✨

aslilac · aslilac · commit b0ed49c3b753 · 2025-04-01T21:12:04.000Z
diff --git a/coderd/database/dbauthz/dbauthz.go b/coderd/database/dbauthz/dbauthz.go
@@ -1746,6 +1746,10 @@ func (q *querier) GetFileIDByTemplateVersionID(ctx context.Context, templateVers
 	if err != nil {
 		return uuid.Nil, err
 	}
+	// This is a kind of weird check, because users will almost never have this
+	// permission. Since this query is not currently used to provide data in a
+	// user facing way, it's expected that this query is run as some system
+	// subject in order to be authorized.
 	err = q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceFile.WithID(fileID))
 	if err != nil {
 		return uuid.Nil, err
