minor dbauthz changes

Emyrk · code-asher · commit 5916f55cd300 · 2024-02-20T14:09:16.000-09:00
diff --git a/coderd/database/dbauthz/dbauthz.go b/coderd/database/dbauthz/dbauthz.go
@@ -806,7 +806,7 @@ func (q *querier) DeleteOAuth2ProviderAppCodeByID(ctx context.Context, id uuid.U
 	if err != nil {
 		return err
 	}
-	if err := q.authorizeContext(ctx, rbac.ActionDelete, rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(code.UserID.String())); err != nil {
+	if err := q.authorizeContext(ctx, rbac.ActionDelete, code); err != nil {
 		return err
 	}
 	return q.db.DeleteOAuth2ProviderAppCodeByID(ctx, id)
@@ -1236,7 +1236,7 @@ func (q *querier) GetOAuth2ProviderApps(ctx context.Context) ([]database.OAuth2P
 }
 
 func (q *querier) GetOAuth2ProviderAppsByUserID(ctx context.Context, userID uuid.UUID) ([]database.GetOAuth2ProviderAppsByUserIDRow, error) {
-	// These two authz checks make sure the caller can read all their own tokens.
+	// This authz check is to make sure the caller can read all their own tokens.
 	if err := q.authorizeContext(ctx, rbac.ActionRead,
 		rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(userID.String())); err != nil {
 		return []database.GetOAuth2ProviderAppsByUserIDRow{}, err

Original file line number	Diff line number	Diff line change
`@@ -806,7 +806,7 @@ func (q *querier) DeleteOAuth2ProviderAppCodeByID(ctx context.Context, id uuid.U`
`806`	`806`	`if err != nil {`
`807`	`807`	`return err`
`808`	`808`	`}`
`809`		`- if err := q.authorizeContext(ctx, rbac.ActionDelete, rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(code.UserID.String())); err != nil {`
	`809`	`+ if err := q.authorizeContext(ctx, rbac.ActionDelete, code); err != nil {`
`810`	`810`	`return err`
`811`	`811`	`}`
`812`	`812`	`return q.db.DeleteOAuth2ProviderAppCodeByID(ctx, id)`
`@@ -1236,7 +1236,7 @@ func (q *querier) GetOAuth2ProviderApps(ctx context.Context) ([]database.OAuth2P`
`1236`	`1236`	`}`
`1237`	`1237`
`1238`	`1238`	`func (q *querier) GetOAuth2ProviderAppsByUserID(ctx context.Context, userID uuid.UUID) ([]database.GetOAuth2ProviderAppsByUserIDRow, error) {`
`1239`		`- // These two authz checks make sure the caller can read all their own tokens.`
	`1239`	`+ // This authz check is to make sure the caller can read all their own tokens.`
`1240`	`1240`	`if err := q.authorizeContext(ctx, rbac.ActionRead,`
`1241`	`1241`	`rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(userID.String())); err != nil {`
`1242`	`1242`	`return []database.GetOAuth2ProviderAppsByUserIDRow{}, err`