coder
diff --git a/‎coderd/database/dbauthz/querier.go
Lines changed: 22 additions & 0 deletions b/‎coderd/database/dbauthz/querier.go
Lines changed: 22 additions & 0 deletions
diff --git a/‎coderd/database/dbauthz/querier_test.go
Lines changed: 12 additions & 0 deletions b/‎coderd/database/dbauthz/querier_test.go
Lines changed: 12 additions & 0 deletions
diff --git a/‎coderd/database/dbfake/databasefake.go
Lines changed: 20 additions & 0 deletions b/‎coderd/database/dbfake/databasefake.go
Lines changed: 20 additions & 0 deletions
diff --git a/‎coderd/database/dump.sql
Lines changed: 4 additions & 1 deletion b/‎coderd/database/dump.sql
Lines changed: 4 additions & 1 deletion
diff --git a/‎coderd/database/migrations/000100_template_version_gitauth.down.sql
Lines changed: 2 additions & 0 deletions b/‎coderd/database/migrations/000100_template_version_gitauth.down.sql
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/database/migrations/000100_template_version_gitauth.up.sql
Lines changed: 4 additions & 0 deletions b/‎coderd/database/migrations/000100_template_version_gitauth.up.sql
Lines changed: 4 additions & 0 deletions
diff --git a/‎coderd/database/models.go
Lines changed: 2 additions & 0 deletions b/‎coderd/database/models.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/database/querier.go
Lines changed: 1 addition & 0 deletions b/‎coderd/database/querier.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/database/queries.sql.go
Lines changed: 37 additions & 8 deletions b/‎coderd/database/queries.sql.go
Lines changed: 37 additions & 8 deletions
diff --git a/‎coderd/database/queries/templateversions.sql
Lines changed: 9 additions & 0 deletions b/‎coderd/database/queries/templateversions.sql
Lines changed: 9 additions & 0 deletions
@@ -885,6 +885,28 @@ func (q *querier) UpdateTemplateVersionDescriptionByJobID(ctx context.Context, a
 	return q.db.UpdateTemplateVersionDescriptionByJobID(ctx, arg)
 }
 
+func (q *querier) UpdateTemplateVersionGitAuthProvidersByJobID(ctx context.Context, arg database.UpdateTemplateVersionGitAuthProvidersByJobIDParams) error {
+	// An actor is allowed to update the template version git auth providers if they are authorized to update the template.
+	tv, err := q.db.GetTemplateVersionByJobID(ctx, arg.JobID)
+	if err != nil {
+		return err
+	}
+	var obj rbac.Objecter
+	if !tv.TemplateID.Valid {
+		obj = rbac.ResourceTemplate.InOrg(tv.OrganizationID)
+	} else {
+		tpl, err := q.db.GetTemplateByID(ctx, tv.TemplateID.UUID)
+		if err != nil {
+			return err
+		}
+		obj = tpl
+	}
+	if err := q.authorizeContext(ctx, rbac.ActionUpdate, obj); err != nil {
+		return err
+	}
+	return q.db.UpdateTemplateVersionGitAuthProvidersByJobID(ctx, arg)
+}
+
 func (q *querier) GetTemplateGroupRoles(ctx context.Context, id uuid.UUID) ([]database.TemplateGroup, error) {
 	// An actor is authorized to read template group roles if they are authorized to read the template.
 	template, err := q.db.GetTemplateByID(ctx, id)
 
@@ -724,6 +724,18 @@ func (s *MethodTestSuite) TestTemplate() {
 			Readme: "foo",
 		}).Asserts(t1, rbac.ActionUpdate).Returns()
 	}))
+	s.Run("UpdateTemplateVersionGitAuthProvidersByJobID", s.Subtest(func(db database.Store, check *expects) {
+		jobID := uuid.New()
+		t1 := dbgen.Template(s.T(), db, database.Template{})
+		_ = dbgen.TemplateVersion(s.T(), db, database.TemplateVersion{
+			TemplateID: uuid.NullUUID{UUID: t1.ID, Valid: true},
+			JobID:      jobID,
+		})
+		check.Args(database.UpdateTemplateVersionGitAuthProvidersByJobIDParams{
+			JobID:            jobID,
+			GitAuthProviders: []string{},
+		}).Asserts(t1, rbac.ActionUpdate).Returns()
+	}))
 }
 
 func (s *MethodTestSuite) TestUser() {
 
@@ -3260,6 +3260,26 @@ func (q *fakeQuerier) UpdateTemplateVersionDescriptionByJobID(_ context.Context,
 	return sql.ErrNoRows
 }
 
+func (q *fakeQuerier) UpdateTemplateVersionGitAuthProvidersByJobID(_ context.Context, arg database.UpdateTemplateVersionGitAuthProvidersByJobIDParams) error {
+	if err := validateDatabaseType(arg); err != nil {
+		return err
+	}
+
+	q.mutex.Lock()
+	defer q.mutex.Unlock()
+
+	for index, templateVersion := range q.templateVersions {
+		if templateVersion.JobID != arg.JobID {
+			continue
+		}
+		templateVersion.GitAuthProviders = arg.GitAuthProviders
+		templateVersion.UpdatedAt = arg.UpdatedAt
+		q.templateVersions[index] = templateVersion
+		return nil
+	}
+	return sql.ErrNoRows
+}
+
 func (q *fakeQuerier) UpdateWorkspaceAgentConnectionByID(_ context.Context, arg database.UpdateWorkspaceAgentConnectionByIDParams) error {
 	if err := validateDatabaseType(arg); err != nil {
 		return err
 
@@ -0,0 +1,2 @@
+ALTER TABLE template_versions
+	DROP COLUMN git_auth_providers;
@@ -0,0 +1,4 @@
+ALTER TABLE template_versions
+	ADD COLUMN git_auth_providers text[];
+
+COMMENT ON COLUMN template_versions.git_auth_providers IS 'IDs of Git auth providers for a specific template version';
@@ -102,6 +102,15 @@ SET
 WHERE
 	job_id = $1;
 
+-- name: UpdateTemplateVersionGitAuthProvidersByJobID :exec
+UPDATE
+	template_versions
+SET
+	git_auth_providers = $2,
+	updated_at = $3
+WHERE
+	job_id = $1;
+
 -- name: GetPreviousTemplateVersion :one
 SELECT
 	*
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+ALTER TABLE template_versions`
	`2`	`+ DROP COLUMN git_auth_providers;`