@@ -20,6 +20,7 @@ import (
2020
2121 "github.com/coder/coder/coderd/audit"
2222 "github.com/coder/coder/coderd/database"
23+ "github.com/coder/coder/coderd/database/dbauthz"
2324 "github.com/coder/coder/coderd/gitauth"
2425 "github.com/coder/coder/coderd/httpapi"
2526 "github.com/coder/coder/coderd/httpmw"
@@ -53,8 +54,9 @@ func (api *API) templateVersion(rw http.ResponseWriter, r *http.Request) {
5354 return
5455 }
5556
57+ // User can be the empty user if the caller does not have permission.
5658 user , err := api .Database .GetUserByID (ctx , templateVersion .CreatedBy )
57- if err != nil {
59+ if err != nil && ! dbauthz . IsNotAuthorizedError ( err ) {
5860 httpapi .Write (ctx , rw , http .StatusInternalServerError , codersdk.Response {
5961 Message : "Internal error on fetching user." ,
6062 Detail : err .Error (),
@@ -165,7 +167,7 @@ func (api *API) patchTemplateVersion(rw http.ResponseWriter, r *http.Request) {
165167 }
166168
167169 user , err := api .Database .GetUserByID (ctx , templateVersion .CreatedBy )
168- if err != nil {
170+ if err != nil && ! dbauthz . IsNotAuthorizedError ( err ) {
169171 httpapi .Write (ctx , rw , http .StatusInternalServerError , codersdk.Response {
170172 Message : "Internal error on fetching user." ,
171173 Detail : err .Error (),
@@ -843,7 +845,7 @@ func (api *API) templateVersionByName(rw http.ResponseWriter, r *http.Request) {
843845 }
844846
845847 user , err := api .Database .GetUserByID (ctx , templateVersion .CreatedBy )
846- if err != nil {
848+ if err != nil && ! dbauthz . IsNotAuthorizedError ( err ) {
847849 httpapi .Write (ctx , rw , http .StatusInternalServerError , codersdk.Response {
848850 Message : "Internal error on fetching user." ,
849851 Detail : err .Error (),
@@ -1012,7 +1014,7 @@ func (api *API) previousTemplateVersionByOrganizationTemplateAndName(rw http.Res
10121014 }
10131015
10141016 user , err := api .Database .GetUserByID (ctx , templateVersion .CreatedBy )
1015- if err != nil {
1017+ if err != nil && ! dbauthz . IsNotAuthorizedError ( err ) {
10161018 httpapi .Write (ctx , rw , http .StatusInternalServerError , codersdk.Response {
10171019 Message : "Internal error on fetching user." ,
10181020 Detail : err .Error (),
@@ -1325,7 +1327,7 @@ func (api *API) postTemplateVersionsByOrganization(rw http.ResponseWriter, r *ht
13251327 aReq .New = templateVersion
13261328
13271329 user , err := api .Database .GetUserByID (ctx , templateVersion .CreatedBy )
1328- if err != nil {
1330+ if err != nil && ! dbauthz . IsNotAuthorizedError ( err ) {
13291331 httpapi .Write (ctx , rw , http .StatusInternalServerError , codersdk.Response {
13301332 Message : "Internal error on fetching user." ,
13311333 Detail : err .Error (),
@@ -1404,14 +1406,20 @@ func (api *API) templateVersionLogs(rw http.ResponseWriter, r *http.Request) {
14041406}
14051407
14061408func convertTemplateVersion (version database.TemplateVersion , job codersdk.ProvisionerJob , user database.User , warnings []codersdk.TemplateVersionWarning ) codersdk.TemplateVersion {
1407- createdBy := codersdk.User {
1408- ID : user .ID ,
1409- Username : user .Username ,
1410- Email : user .Email ,
1411- CreatedAt : user .CreatedAt ,
1412- Status : codersdk .UserStatus (user .Status ),
1413- Roles : []codersdk.Role {},
1414- AvatarURL : user .AvatarURL .String ,
1409+ // Only populate these fields if the user is not nil.
1410+ // It is usually nil because the caller cannot access the user
1411+ // resource in question.
1412+ var createdBy codersdk.User
1413+ if user .ID != uuid .Nil {
1414+ createdBy = codersdk.User {
1415+ ID : user .ID ,
1416+ Username : user .Username ,
1417+ Email : user .Email ,
1418+ CreatedAt : user .CreatedAt ,
1419+ Status : codersdk .UserStatus (user .Status ),
1420+ Roles : []codersdk.Role {},
1421+ AvatarURL : user .AvatarURL .String ,
1422+ }
14151423 }
14161424
14171425 return codersdk.TemplateVersion {
0 commit comments