MCPcopy Index your code
hub / github.com/coder/coder / WorkspaceOwner

Function WorkspaceOwner

coderd/dynamicparameters/render.go:288–376  ·  view source on GitHub ↗
(ctx context.Context, db database.Store, org uuid.UUID, ownerID uuid.UUID)

Source from the content-addressed store, hash-verified

286}
287
288func WorkspaceOwner(ctx context.Context, db database.Store, org uuid.UUID, ownerID uuid.UUID) (*previewtypes.WorkspaceOwner, error) {
289 user, err := db.GetUserByID(ctx, ownerID)
290 if err != nil {
291 // If the user failed to read, we also try to read the user from their
292 // organization member. You only need to be able to read the organization member
293 // to get the owner data.
294 //
295 // Only the terraform files can therefore leak more information than the
296 // caller should have access to. All this info should be public assuming you can
297 // read the user though.
298 mem, err := database.ExpectOne(db.OrganizationMembers(ctx, database.OrganizationMembersParams{
299 OrganizationID: org,
300 UserID: ownerID,
301 IncludeSystem: true,
302 GithubUserID: 0,
303 }))
304 if err != nil {
305 return nil, xerrors.Errorf("fetch user: %w", err)
306 }
307
308 // Org member fetched, so use the provisioner context to fetch the user.
309 //nolint:gocritic // Has the correct permissions, and matches the provisioning flow.
310 user, err = db.GetUserByID(dbauthz.AsProvisionerd(ctx), mem.OrganizationMember.UserID)
311 if err != nil {
312 return nil, xerrors.Errorf("fetch user: %w", err)
313 }
314 }
315
316 // nolint:gocritic // This is kind of the wrong query to use here, but it
317 // matches how the provisioner currently works. We should figure out
318 // something that needs less escalation but has the correct behavior.
319 row, err := db.GetAuthorizationUserRoles(dbauthz.AsProvisionerd(ctx), ownerID)
320 if err != nil {
321 return nil, xerrors.Errorf("user roles: %w", err)
322 }
323 roles, err := row.RoleNames()
324 if err != nil {
325 return nil, xerrors.Errorf("expand roles: %w", err)
326 }
327 ownerRoles := make([]previewtypes.WorkspaceOwnerRBACRole, 0, len(roles))
328 for _, it := range roles {
329 if it.OrganizationID != uuid.Nil && it.OrganizationID != org {
330 continue
331 }
332 var orgID string
333 if it.OrganizationID != uuid.Nil {
334 orgID = it.OrganizationID.String()
335 }
336 ownerRoles = append(ownerRoles, previewtypes.WorkspaceOwnerRBACRole{
337 Name: it.Name,
338 OrgID: orgID,
339 })
340 }
341
342 // The correct public key has to be sent. This will not be leaked
343 // unless the template leaks it.
344 // nolint:gocritic
345 key, err := db.GetGitSSHKey(dbauthz.AsProvisionerd(ctx), ownerID)

Callers 2

getWorkspaceOwnerDataMethod · 0.85

Calls 11

ExpectOneFunction · 0.92
AsProvisionerdFunction · 0.92
RoleNamesMethod · 0.80
GetUserByIDMethod · 0.65
OrganizationMembersMethod · 0.65
GetGitSSHKeyMethod · 0.65
GetGroupsMethod · 0.65
ErrorfMethod · 0.45
StringMethod · 0.45
IsMethod · 0.45

Tested by

no test coverage detected