Thanks to visit codestin.com
Credit goes to github.com

Skip to content

feat: add count endpoint for users, enabling better pagination #4848

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 18 commits into from
Nov 8, 2022
Merged

feat: add count endpoint for users, enabling better pagination #4848

Changes from 1 commit
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
5acfb83
Start on backend
presleyp Oct 31, 2022
9b42678
Hook up frontend
presleyp Oct 31, 2022
97027d2
Add to frontend test
presleyp Nov 1, 2022
486839b
Add go test, wip
presleyp Nov 1, 2022
3a8e4bb
Fix some test bugs
presleyp Nov 1, 2022
f083580
Fix test
presleyp Nov 2, 2022
72d4657
Merge branch 'main' into users-count/presleyp
presleyp Nov 2, 2022
424358e
Format
presleyp Nov 2, 2022
6f8ec23
Add to authorize.go
presleyp Nov 3, 2022
5b442b4
copy user array into local variable
f0ssel Nov 4, 2022
3929a00
Authorize route
presleyp Nov 4, 2022
4f9eb6f
Log count error
presleyp Nov 4, 2022
7d8562c
Authorize better
presleyp Nov 4, 2022
b230df1
Tweaks to authorization
presleyp Nov 4, 2022
ca4a82f
More authorization tweaks
presleyp Nov 4, 2022
998725b
Make gen
presleyp Nov 7, 2022
e40949c
Merge branch 'main' into users-count/presleyp
presleyp Nov 7, 2022
4210e28
Fix test
presleyp Nov 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add to authorize.go
  • Loading branch information
@presleyp
presleyp committed Nov 3, 2022
commit 6f8ec23b17adb07f6005f214baab0fe71aaf8f3d
1 change: 1 addition & 0 deletions coderd/coderdtest/authorize.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,7 @@ func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {
// Endpoints that use the SQLQuery filter.
"GET:/api/v2/workspaces/": {StatusCode: http.StatusOK, NoAuthorize: true},
"GET:/api/v2/workspaces/count": {StatusCode: http.StatusOK, NoAuthorize: true},
"GET:/api/v2/users/count": {StatusCode: http.StatusOK, NoAuthorize: true},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not doing an auth check here, combined with the fact that you can query for username or email substrings means that you can easily dump all usernames and emails by repeatedly hitting this endpoint and doing a tree search.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To follow up, you can follow how we do this for workspaces.

coder/coderd/database/modelqueries.go

Lines 113 to 117 in 6f8ec23

type workspaceQuerier interface {
GetAuthorizedWorkspaces(ctx context.Context, arg GetWorkspacesParams, authorizedFilter rbac.AuthorizeFilter) ([]Workspace, error)
GetAuthorizedWorkspaceCount(ctx context.Context, arg GetWorkspaceCountParams, authorizedFilter rbac.AuthorizeFilter) (int64, error)
}

If you add api.Authorize(r, rbac.ActionRead, rbac.ResourceUser) it is technically ok as it checks if you can read all users. We should really do it proper though so we can mess with perms later and everything still works.

Add a new function called GetAuthorizedUsersCount

}

// Routes like proxy routes support all HTTP methods. A helper func to expand
Expand Down