Skip to content

Commit e353c4d

Browse files
EmyrkEmyrk
committed
Fix template admin permissions
1 parent 10ac765 commit e353c4d

File tree

3 files changed

+8
-2
lines changed

3 files changed

+8
-2
lines changed

coderd/authzquery/template.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -215,9 +215,9 @@ func (q *AuthzQuerier) GetTemplateVersionsCreatedAfter(ctx context.Context, crea
215215
)(ctx, createdAt)
216216
}
217217

218-
func (q *AuthzQuerier) GetAuthorizedTemplates(ctx context.Context, _ database.GetTemplatesWithFilterParams, _ rbac.PreparedAuthorized) ([]database.Template, error) {
218+
func (q *AuthzQuerier) GetAuthorizedTemplates(ctx context.Context, arg database.GetTemplatesWithFilterParams, _ rbac.PreparedAuthorized) ([]database.Template, error) {
219219
// TODO Delete this function, all GetTemplates should be authorized. For now just call getTemplates on the authz querier.
220-
return q.GetTemplatesWithFilter(ctx, database.GetTemplatesWithFilterParams{})
220+
return q.GetTemplatesWithFilter(ctx, arg)
221221
}
222222

223223
func (q *AuthzQuerier) GetTemplatesWithFilter(ctx context.Context, arg database.GetTemplatesWithFilterParams) ([]database.Template, error) {

coderd/rbac/builtin.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -161,6 +161,8 @@ var (
161161
ResourceWorkspace.Type: {ActionRead},
162162
// CRUD to provisioner daemons for now.
163163
ResourceProvisionerDaemon.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
164+
// Needs to read all organizations since
165+
ResourceOrganization.Type: {ActionRead},
164166
}),
165167
}
166168
},

enterprise/coderd/templates_test.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -920,6 +920,10 @@ func TestTemplateAccess(t *testing.T) {
920920

921921
testTemplateRead := func(t *testing.T, org orgSetup, usr *codersdk.Client, read []codersdk.Template) {
922922
found, err := usr.TemplatesByOrganization(ctx, org.Org.ID)
923+
if len(read) == 0 && err != nil {
924+
require.ErrorContains(t, err, "Resource not found")
925+
return
926+
}
923927
require.NoError(t, err, "failed to get templates")
924928

925929
exp := make(map[uuid.UUID]codersdk.Template)

0 commit comments

Comments
 (0)