coder
diff --git a/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 16 additions & 2 deletions b/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 16 additions & 2 deletions
diff --git a/‎coderd/database/dbmem/dbmem.go
Lines changed: 4 additions & 12 deletions b/‎coderd/database/dbmem/dbmem.go
Lines changed: 4 additions & 12 deletions
diff --git a/‎coderd/database/dbmetrics/dbmetrics.go
Lines changed: 1 addition & 1 deletion b/‎coderd/database/dbmetrics/dbmetrics.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/database/dbmock/dbmock.go
Lines changed: 2 additions & 2 deletions b/‎coderd/database/dbmock/dbmock.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎coderd/database/modelmethods.go
Lines changed: 6 additions & 1 deletion b/‎coderd/database/modelmethods.go
Lines changed: 6 additions & 1 deletion
diff --git a/‎coderd/database/querier.go
Lines changed: 1 addition & 1 deletion b/‎coderd/database/querier.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/database/queries.sql.go
Lines changed: 6 additions & 21 deletions b/‎coderd/database/queries.sql.go
Lines changed: 6 additions & 21 deletions
diff --git a/‎coderd/database/queries/groupmembers.sql
Lines changed: 1 addition & 10 deletions b/‎coderd/database/queries/groupmembers.sql
Lines changed: 1 addition & 10 deletions
diff --git a/‎enterprise/coderd/groups.go
Lines changed: 3 additions & 3 deletions b/‎enterprise/coderd/groups.go
Lines changed: 3 additions & 3 deletions
diff --git a/‎enterprise/coderd/templates.go
Lines changed: 2 additions & 2 deletions b/‎enterprise/coderd/templates.go
Lines changed: 2 additions & 2 deletions
@@ -1400,8 +1400,22 @@ func (q *querier) GetGroupMembersByGroupID(ctx context.Context, id uuid.UUID) ([
 	return fetchWithPostFilter(q.auth, policy.ActionRead, q.db.GetGroupMembersByGroupID)(ctx, id)
 }
 
-func (q *querier) GetGroupMembersCountByGroupID(ctx context.Context, groupID uuid.UUID) (database.GetGroupMembersCountByGroupIDRow, error) {
-	return fetch(q.log, q.auth, q.db.GetGroupMembersCountByGroupID)(ctx, groupID)
+func (q *querier) GetGroupMembersCountByGroupID(ctx context.Context, groupID uuid.UUID) (int64, error) {
+	group, err := q.GetGroupByID(ctx, groupID)
+	if err != nil {
+		return 0, err
+	}
+	memberCount, err := q.db.GetGroupMembersCountByGroupID(ctx, groupID)
+	if err != nil {
+		return 0, err
+	}
+	if err := q.authorizeContext(ctx, policy.ActionRead, database.GroupMembersCountRBACHelper{
+		GroupID:        groupID,
+		OrganizationID: group.OrganizationID,
+	}); err != nil {
+		return 0, err
+	}
+	return memberCount, nil
 }
 
 func (q *querier) GetGroups(ctx context.Context) ([]database.Group, error) {
 
@@ -2536,20 +2536,12 @@ func (q *FakeQuerier) GetGroupMembersByGroupID(_ context.Context, id uuid.UUID)
 	return members, nil
 }
 
-func (q *FakeQuerier) GetGroupMembersCountByGroupID(ctx context.Context, groupID uuid.UUID) (database.GetGroupMembersCountByGroupIDRow, error) {
-	members, err := q.GetGroupMembersByGroupID(ctx, groupID)
+func (q *FakeQuerier) GetGroupMembersCountByGroupID(ctx context.Context, groupID uuid.UUID) (int64, error) {
+	users, err := q.GetGroupMembersByGroupID(ctx, groupID)
 	if err != nil {
-		return database.GetGroupMembersCountByGroupIDRow{}, err
-	}
-	group, err := q.GetGroupByID(ctx, groupID)
-	if err != nil {
-		return database.GetGroupMembersCountByGroupIDRow{}, err
+		return 0, err
 	}
-	return database.GetGroupMembersCountByGroupIDRow{
-		OrganizationID: group.OrganizationID,
-		GroupID:        groupID,
-		MemberCount:    int64(len(members)),
-	}, nil
+	return int64(len(users)), nil
 }
 
