fix permissions

Emyrk · Emyrk · commit 6b645d6ecd44 · 2025-06-06T09:19:23.000-05:00
diff --git a/coderd/database/dbauthz/dbauthz.go b/coderd/database/dbauthz/dbauthz.go
@@ -171,7 +171,7 @@ var (
 				DisplayName: "Provisioner Daemon",
 				Site: rbac.Permissions(map[string][]policy.Action{
 					rbac.ResourceProvisionerJobs.Type: {policy.ActionRead, policy.ActionUpdate, policy.ActionCreate},
-					rbac.ResourceFile.Type:            {policy.ActionRead},
+					rbac.ResourceFile.Type:            {policy.ActionCreate, policy.ActionRead},
 					rbac.ResourceSystem.Type:          {policy.WildcardSymbol},
 					rbac.ResourceTemplate.Type:        {policy.ActionRead, policy.ActionUpdate},
 					// Unsure why provisionerd needs update and read personal
diff --git a/coderd/provisionerdserver/provisionerdserver.go b/coderd/provisionerdserver/provisionerdserver.go
@@ -1392,7 +1392,8 @@ UploadFileStream:
 		return xerrors.Errorf("unsupported file upload type: %s", file.Type)
 	}
 
-	_, err = s.Database.InsertFile(s.lifecycleCtx, insert)
+	//nolint:gocritic // Provisionerd actor
+	_, err = s.Database.InsertFile(dbauthz.AsProvisionerd(s.lifecycleCtx), insert)
 	if err != nil {
 		// Duplicated files already exist in the database, so we can ignore this error.
 		if !database.IsUniqueViolation(err, database.UniqueFilesHashCreatedByKey) {

Original file line number	Diff line number	Diff line change
`@@ -1392,7 +1392,8 @@ UploadFileStream:`
`1392`	`1392`	`return xerrors.Errorf("unsupported file upload type: %s", file.Type)`
`1393`	`1393`	`}`
`1394`	`1394`
`1395`		`- _, err = s.Database.InsertFile(s.lifecycleCtx, insert)`
	`1395`	`+ //nolint:gocritic // Provisionerd actor`
	`1396`	`+ _, err = s.Database.InsertFile(dbauthz.AsProvisionerd(s.lifecycleCtx), insert)`
`1396`	`1397`	`if err != nil {`
`1397`	`1398`	`// Duplicated files already exist in the database, so we can ignore this error.`
`1398`	`1399`	`if !database.IsUniqueViolation(err, database.UniqueFilesHashCreatedByKey) {`