Skip to content

feat: add a paginated organization members endpoint #16835

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 19 commits into from
Mar 10, 2025
Merged

feat: add a paginated organization members endpoint #16835

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
cea4d3c
feat: add paginated members route
brettkolodny Mar 6, 2025
e97c9db
feat: add request and response types
brettkolodny Mar 6, 2025
34003dc
feat: create new sql query and generate code
brettkolodny Mar 6, 2025
9edb088
fix: add dbauthz tests
brettkolodny Mar 6, 2025
ef40967
feat: implement endpoint
brettkolodny Mar 6, 2025
6aaddaf
fix: correct endpoint documentation
brettkolodny Mar 6, 2025
a724f48
fix: lint errors
brettkolodny Mar 6, 2025
4925592
fix: generated docs from new endpoint
brettkolodny Mar 6, 2025
902538c
fix: remove unneeded comments
brettkolodny Mar 6, 2025
06ff95c
wip
brettkolodny Mar 7, 2025
560305d
Merge branch 'main' into brett/org-members-pagination-backend
brettkolodny Mar 7, 2025
76a4cbf
fix: incorrectly showing type in panic
brettkolodny Mar 7, 2025
737ac9f
fix: update docs
brettkolodny Mar 7, 2025
8910df3
fix: change dbauthz test back to proper one
brettkolodny Mar 7, 2025
0e579a2
fix: un-nest route
brettkolodny Mar 7, 2025
73e356c
fix: add comment
brettkolodny Mar 10, 2025
24332f4
fix: update test to account for dbmem and check for returned member
brettkolodny Mar 10, 2025
7af0b60
fix: update test to check for accurate count
brettkolodny Mar 10, 2025
cdc0322
fix: make dbmem implementation match expected behaior around 0 limit
brettkolodny Mar 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix: add dbauthz tests
  • Loading branch information
@brettkolodny
brettkolodny committed Mar 6, 2025
commit 9edb0887fa73b92920a53490bf398bd02cd95bda
2 changes: 1 addition & 1 deletion coderd/database/dbauthz/dbauthz.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3582,7 +3582,7 @@ func (q *querier) OrganizationMembers(ctx context.Context, arg database.Organiza
}

func (q *querier) PaginatedOrganizationMembers(ctx context.Context, arg database.PaginatedOrganizationMembersParams) ([]database.PaginatedOrganizationMembersRow, error) {
panic("not implemented")
return fetchWithPostFilter(q.auth, policy.ActionRead, q.db.PaginatedOrganizationMembers)(ctx, arg)
Copy link
Member

@Emyrk Emyrk Mar 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately this does not work.

By default, a member can only read themselves, not other org members. So if you were paginating 10 users at a time, and the user was the 12th. Your query would return 10 rows, all would fail the authz check, and you would get an empty set as your return.

You would need to offset = 2 to find yourself, but that is not intuitive.

Pagination is a general problem for authorization engines. The user is requesting "The next 10 elements I can access". If you cannot join the authz data into the query itself then:

  • Query 10 items, if some are blocked by the authz, fetch some more. Repeat until you get 10 or exhaust the table.
  • Fetch all elements, then filter (large table this is not doable)
  • Overfetch by some, say 50 elements. Keep filtering and re-fetching until you get 10.

These solutions kinda suck. So we have 2 methods in our codebase to solve this.

Quick and dirty

The first is the quick solution. We just restrict access to this endpoint to users who can read the entire table (with organization_id = @org_id). This functionally changes the query to only usable by a certain class of users. Regular members now get a Forbidden instead of a list of ["me"]. If we go this route, we just need to fix the page that currently displays just yourself in these cases.

func (q *querier) PaginatedOrganizationMembers(ctx context.Context, arg database.PaginatedOrganizationMembersParams) ([]database.PaginatedOrganizationMembersRow, error) {
	if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceOrganizationMember.InOrg(arg.OrganizationID)); err != nil {
		return nil, err
	}
	return q.db.PaginatedOrganizationMembers(ctx, arg)
}

Screenshot From 2025-03-06 17-38-01

The correct solution

The more correct solution is to properly filter the list, so if there exists a user who can read a subset of members, this query still works.