 func (q *FakeQuerier) GetGroups(_ context.Context) ([]database.Group, error) {
 
@@ -191,7 +191,12 @@ func (gm GroupMember) RBACObject() rbac.Object {
 	return rbac.ResourceGroupMember.WithID(gm.UserID).InOrg(gm.OrganizationID).WithOwner(gm.UserID.String())
 }
 
-func (r GetGroupMembersCountByGroupIDRow) RBACObject() rbac.Object {
+type GroupMembersCountRBACHelper struct {
+	GroupID        uuid.UUID
+	OrganizationID uuid.UUID
+}
+
+func (r GroupMembersCountRBACHelper) RBACObject() rbac.Object {
 	return groupRBACObject(r.GroupID, r.OrganizationID)
 }
 
 
@@ -8,16 +8,7 @@ SELECT * FROM group_members_expanded WHERE group_id = @group_id;
 -- Returns the total count of members in a group. Shows the total
 -- count even if the caller does not have read access to ResourceGroupMember.
 -- They only need ResourceGroup read access.
-SELECT 
-    gme.organization_id,
-    gme.group_id,
-    COUNT(*) as member_count
-FROM 
-    group_members_expanded gme
-WHERE 
-    gme.group_id = @group_id
-GROUP BY 
-    gme.organization_id, gme.group_id;
+SELECT COUNT(*) FROM group_members_expanded WHERE group_id = @group_id;
 
 -- InsertUserGroupsByName adds a user to all provided groups, if they exist.
 -- name: InsertUserGroupsByName :exec
 
@@ -291,7 +291,7 @@ func (api *API) patchGroup(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	httpapi.Write(ctx, rw, http.StatusOK, db2sdk.Group(group, patchedMembers, int(memberCount.MemberCount)))
+	httpapi.Write(ctx, rw, http.StatusOK, db2sdk.Group(group, patchedMembers, int(memberCount)))
 }
 
 // @Summary Delete group by name
@@ -382,7 +382,7 @@ func (api *API) group(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	httpapi.Write(ctx, rw, http.StatusOK, db2sdk.Group(group, users, int(memberCount.MemberCount)))
+	httpapi.Write(ctx, rw, http.StatusOK, db2sdk.Group(group, users, int(memberCount)))
 }
 
 // @Summary Get groups by organization
@@ -432,7 +432,7 @@ func (api *API) groups(rw http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		resp = append(resp, db2sdk.Group(group, members, int(memberCount.MemberCount)))
+		resp = append(resp, db2sdk.Group(group, members, int(memberCount)))
 	}
 
 	httpapi.Write(ctx, rw, http.StatusOK, resp)
 
@@ -70,7 +70,7 @@ func (api *API) templateAvailablePermissions(rw http.ResponseWriter, r *http.Req
 			return
 		}
 
-		sdkGroups = append(sdkGroups, db2sdk.Group(group, members, int(memberCount.MemberCount)))
+		sdkGroups = append(sdkGroups, db2sdk.Group(group, members, int(memberCount)))
 	}
 
