Replace `rbac.ResourceSystem` usage in `dbauthz.InsertWorkspaceApp` #18210

Closed

Closed

Replace rbac.ResourceSystem usage in dbauthz.InsertWorkspaceApp#18210

Assignees

DanielleMaywood

opened

Currently InsertWorkspaceApp relies on rbac.ResourceSystem

coder/coderd/database/dbauthz/dbauthz.go

Lines 3853 to 3858 in da9a313

    
           func (q *querier) InsertWorkspaceApp(ctx context.Context, arg database.InsertWorkspaceAppParams) (database.WorkspaceApp, error) { 
        
           	if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceSystem); err != nil { 
        
           		return database.WorkspaceApp{}, err 
        
           	} 
        
           	return q.db.InsertWorkspaceApp(ctx, arg) 
        
           }

This is problematic as calling this requires AsSystemRestricted, which grants far too many permissions.

Metadata

Assignees

DanielleMaywood

Labels

No labels

No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests