minor dbauthz changes

Emyrk · Emyrk · commit b0df9650f836 · 2024-01-24T09:41:15.000-06:00
diff --git a/coderd/database/dbauthz/dbauthz.go b/coderd/database/dbauthz/dbauthz.go
@@ -826,7 +826,7 @@ func (q *querier) DeleteOAuth2ProviderAppCodeByID(ctx context.Context, id uuid.U
 	if err != nil {
 		return err
 	}
-	if err := q.authorizeContext(ctx, rbac.ActionDelete, rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(code.UserID.String())); err != nil {
+	if err := q.authorizeContext(ctx, rbac.ActionDelete, code); err != nil {
 		return err
 	}
 	return q.db.DeleteOAuth2ProviderAppCodeByID(ctx, id)
@@ -1222,7 +1222,7 @@ func (q *querier) GetOAuth2ProviderApps(ctx context.Context) ([]database.OAuth2P
 }
 
 func (q *querier) GetOAuth2ProviderAppsByUserID(ctx context.Context, userID uuid.UUID) ([]database.GetOAuth2ProviderAppsByUserIDRow, error) {
-	// These two authz checks make sure the caller can read all their own tokens.
+	// This authz check is to make sure the caller can read all their own tokens.
 	if err := q.authorizeContext(ctx, rbac.ActionRead,
 		rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(userID.String())); err != nil {
 		return []database.GetOAuth2ProviderAppsByUserIDRow{}, err

Original file line number	Diff line number	Diff line change
`@@ -826,7 +826,7 @@ func (q *querier) DeleteOAuth2ProviderAppCodeByID(ctx context.Context, id uuid.U`
`826`	`826`	`if err != nil {`
`827`	`827`	`return err`
`828`	`828`	`}`
`829`		`- if err := q.authorizeContext(ctx, rbac.ActionDelete, rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(code.UserID.String())); err != nil {`
	`829`	`+ if err := q.authorizeContext(ctx, rbac.ActionDelete, code); err != nil {`
`830`	`830`	`return err`
`831`	`831`	`}`
`832`	`832`	`return q.db.DeleteOAuth2ProviderAppCodeByID(ctx, id)`
`@@ -1222,7 +1222,7 @@ func (q *querier) GetOAuth2ProviderApps(ctx context.Context) ([]database.OAuth2P`
`1222`	`1222`	`}`
`1223`	`1223`
`1224`	`1224`	`func (q *querier) GetOAuth2ProviderAppsByUserID(ctx context.Context, userID uuid.UUID) ([]database.GetOAuth2ProviderAppsByUserIDRow, error) {`
`1225`		`- // These two authz checks make sure the caller can read all their own tokens.`
	`1225`	`+ // This authz check is to make sure the caller can read all their own tokens.`
`1226`	`1226`	`if err := q.authorizeContext(ctx, rbac.ActionRead,`
`1227`	`1227`	`rbac.ResourceOAuth2ProviderAppCodeToken.WithOwner(userID.String())); err != nil {`
`1228`	`1228`	`return []database.GetOAuth2ProviderAppsByUserIDRow{}, err`