 	httpapi.Write(ctx, rw, http.StatusOK, codersdk.ACLAvailable{
@@ -145,7 +145,7 @@ func (api *API) templateACL(rw http.ResponseWriter, r *http.Request) {
 			return
 		}
 		groups = append(groups, codersdk.TemplateGroup{
-			Group: db2sdk.Group(group.Group, members, int(memberCount.MemberCount)),
+			Group: db2sdk.Group(group.Group, members, int(memberCount)),
 			Role:  convertToTemplateRole(group.Actions),
 		})
 	}
Original file line number	Diff line number	Diff line change
`@@ -191,7 +191,12 @@ func (gm GroupMember) RBACObject() rbac.Object {`
`191`	`191`	`return rbac.ResourceGroupMember.WithID(gm.UserID).InOrg(gm.OrganizationID).WithOwner(gm.UserID.String())`
`192`	`192`	`}`
`193`	`193`
`194`		`-func (r GetGroupMembersCountByGroupIDRow) RBACObject() rbac.Object {`
	`194`	`+type GroupMembersCountRBACHelper struct {`
	`195`	`+ GroupID uuid.UUID`
	`196`	`+ OrganizationID uuid.UUID`
	`197`	`+}`
	`198`	`+`
	`199`	`+func (r GroupMembersCountRBACHelper) RBACObject() rbac.Object {`
`195`	`200`	`return groupRBACObject(r.GroupID, r.OrganizationID)`
`196`	`201`	`}`
`197`	`202`
Original file line number	Diff line number	Diff line change
`@@ -291,7 +291,7 @@ func (api API) patchGroup(rw http.ResponseWriter, r http.Request) {`
`291`	`291`	`return`
`292`	`292`	`}`
`293`	`293`
`294`		`- httpapi.Write(ctx, rw, http.StatusOK, db2sdk.Group(group, patchedMembers, int(memberCount.MemberCount)))`
	`294`	`+ httpapi.Write(ctx, rw, http.StatusOK, db2sdk.Group(group, patchedMembers, int(memberCount)))`
`295`	`295`	`}`
`296`	`296`
`297`	`297`	`// @Summary Delete group by name`
`@@ -382,7 +382,7 @@ func (api API) group(rw http.ResponseWriter, r http.Request) {`
`382`	`382`	`return`
`383`	`383`	`}`
`384`	`384`
`385`		`- httpapi.Write(ctx, rw, http.StatusOK, db2sdk.Group(group, users, int(memberCount.MemberCount)))`
	`385`	`+ httpapi.Write(ctx, rw, http.StatusOK, db2sdk.Group(group, users, int(memberCount)))`
`386`	`386`	`}`
`387`	`387`
`388`	`388`	`// @Summary Get groups by organization`
`@@ -432,7 +432,7 @@ func (api API) groups(rw http.ResponseWriter, r http.Request) {`
`432`	`432`	`return`
`433`	`433`	`}`
`434`	`434`
`435`		`- resp = append(resp, db2sdk.Group(group, members, int(memberCount.MemberCount)))`
	`435`	`+ resp = append(resp, db2sdk.Group(group, members, int(memberCount)))`
`436`	`436`	`}`
`437`	`437`
`438`	`438`	`httpapi.Write(ctx, rw, http.StatusOK, resp)`
Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,7 @@ func (api API) templateAvailablePermissions(rw http.ResponseWriter, r http.Req`
`70`	`70`	`return`
`71`	`71`	`}`
`72`	`72`
`73`		`- sdkGroups = append(sdkGroups, db2sdk.Group(group, members, int(memberCount.MemberCount)))`
	`73`	`+ sdkGroups = append(sdkGroups, db2sdk.Group(group, members, int(memberCount)))`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	`httpapi.Write(ctx, rw, http.StatusOK, codersdk.ACLAvailable{`
`@@ -145,7 +145,7 @@ func (api API) templateACL(rw http.ResponseWriter, r http.Request) {`
`145`	`145`	`return`
`146`	`146`	`}`
`147`	`147`	`groups = append(groups, codersdk.TemplateGroup{`
`148`		`- Group: db2sdk.Group(group.Group, members, int(memberCount.MemberCount)),`
	`148`	`+ Group: db2sdk.Group(group.Group, members, int(memberCount)),`
`149`	`149`	`Role: convertToTemplateRole(group.Actions),`
`150`	`150`	`})`
`151`	`151`	`}`