Fix: authz

mtojek · mtojek · commit 4bac51775404 · 2023-02-14T16:01:07.000Z
diff --git a/coderd/database/dbauthz/querier.go b/coderd/database/dbauthz/querier.go
@@ -720,6 +720,29 @@ func (q *querier) GetTemplateVersionParameters(ctx context.Context, templateVers
 	return q.db.GetTemplateVersionParameters(ctx, templateVersionID)
 }
 
+func (q *querier) GetTemplateVersionVariables(ctx context.Context, templateVersionID uuid.UUID) ([]database.TemplateVersionVariable, error) {
+	tv, err := q.db.GetTemplateVersionByID(ctx, templateVersionID)
+	if err != nil {
+		return nil, err
+	}
+
+	var object rbac.Objecter
+	template, err := q.db.GetTemplateByID(ctx, tv.TemplateID.UUID)
+	if err != nil {
+		if !errors.Is(err, sql.ErrNoRows) {
+			return nil, err
+		}
+		object = rbac.ResourceTemplate.InOrg(tv.OrganizationID)
+	} else {
+		object = tv.RBACObject(template)
+	}
+
+	if err := q.authorizeContext(ctx, rbac.ActionCreate, object); err != nil {
+		return nil, err
+	}
+	return q.db.GetTemplateVersionVariables(ctx, templateVersionID)
+}
+
 func (q *querier) GetTemplateVersionsByIDs(ctx context.Context, ids []uuid.UUID) ([]database.TemplateVersion, error) {
 	// TODO: This is so inefficient
 	versions, err := q.db.GetTemplateVersionsByIDs(ctx, ids)
diff --git a/coderd/database/dbauthz/system.go b/coderd/database/dbauthz/system.go
@@ -185,6 +185,10 @@ func (q *querier) InsertTemplateVersionParameter(ctx context.Context, arg databa
 	return q.db.InsertTemplateVersionParameter(ctx, arg)
 }
 
+func (q *querier) InsertTemplateVersionVariable(ctx context.Context, arg database.InsertTemplateVersionVariableParams) (database.TemplateVersionVariable, error) {
+	return q.db.InsertTemplateVersionVariable(ctx, arg)
+}
+
 func (q *querier) InsertWorkspaceResource(ctx context.Context, arg database.InsertWorkspaceResourceParams) (database.WorkspaceResource, error) {
 	return q.db.InsertWorkspaceResource(ctx, arg)
 }

Original file line number	Diff line number	Diff line change
`@@ -185,6 +185,10 @@ func (q *querier) InsertTemplateVersionParameter(ctx context.Context, arg databa`
`185`	`185`	`return q.db.InsertTemplateVersionParameter(ctx, arg)`
`186`	`186`	`}`
`187`	`187`
	`188`	`+func (q *querier) InsertTemplateVersionVariable(ctx context.Context, arg database.InsertTemplateVersionVariableParams) (database.TemplateVersionVariable, error) {`
	`189`	`+ return q.db.InsertTemplateVersionVariable(ctx, arg)`
	`190`	`+}`
	`191`	`+`
`188`	`192`	`func (q *querier) InsertWorkspaceResource(ctx context.Context, arg database.InsertWorkspaceResourceParams) (database.WorkspaceResource, error) {`
`189`	`193`	`return q.db.InsertWorkspaceResource(ctx, arg)`
`190`	`194`	`}`