Start removing QueryByRelated

Emyrk · Emyrk · commit 4fe26e96eb8c · 2023-02-07T08:18:42.000-06:00
diff --git a/coderd/authzquery/workspace.go b/coderd/authzquery/workspace.go
@@ -28,8 +28,7 @@ func (q *AuthzQuerier) GetWorkspaces(ctx context.Context, arg database.GetWorksp
 }
 
 func (q *AuthzQuerier) GetLatestWorkspaceBuildByWorkspaceID(ctx context.Context, workspaceID uuid.UUID) (database.WorkspaceBuild, error) {
-	_, err := q.GetWorkspaceByID(ctx, workspaceID)
-	if err != nil {
+	if _, err := q.GetWorkspaceByID(ctx, workspaceID); err != nil {
 		return database.WorkspaceBuild{}, nil
 	}
 	return q.db.GetLatestWorkspaceBuildByWorkspaceID(ctx, workspaceID)
@@ -50,8 +49,7 @@ func (q *AuthzQuerier) GetLatestWorkspaceBuildsByWorkspaceIDs(ctx context.Contex
 }
 
 func (q *AuthzQuerier) GetWorkspaceAgentByID(ctx context.Context, id uuid.UUID) (database.WorkspaceAgent, error) {
-	_, err := q.GetWorkspaceByAgentID(ctx, id)
-	if err != nil {
+	if _, err := q.GetWorkspaceByAgentID(ctx, id); err != nil {
 		return database.WorkspaceAgent{}, err
 	}
 	return q.db.GetWorkspaceAgentByID(ctx, id)
@@ -62,10 +60,15 @@ func (q *AuthzQuerier) GetWorkspaceAgentByID(ctx context.Context, id uuid.UUID)
 // is essentially an auth token. But the caller using this function is not
 // an authenticated user. So this authz check will fail.
 func (q *AuthzQuerier) GetWorkspaceAgentByInstanceID(ctx context.Context, authInstanceID string) (database.WorkspaceAgent, error) {
-	fetch := func(agent database.WorkspaceAgent, _ string) (database.Workspace, error) {
-		return q.db.GetWorkspaceByAgentID(ctx, agent.ID)
+	agent, err := q.db.GetWorkspaceAgentByInstanceID(ctx, authInstanceID)
+	if err != nil {
+		return database.WorkspaceAgent{}, err
+	}
+	_, err = q.GetWorkspaceByAgentID(ctx, agent.ID)
+	if err != nil {
+		return database.WorkspaceAgent{}, err
 	}
-	return queryWithRelated(q.log, q.auth, rbac.ActionRead, fetch, q.db.GetWorkspaceAgentByInstanceID)(ctx, authInstanceID)
+	return agent, nil
 }
 
 // GetWorkspaceAgentsByResourceIDs is an all or nothing call. If the user cannot read
@@ -116,20 +119,18 @@ func (q *AuthzQuerier) UpdateWorkspaceAgentLifecycleStateByID(ctx context.Contex
 
 func (q *AuthzQuerier) GetWorkspaceAppByAgentIDAndSlug(ctx context.Context, arg database.GetWorkspaceAppByAgentIDAndSlugParams) (database.WorkspaceApp, error) {
 	// If we can fetch the workspace, we can fetch the apps. Use the authorized call.
-	_, err := q.GetWorkspaceByAgentID(ctx, arg.AgentID)
-	if err != nil {
+	if _, err := q.GetWorkspaceByAgentID(ctx, arg.AgentID); err != nil {
 		return database.WorkspaceApp{}, err
 	}
 
 	return q.db.GetWorkspaceAppByAgentIDAndSlug(ctx, arg)
 }
 
 func (q *AuthzQuerier) GetWorkspaceAppsByAgentID(ctx context.Context, agentID uuid.UUID) ([]database.WorkspaceApp, error) {
-	fetch := func(_ []database.WorkspaceApp, agentID uuid.UUID) (database.Workspace, error) {
-		return q.db.GetWorkspaceByAgentID(ctx, agentID)
+	if _, err := q.GetWorkspaceByAgentID(ctx, agentID); err != nil {
+		return nil, err
 	}
-
-	return queryWithRelated(q.log, q.auth, rbac.ActionRead, fetch, q.db.GetWorkspaceAppsByAgentID)(ctx, agentID)
+	return q.db.GetWorkspaceAppsByAgentID(ctx, agentID)
 }
 
