(ctx context.Context, db database.Store, org uuid.UUID, ownerID uuid.UUID)
| 286 | } |
| 287 | |
| 288 | func WorkspaceOwner(ctx context.Context, db database.Store, org uuid.UUID, ownerID uuid.UUID) (*previewtypes.WorkspaceOwner, error) { |
| 289 | user, err := db.GetUserByID(ctx, ownerID) |
| 290 | if err != nil { |
| 291 | // If the user failed to read, we also try to read the user from their |
| 292 | // organization member. You only need to be able to read the organization member |
| 293 | // to get the owner data. |
| 294 | // |
| 295 | // Only the terraform files can therefore leak more information than the |
| 296 | // caller should have access to. All this info should be public assuming you can |
| 297 | // read the user though. |
| 298 | mem, err := database.ExpectOne(db.OrganizationMembers(ctx, database.OrganizationMembersParams{ |
| 299 | OrganizationID: org, |
| 300 | UserID: ownerID, |
| 301 | IncludeSystem: true, |
| 302 | GithubUserID: 0, |
| 303 | })) |
| 304 | if err != nil { |
| 305 | return nil, xerrors.Errorf("fetch user: %w", err) |
| 306 | } |
| 307 | |
| 308 | // Org member fetched, so use the provisioner context to fetch the user. |
| 309 | //nolint:gocritic // Has the correct permissions, and matches the provisioning flow. |
| 310 | user, err = db.GetUserByID(dbauthz.AsProvisionerd(ctx), mem.OrganizationMember.UserID) |
| 311 | if err != nil { |
| 312 | return nil, xerrors.Errorf("fetch user: %w", err) |
| 313 | } |
| 314 | } |
| 315 | |
| 316 | // nolint:gocritic // This is kind of the wrong query to use here, but it |
| 317 | // matches how the provisioner currently works. We should figure out |
| 318 | // something that needs less escalation but has the correct behavior. |
| 319 | row, err := db.GetAuthorizationUserRoles(dbauthz.AsProvisionerd(ctx), ownerID) |
| 320 | if err != nil { |
| 321 | return nil, xerrors.Errorf("user roles: %w", err) |
| 322 | } |
| 323 | roles, err := row.RoleNames() |
| 324 | if err != nil { |
| 325 | return nil, xerrors.Errorf("expand roles: %w", err) |
| 326 | } |
| 327 | ownerRoles := make([]previewtypes.WorkspaceOwnerRBACRole, 0, len(roles)) |
| 328 | for _, it := range roles { |
| 329 | if it.OrganizationID != uuid.Nil && it.OrganizationID != org { |
| 330 | continue |
| 331 | } |
| 332 | var orgID string |
| 333 | if it.OrganizationID != uuid.Nil { |
| 334 | orgID = it.OrganizationID.String() |
| 335 | } |
| 336 | ownerRoles = append(ownerRoles, previewtypes.WorkspaceOwnerRBACRole{ |
| 337 | Name: it.Name, |
| 338 | OrgID: orgID, |
| 339 | }) |
| 340 | } |
| 341 | |
| 342 | // The correct public key has to be sent. This will not be leaked |
| 343 | // unless the template leaks it. |
| 344 | // nolint:gocritic |
| 345 | key, err := db.GetGitSSHKey(dbauthz.AsProvisionerd(ctx), ownerID) |
no test coverage detected