Thanks to visit codestin.com
Credit goes to github.com

Skip to content

bug: failure when admins access workspaces on behalf of users #17691

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 task done
ericpaulsen opened this issue May 6, 2025 · 1 comment · Fixed by #17707
Closed
1 task done

bug: failure when admins access workspaces on behalf of users #17691

ericpaulsen opened this issue May 6, 2025 · 1 comment · Fixed by #17707
Assignees
@Emyrk
Labels
customer-reported Bugs reported by enterprise customers. Only humans may set this.

Comments

@ericpaulsen
Copy link
Member

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Actual result: an error form with the below messages

This is 'fixable' by allocating the 'Organization User Admin' to user2. We don't document this Role in the docs pages, can somebody confirm what is the appropriate 'Coder way' to enable a user, and how/why adding ALL permissions (except three dormant ones that cannot be added to a Custom role) does still not allow the new Role privileges to read the org users?

Relevant Log Output

"user" must be an existing uuid or username
queried user="user1"

Expected Behavior

Expected result: user2 is able to see the details of workspace1 and navigate to all coder apps defined in workspace1

Steps to Reproduce

  1. Have user1 with the role of Member create a workspace (let's say workspace1)
  2. Create a role "Support" and give the role all available permissions (in the end we want to scope this down to the must have permissions for accessing someone else's workspace - but for simplicity sake let's just assign everything)
  3. Assign the Support role to user2
  4. user2 lists all workspaces in the environment and clicks on workspace1

Environment

  • Host OS:
  • Coder version:

Additional Context

No response
@ericpaulsen ericpaulsen added the needs-triage Issue that require triage label May 6, 2025
@ericpaulsen ericpaulsen changed the title bug: custom role permission allowing admin access to user workspaces fails when accessing workspace on behalf of user bug: failure when admins access workspaces on behalf of users May 6, 2025
@matifali matifali added customer-reported Bugs reported by enterprise customers. Only humans may set this. and removed needs-triage Issue that require triage labels May 6, 2025
@Emyrk
Copy link
Member

Emyrk commented May 7, 2025
edited
Loading

@ericpaulsen can you reproduce this on main? I am able to open another workspace page from a second member. The member has no site wide roles, just custom roles.

Edit: Reproduced in a unit test: #17707

@Emyrk Emyrk mentioned this issue May 7, 2025
Merged
Emyrk added a commit that referenced this issue May 8, 2025
@Emyrk
chore: fetch workspaces by username with organization permissions (#1…
d5360a6 
…7707)

Closes #17691

`ExtractOrganizationMembersParam` will allow fetching a user with only
organization permissions. If the user belongs to 0 orgs, then the user "does not exist" 
from an org perspective. But if you are a site-wide admin, then the user does exist.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Emyrk Emyrk

Labels
customer-reported Bugs reported by enterprise customers. Only humans may set this.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: fetch workspaces by username with organization permissions coder/coder
3 participants
@Emyrk @ericpaulsen @matifali