Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit feec988

Browse files
EmyrkEmyrk
committed
chore: only send org roles for the org the workspace is in
1 parent 3b93d82 commit feec988

File tree

2 files changed

+12
-0
lines changed

2 files changed

+12
-0
lines changed

coderd/provisionerdserver/provisionerdserver.go

+4
Original file line numberDiff line numberDiff line change
@@ -603,6 +603,10 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo
603603
roles, err := allUserRoles.RoleNames()
604604
if err == nil {
605605
for _, role := range roles {
606+
if role.OrganizationID != uuid.Nil && role.OrganizationID != s.OrganizationID {
607+
continue // Only include site wide and org specific roles
608+
}
609+
606610
orgID := role.OrganizationID.String()
607611
if role.OrganizationID == uuid.Nil {
608612
orgID = ""

coderd/provisionerdserver/provisionerdserver_test.go

+8
Original file line numberDiff line numberDiff line change
@@ -211,6 +211,14 @@ func TestAcquireJob(t *testing.T) {
211211
Roles: []string{rbac.RoleOrgAuditor()},
212212
})
213213

214+
// Add extra erronous roles
215+
secondOrg := dbgen.Organization(t, db, database.Organization{})
216+
dbgen.OrganizationMember(t, db, database.OrganizationMember{
217+
UserID: user.ID,
218+
OrganizationID: secondOrg.ID,
219+
Roles: []string{rbac.RoleOrgAuditor()},
220+
})
221+
214222
link := dbgen.UserLink(t, db, database.UserLink{
215223
LoginType: database.LoginTypeOIDC,
216224
UserID: user.ID,

0 commit comments

Comments
 (0)