Enable RBAC

mtojek · mtojek · commit a9a05d45e792 · 2023-03-28T14:52:39.000+02:00
diff --git a/coderd/workspacebuilds.go b/coderd/workspacebuilds.go
@@ -545,6 +545,13 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	if createBuild.LogLevel != "" && !api.Authorize(r, rbac.ActionUpdate, template) {
+		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			Message: "Workspace builds with a custom log level are restricted to template authors only.",
+		})
+		return
+	}
+
 	var workspaceBuild database.WorkspaceBuild
 	var provisionerJob database.ProvisionerJob
 	// This must happen in a transaction to ensure history can be inserted, and

Original file line number	Diff line number	Diff line change
`@@ -545,6 +545,13 @@ func (api API) postWorkspaceBuilds(rw http.ResponseWriter, r http.Request) {`
`545`	`545`	`}`
`546`	`546`	`}`
`547`	`547`
	`548`	`+ if createBuild.LogLevel != "" && !api.Authorize(r, rbac.ActionUpdate, template) {`
	`549`	`+ httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{`
	`550`	`+ Message: "Workspace builds with a custom log level are restricted to template authors only.",`
	`551`	`+ })`
	`552`	`+ return`
	`553`	`+ }`
	`554`	`+`
`548`	`555`	`var workspaceBuild database.WorkspaceBuild`
`549`	`556`	`var provisionerJob database.ProvisionerJob`
`550`	`557`	`// This must happen in a transaction to ensure history can be inserted, and`