 // GetWorkspaceAppsByAgentIDs is an all or nothing call. If the user cannot read a single app, the entire call will fail.
@@ -146,16 +147,15 @@ func (q *AuthzQuerier) GetWorkspaceAppsByAgentIDs(ctx context.Context, ids []uui
 	return q.db.GetWorkspaceAppsByAgentIDs(ctx, ids)
 }
 
-func (q *AuthzQuerier) GetWorkspaceBuildByID(ctx context.Context, id uuid.UUID) (database.WorkspaceBuild, error) {
-	fetch := func(build database.WorkspaceBuild, _ uuid.UUID) (database.Workspace, error) {
-		return q.db.GetWorkspaceByID(ctx, build.WorkspaceID)
+func (q *AuthzQuerier) GetWorkspaceBuildByID(ctx context.Context, buildID uuid.UUID) (database.WorkspaceBuild, error) {
+	build, err := q.db.GetWorkspaceBuildByID(ctx, buildID)
+	if err != nil {
+		return database.WorkspaceBuild{}, err
 	}
-	return queryWithRelated(
-		q.log,
-		q.auth,
-		rbac.ActionRead,
-		fetch,
-		q.db.GetWorkspaceBuildByID)(ctx, id)
+	if _, err := q.GetWorkspaceByID(ctx, build.WorkspaceID); err != nil {
+		return database.WorkspaceBuild{}, err
+	}
+	return build, nil
 }
 
 func (q *AuthzQuerier) GetWorkspaceBuildByJobID(ctx context.Context, jobID uuid.UUID) (database.WorkspaceBuild, error) {
@@ -172,10 +172,10 @@ func (q *AuthzQuerier) GetWorkspaceBuildByJobID(ctx context.Context, jobID uuid.
 }
 
 func (q *AuthzQuerier) GetWorkspaceBuildByWorkspaceIDAndBuildNumber(ctx context.Context, arg database.GetWorkspaceBuildByWorkspaceIDAndBuildNumberParams) (database.WorkspaceBuild, error) {
-	fetch := func(_ database.WorkspaceBuild, arg database.GetWorkspaceBuildByWorkspaceIDAndBuildNumberParams) (database.Workspace, error) {
-		return q.db.GetWorkspaceByID(ctx, arg.WorkspaceID)
+	if _, err := q.GetWorkspaceByID(ctx, arg.WorkspaceID); err != nil {
+		return database.WorkspaceBuild{}, err
 	}
-	return queryWithRelated(q.log, q.auth, rbac.ActionRead, fetch, q.db.GetWorkspaceBuildByWorkspaceIDAndBuildNumber)(ctx, arg)
+	return q.db.GetWorkspaceBuildByWorkspaceIDAndBuildNumber(ctx, arg)
 }
 
 func (q *AuthzQuerier) GetWorkspaceBuildParameters(ctx context.Context, workspaceBuildID uuid.UUID) ([]database.WorkspaceBuildParameter, error) {
@@ -190,10 +190,10 @@ func (q *AuthzQuerier) GetWorkspaceBuildParameters(ctx context.Context, workspac
 }
 
 func (q *AuthzQuerier) GetWorkspaceBuildsByWorkspaceID(ctx context.Context, arg database.GetWorkspaceBuildsByWorkspaceIDParams) ([]database.WorkspaceBuild, error) {
-	fetch := func(_ []database.WorkspaceBuild, arg database.GetWorkspaceBuildsByWorkspaceIDParams) (database.Workspace, error) {
-		return q.db.GetWorkspaceByID(ctx, arg.WorkspaceID)
+	if _, err := q.GetWorkspaceByID(ctx, arg.WorkspaceID); err != nil {
+		return nil, err
 	}
-	return queryWithRelated(q.log, q.auth, rbac.ActionRead, fetch, q.db.GetWorkspaceBuildsByWorkspaceID)(ctx, arg)
+	return q.db.GetWorkspaceBuildsByWorkspaceID(ctx, arg)
 }
 
 func (q *AuthzQuerier) GetWorkspaceByAgentID(ctx context.Context, agentID uuid.UUID) (database.Workspace, error) {
@@ -304,15 +304,21 @@ func (q *AuthzQuerier) InsertWorkspace(ctx context.Context, arg database.InsertW
 }
 
