  row.WorkspaceTable.TemplateID,
+				VersionID:   row.WorkspaceBuild.TemplateVersionID,
+			}))
 
 			ctx = context.WithValue(ctx, workspaceAgentContextKey{}, row.WorkspaceAgent)
 			ctx = context.WithValue(ctx, latestBuildContextKey{}, row.WorkspaceBuild)
