Skip to content

Commit fdd3ad3

Browse files
spikecurtisspikecurtis
committed
chore: move AsSystemRestricted to caller
1 parent ee9170e commit fdd3ad3

File tree

1 file changed

+9
-7
lines changed

1 file changed

+9
-7
lines changed

coderd/httpmw/userparam.go

+9-7
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,11 @@ func ExtractUserParam(db database.Store, redirectToLoginOnMe bool) func(http.Han
4040
return func(next http.Handler) http.Handler {
4141
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
4242
ctx := r.Context()
43-
user, ok := extractUserContext(ctx, db, rw, r, redirectToLoginOnMe)
43+
// We need to call as SystemRestricted because this middleware is called from
44+
// organizations/{organization}/members/{user}/ paths, and we need to allow
45+
// org-admins to call these paths --- they might not have sitewide read permissions on users.
46+
// nolint:gocritic
47+
user, ok := extractUserContext(dbauthz.AsSystemRestricted(ctx), db, rw, r, redirectToLoginOnMe)
4448
if !ok {
4549
// response already handled
4650
return
@@ -75,8 +79,7 @@ func extractUserContext(ctx context.Context, db database.Store, rw http.Response
7579
})
7680
return database.User{}, false
7781
}
78-
//nolint:gocritic // System needs to be able to get user from param.
79-
user, err := db.GetUserByID(dbauthz.AsSystemRestricted(ctx), apiKey.UserID)
82+
user, err := db.GetUserByID(ctx, apiKey.UserID)
8083
if httpapi.Is404Error(err) {
8184
httpapi.ResourceNotFound(rw)
8285
return database.User{}, false
@@ -92,8 +95,7 @@ func extractUserContext(ctx context.Context, db database.Store, rw http.Response
9295
}
9396

9497
if userID, err := uuid.Parse(userQuery); err == nil {
95-
//nolint:gocritic // If the userQuery is a valid uuid
96-
user, err = db.GetUserByID(dbauthz.AsSystemRestricted(ctx), userID)
98+
user, err = db.GetUserByID(ctx, userID)
9799
if err != nil {
98100
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
99101
Message: userErrorMessage,
@@ -104,8 +106,8 @@ func extractUserContext(ctx context.Context, db database.Store, rw http.Response
104106
return user, true
105107
}
106108

107-
// nolint:gocritic // Try as a username last
108-
user, err := db.GetUserByEmailOrUsername(dbauthz.AsSystemRestricted(ctx), database.GetUserByEmailOrUsernameParams{
109+
// Try as a username last
110+
user, err := db.GetUserByEmailOrUsername(ctx, database.GetUserByEmailOrUsernameParams{
109111
Username: userQuery,
110112
})
111113
if err != nil {

0 commit comments

Comments
 (0)