 func (q *AuthzQuerier) InsertWorkspaceBuild(ctx context.Context, arg database.InsertWorkspaceBuildParams) (database.WorkspaceBuild, error) {
-	fetch := func(build database.WorkspaceBuild, arg database.InsertWorkspaceBuildParams) (database.Workspace, error) {
-		return q.db.GetWorkspaceByID(ctx, arg.WorkspaceID)
+	w, err := q.db.GetWorkspaceByID(ctx, arg.WorkspaceID)
+	if err != nil {
+		return database.WorkspaceBuild{}, err
 	}
 
 	var action rbac.Action = rbac.ActionUpdate
 	if arg.Transition == database.WorkspaceTransitionDelete {
 		action = rbac.ActionDelete
 	}
-	return queryWithRelated(q.log, q.auth, action, fetch, q.db.InsertWorkspaceBuild)(ctx, arg)
+
+	if err = q.authorizeContext(ctx, action, w); err != nil {
+		return database.WorkspaceBuild{}, err
+	}
+
+	return q.db.InsertWorkspaceBuild(ctx, arg)
 }
 
 func (q *AuthzQuerier) InsertWorkspaceBuildParameters(ctx context.Context, arg database.InsertWorkspaceBuildParametersParams) error {

Original file line number	Diff line number	Diff line change
`@@ -28,8 +28,7 @@ func (q *AuthzQuerier) GetWorkspaces(ctx context.Context, arg database.GetWorksp`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`func (q *AuthzQuerier) GetLatestWorkspaceBuildByWorkspaceID(ctx context.Context, workspaceID uuid.UUID) (database.WorkspaceBuild, error) {`
`31`		`- _, err := q.GetWorkspaceByID(ctx, workspaceID)`
`32`		`- if err != nil {`
	`31`	`+ if _, err := q.GetWorkspaceByID(ctx, workspaceID); err != nil {`
`33`	`32`	`return database.WorkspaceBuild{}, nil`
`34`	`33`	`}`
`35`	`34`	`return q.db.GetLatestWorkspaceBuildByWorkspaceID(ctx, workspaceID)`
`@@ -50,8 +49,7 @@ func (q *AuthzQuerier) GetLatestWorkspaceBuildsByWorkspaceIDs(ctx context.Contex`
`50`	`49`	`}`
`51`	`50`
`52`	`51`	`func (q *AuthzQuerier) GetWorkspaceAgentByID(ctx context.Context, id uuid.UUID) (database.WorkspaceAgent, error) {`
`53`		`- _, err := q.GetWorkspaceByAgentID(ctx, id)`
`54`		`- if err != nil {`
	`52`	`+ if _, err := q.GetWorkspaceByAgentID(ctx, id); err != nil {`
`55`	`53`	`return database.WorkspaceAgent{}, err`
`56`	`54`	`}`
`57`	`55`	`return q.db.GetWorkspaceAgentByID(ctx, id)`
`@@ -62,10 +60,15 @@ func (q *AuthzQuerier) GetWorkspaceAgentByID(ctx context.Context, id uuid.UUID)`
`62`	`60`	`// is essentially an auth token. But the caller using this function is not`
`63`	`61`	`// an authenticated user. So this authz check will fail.`
`64`	`62`	`func (q *AuthzQuerier) GetWorkspaceAgentByInstanceID(ctx context.Context, authInstanceID string) (database.WorkspaceAgent, error) {`
`65`		`- fetch := func(agent database.WorkspaceAgent, _ string) (database.Workspace, error) {`
`66`		`- return q.db.GetWorkspaceByAgentID(ctx, agent.ID)`
	`63`	`+ agent, err := q.db.GetWorkspaceAgentByInstanceID(ctx, authInstanceID)`
	`64`	`+ if err != nil {`
	`65`	`+ return database.WorkspaceAgent{}, err`
	`66`	`+ }`
	`67`	`+ _, err = q.GetWorkspaceByAgentID(ctx, agent.ID)`
	`68`	`+ if err != nil {`
	`69`	`+ return database.WorkspaceAgent{}, err`
`67`	`70`	`}`
`68`		`- return queryWithRelated(q.log, q.auth, rbac.ActionRead, fetch, q.db.GetWorkspaceAgentByInstanceID)(ctx, authInstanceID)`
	`71`	`+ return agent, nil`