A good example is workspaces

coder/coderd/database/dbauthz/dbauthz.go

Lines 3018 to 3024 in 902538c

func (q *querier) GetWorkspaces(ctx context.Context, arg database.GetWorkspacesParams) ([]database.GetWorkspacesRow, error) {
prep, err := prepareSQLFilter(ctx, q.auth, policy.ActionRead, rbac.ResourceWorkspace.Type)
if err != nil {
return nil, xerrors.Errorf("(dev error) prepare sql filter: %w", err)
}
return q.db.GetAuthorizedWorkspaces(ctx, arg, prep)
}

The function prepareSQLFilter actually creates WHERE clause expressions that return the truthy value of an authorize() call for the given user. So we apply the filter in SQL, and you can paginate through the rows you can access.

There is some extra code required, but we have precedent to copy from if we go this route.

I think we should just go the quick and dirty route in this case. We don't have any roles that grant subset access to members. It is also strange to request organization members, and only return a subset.

For workspaces/templates this makes sense, as the resources have access control. However in this case, I think it makes more sense to return all or nothing. And we can update the UI to be in line with this decision.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the feedback/explanation! I agree that from a product perspective the quick and dirty route makes the most sense

}

func (q *querier) ReduceWorkspaceAgentShareLevelToAuthenticatedByTemplate(ctx context.Context, templateID uuid.UUID) error {
Expand Down
16 changes: 16 additions & 0 deletions coderd/database/dbauthz/dbauthz_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -985,6 +985,22 @@ func (s *MethodTestSuite) TestOrganization() {
mem, policy.ActionRead,
)
}))
s.Run("PaginatedOrganizationMembers", s.Subtest(func(db database.Store, check *expects) {
o := dbgen.Organization(s.T(), db, database.Organization{})
u := dbgen.User(s.T(), db, database.User{})
mem := dbgen.OrganizationMember(s.T(), db, database.OrganizationMember{
OrganizationID: o.ID,
UserID: u.ID,
Roles: []string{rbac.RoleOrgAdmin()},
})

check.Args(database.PaginatedOrganizationMembersParams{
OrganizationID: uuid.UUID{},
LimitOpt: 1,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this different check means we also don't need this field any more

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Accidentally pushed some test code in the test so not sure which one you were looking at but that's needed.

}).Asserts(
mem, policy.ActionRead,
)
}))
s.Run("UpdateMemberRoles", s.Subtest(func(db database.Store, check *expects) {
o := dbgen.Organization(s.T(), db, database.Organization{})
u := dbgen.User(s.T(), db, database.User{})
Expand Down
32 changes: 31 additions & 1 deletion coderd/database/dbmem/dbmem.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9590,7 +9590,37 @@ func (q *FakeQuerier) PaginatedOrganizationMembers(ctx context.Context, arg data
return nil, err
}

panic("not implemented")
q.mutex.RLock()
defer q.mutex.RUnlock()

tmp := make([]database.PaginatedOrganizationMembersRow, 0)

skippedMembers := 0
for _, organizationMember := range q.organizationMembers {
if arg.OrganizationID != uuid.Nil && organizationMember.OrganizationID != arg.OrganizationID {
continue
}

if skippedMembers < int(arg.OffsetOpt) {
skippedMembers += 1
continue
}

if len(tmp) >= int(arg.LimitOpt) {
break
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this needs to check if the limitOpt is not 0. If it is zero, skip this check. To match the SQL


user, _ := q.getUserByIDNoLock(organizationMember.UserID)
tmp = append(tmp, database.PaginatedOrganizationMembersRow{
OrganizationMember: organizationMember,
Username: user.Username,
AvatarURL: user.AvatarURL,
Name: user.Name,
Email: user.Email,
GlobalRoles: user.RBACRoles,
})
}
return tmp, nil
}

func (q *FakeQuerier) ReduceWorkspaceAgentShareLevelToAuthenticatedByTemplate(_ context.Context, templateID uuid.UUID) error {
Expand Down
4 changes: 4 additions & 0 deletions coderd/database/modelmethods.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -256,6 +256,10 @@ func (m OrganizationMembersRow) RBACObject() rbac.Object {
return m.OrganizationMember.RBACObject()
}

func (m PaginatedOrganizationMembersRow) RBACObject() rbac.Object {
return m.OrganizationMember.RBACObject()
}

func (m GetOrganizationIDsByMemberIDsRow) RBACObject() rbac.Object {
// TODO: This feels incorrect as we are really returning a list of orgmembers.
// This return type should be refactored to return a list of orgmembers, not this
Expand Down