`69`	`72`	`}`
`70`	`73`
`71`	`74`	`// GetWorkspaceAgentsByResourceIDs is an all or nothing call. If the user cannot read`
`@@ -116,20 +119,18 @@ func (q *AuthzQuerier) UpdateWorkspaceAgentLifecycleStateByID(ctx context.Contex`
`116`	`119`
`117`	`120`	`func (q *AuthzQuerier) GetWorkspaceAppByAgentIDAndSlug(ctx context.Context, arg database.GetWorkspaceAppByAgentIDAndSlugParams) (database.WorkspaceApp, error) {`
`118`	`121`	`// If we can fetch the workspace, we can fetch the apps. Use the authorized call.`
`119`		`- _, err := q.GetWorkspaceByAgentID(ctx, arg.AgentID)`
`120`		`- if err != nil {`
	`122`	`+ if _, err := q.GetWorkspaceByAgentID(ctx, arg.AgentID); err != nil {`
`121`	`123`	`return database.WorkspaceApp{}, err`
`122`	`124`	`}`
`123`	`125`
`124`	`126`	`return q.db.GetWorkspaceAppByAgentIDAndSlug(ctx, arg)`
`125`	`127`	`}`
`126`	`128`
`127`	`129`	`func (q *AuthzQuerier) GetWorkspaceAppsByAgentID(ctx context.Context, agentID uuid.UUID) ([]database.WorkspaceApp, error) {`
`128`		`- fetch := func(_ []database.WorkspaceApp, agentID uuid.UUID) (database.Workspace, error) {`
`129`		`- return q.db.GetWorkspaceByAgentID(ctx, agentID)`
	`130`	`+ if _, err := q.GetWorkspaceByAgentID(ctx, agentID); err != nil {`
	`131`	`+ return nil, err`
`130`	`132`	`}`
`131`		`-`
`132`		`- return queryWithRelated(q.log, q.auth, rbac.ActionRead, fetch, q.db.GetWorkspaceAppsByAgentID)(ctx, agentID)`
	`133`	`+ return q.db.GetWorkspaceAppsByAgentID(ctx, agentID)`
`133`	`134`	`}`
`134`	`135`
`135`	`136`	`// GetWorkspaceAppsByAgentIDs is an all or nothing call. If the user cannot read a single app, the entire call will fail.`
`@@ -146,16 +147,15 @@ func (q *AuthzQuerier) GetWorkspaceAppsByAgentIDs(ctx context.Context, ids []uui`
`146`	`147`	`return q.db.GetWorkspaceAppsByAgentIDs(ctx, ids)`
`147`	`148`	`}`
`148`	`149`
`149`		`-func (q *AuthzQuerier) GetWorkspaceBuildByID(ctx context.Context, id uuid.UUID) (database.WorkspaceBuild, error) {`
`150`		`- fetch := func(build database.WorkspaceBuild, _ uuid.UUID) (database.Workspace, error) {`
`151`		`- return q.db.GetWorkspaceByID(ctx, build.WorkspaceID)`
	`150`	`+func (q *AuthzQuerier) GetWorkspaceBuildByID(ctx context.Context, buildID uuid.UUID) (database.WorkspaceBuild, error) {`
	`151`	`+ build, err := q.db.GetWorkspaceBuildByID(ctx, buildID)`
	`152`	`+ if err != nil {`
	`153`	`+ return database.WorkspaceBuild{}, err`
`152`	`154`	`}`
`153`		`- return queryWithRelated(`
`154`		`- q.log,`
`155`		`- q.auth,`
`156`		`- rbac.ActionRead,`
`157`		`- fetch,`
`158`		`- q.db.GetWorkspaceBuildByID)(ctx, id)`
	`155`	`+ if _, err := q.GetWorkspaceByID(ctx, build.WorkspaceID); err != nil {`
	`156`	`+ return database.WorkspaceBuild{}, err`
	`157`	`+ }`
	`158`	`+ return build, nil`
`159`	`159`	`}`
`160`	`160`
`161`	`161`	`func (q *AuthzQuerier) GetWorkspaceBuildByJobID(ctx context.Context, jobID uuid.UUID) (database.WorkspaceBuild, error) {`
`@@ -172,10 +172,10 @@ func (q *AuthzQuerier) GetWorkspaceBuildByJobID(ctx context.Context, jobID uuid.`
`172`	`172`	`}`
`173`	`173`
`174`	`174`	`func (q *AuthzQuerier) GetWorkspaceBuildByWorkspaceIDAndBuildNumber(ctx context.Context, arg database.GetWorkspaceBuildByWorkspaceIDAndBuildNumberParams) (database.WorkspaceBuild, error) {`
`175`		`- fetch := func(_ database.WorkspaceBuild, arg database.GetWorkspaceBuildByWorkspaceIDAndBuildNumberParams) (database.Workspace, error) {`
`176`		`- return q.db.GetWorkspaceByID(ctx, arg.WorkspaceID)`
	`175`	`+ if _, err := q.GetWorkspaceByID(ctx, arg.WorkspaceID); err != nil {`
	`176`	`+ return database.WorkspaceBuild{}, err`
`177`	`177`	`}`
`178`		`- return queryWithRelated(q.log, q.auth, rbac.ActionRead, fetch, q.db.GetWorkspaceBuildByWorkspaceIDAndBuildNumber)(ctx, arg)`
	`178`	`+ return q.db.GetWorkspaceBuildByWorkspaceIDAndBuildNumber(ctx, arg)`
`179`	`179`	`}`
`180`	`180`
`181`	`181`	`func (q *AuthzQuerier) GetWorkspaceBuildParameters(ctx context.Context, workspaceBuildID uuid.UUID) ([]database.WorkspaceBuildParameter, error) {`
`@@ -190,10 +190,10 @@ func (q *AuthzQuerier) GetWorkspaceBuildParameters(ctx context.Context, workspac`
`190`	`190`	`}`
`191`	`191`
`192`	`192`	`func (q *AuthzQuerier) GetWorkspaceBuildsByWorkspaceID(ctx context.Context, arg database.GetWorkspaceBuildsByWorkspaceIDParams) ([]database.WorkspaceBuild, error) {`
`193`		`- fetch := func(_ []database.WorkspaceBuild, arg database.GetWorkspaceBuildsByWorkspaceIDParams) (database.Workspace, error) {`
`194`		`- return q.db.GetWorkspaceByID(ctx, arg.WorkspaceID)`
	`193`	`+ if _, err := q.GetWorkspaceByID(ctx, arg.WorkspaceID); err != nil {`
	`194`	`+ return nil, err`
`195`	`195`	`}`
`196`		`- return queryWithRelated(q.log, q.auth, rbac.ActionRead, fetch, q.db.GetWorkspaceBuildsByWorkspaceID)(ctx, arg)`
	`196`	`+ return q.db.GetWorkspaceBuildsByWorkspaceID(ctx, arg)`
`197`	`197`	`}`
`198`	`198`
`199`	`199`	`func (q *AuthzQuerier) GetWorkspaceByAgentID(ctx context.Context, agentID uuid.UUID) (database.Workspace, error) {`
`@@ -304,15 +304,21 @@ func (q *AuthzQuerier) InsertWorkspace(ctx context.Context, arg database.InsertW`
`304`	`304`	`}`
`305`	`305`
`306`	`306`	`func (q *AuthzQuerier) InsertWorkspaceBuild(ctx context.Context, arg database.InsertWorkspaceBuildParams) (database.WorkspaceBuild, error) {`
`307`		`- fetch := func(build database.WorkspaceBuild, arg database.InsertWorkspaceBuildParams) (database.Workspace, error) {`
`308`		`- return q.db.GetWorkspaceByID(ctx, arg.WorkspaceID)`
	`307`	`+ w, err := q.db.GetWorkspaceByID(ctx, arg.WorkspaceID)`
	`308`	`+ if err != nil {`
	`309`	`+ return database.WorkspaceBuild{}, err`
`309`	`310`	`}`
`310`	`311`
`311`	`312`	`var action rbac.Action = rbac.ActionUpdate`
`312`	`313`	`if arg.Transition == database.WorkspaceTransitionDelete {`
`313`	`314`	`action = rbac.ActionDelete`
`314`	`315`	`}`
`315`		`- return queryWithRelated(q.log, q.auth, action, fetch, q.db.InsertWorkspaceBuild)(ctx, arg)`
	`316`	`+`
	`317`	`+ if err = q.authorizeContext(ctx, action, w); err != nil {`
	`318`	`+ return database.WorkspaceBuild{}, err`
	`319`	`+ }`
	`320`	`+`
	`321`	`+ return q.db.InsertWorkspaceBuild(ctx, arg)`
`316`	`322`	`}`
`317`	`323`
`318`	`324`	`func (q *AuthzQuerier) InsertWorkspaceBuildParameters(ctx context.Context, arg database.InsertWorkspaceBuildParametersParams) error {`