coder
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 37 additions & 29 deletions b/‎coderd/apidoc/docs.go
Lines changed: 37 additions & 29 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 35 additions & 27 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 35 additions & 27 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 11 additions & 4 deletions b/‎coderd/coderd.go
Lines changed: 11 additions & 4 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 7 additions & 0 deletions b/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 7 additions & 0 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz_test.go
Lines changed: 7 additions & 0 deletions b/‎coderd/database/dbauthz/dbauthz_test.go
Lines changed: 7 additions & 0 deletions
diff --git a/‎coderd/database/dbmem/dbmem.go
Lines changed: 10 additions & 0 deletions b/‎coderd/database/dbmem/dbmem.go
Lines changed: 10 additions & 0 deletions
diff --git a/‎coderd/database/dbmetrics/querymetrics.go
Lines changed: 7 additions & 0 deletions b/‎coderd/database/dbmetrics/querymetrics.go
Lines changed: 7 additions & 0 deletions
diff --git a/‎coderd/database/dbmock/dbmock.go
Lines changed: 15 additions & 0 deletions b/‎coderd/database/dbmock/dbmock.go
Lines changed: 15 additions & 0 deletions
diff --git a/‎coderd/database/querier.go
Lines changed: 1 addition & 0 deletions b/‎coderd/database/querier.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/database/queries.sql.go
Lines changed: 22 additions & 0 deletions b/‎coderd/database/queries.sql.go
Lines changed: 22 additions & 0 deletions
@@ -1100,10 +1100,6 @@ func New(options *Options) *API {
 			// The idea is to return an empty [], so that the coder CLI won't get blocked accidentally.
 			r.Get("/schema", templateVersionSchemaDeprecated)
 			r.Get("/parameters", templateVersionParametersDeprecated)
-			r.Group(func(r chi.Router) {
-				r.Use(httpmw.RequireExperiment(api.Experiments, codersdk.ExperimentDynamicParameters))
-				r.Get("/dynamic-parameters", api.templateVersionDynamicParameters)
-			})
 			r.Get("/rich-parameters", api.templateVersionRichParameters)
 			r.Get("/external-auth", api.templateVersionExternalAuth)
 			r.Get("/variables", api.templateVersionVariables)
@@ -1169,6 +1165,17 @@ func New(options *Options) *API {
 						// organization member. This endpoint should match the authz story of
 						// postWorkspacesByOrganization
 						r.Post("/workspaces", api.postUserWorkspaces)
+
+						// Similarly to creating a workspace, evaluating parameters for a
+						// new workspace should also match the authz story of
+						// postWorkspacesByOrganization
+						r.Route("/templateversions/{templateversion}", func(r chi.Router) {
+							r.Use(
+								httpmw.ExtractTemplateVersionParam(options.Database),
+								httpmw.RequireExperiment(api.Experiments, codersdk.ExperimentDynamicParameters),
+							)
+							r.Get("/parameters", api.templateVersionDynamicParameters)
+						})
 					})
 
 					r.Group(func(r chi.Router) {
 
@@ -2102,6 +2102,13 @@ func (q *querier) GetOrganizationIDsByMemberIDs(ctx context.Context, ids []uuid.
 	return fetchWithPostFilter(q.auth, policy.ActionRead, q.db.GetOrganizationIDsByMemberIDs)(ctx, ids)
 }
 
+func (q *querier) GetOrganizationMemberRoles(ctx context.Context, params database.GetOrganizationMemberRolesParams) ([]string, error) {
+	if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceOrganizationMember.InOrg(params.OrganizationID)); err != nil {
+		return nil, err
+	}
+	return q.db.GetOrganizationMemberRoles(ctx, params)
+}
+
 func (q *querier) GetOrganizationResourceCountByID(ctx context.Context, organizationID uuid.UUID) (database.GetOrganizationResourceCountByIDRow, error) {
 	// Can read org members
 	if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceOrganizationMember.InOrg(organizationID)); err != nil {
 
@@ -874,6 +874,13 @@ func (s *MethodTestSuite) TestOrganization() {
 		check.Args([]uuid.UUID{ma.UserID, mb.UserID}).
 			Asserts(rbac.ResourceUserObject(ma.UserID), policy.ActionRead, rbac.ResourceUserObject(mb.UserID), policy.ActionRead).OutOfOrder()
 	}))
+	s.Run("GetOrganizationMemberRoles", s.Subtest(func(db database.Store, check *expects) {
+		o := dbgen.Organization(s.T(), db, database.Organization{})
+		u := dbgen.User(s.T(), db, database.User{})
+		_ = dbgen.OrganizationMember(s.T(), db, database.OrganizationMember{OrganizationID: o.ID, UserID: u.ID})
+		check.Args(database.GetOrganizationMemberRolesParams{OrganizationID: o.ID, UserID: u.ID}).
+			Asserts(rbac.ResourceOrganizationMember.InOrg(o.ID), policy.ActionRead)
28BE +	}))
 	s.Run("GetOrganizations", s.Subtest(func(db database.Store, check *expects) {
 		def, _ := db.GetDefaultOrganization(context.Background())
 		a := dbgen.Organization(s.T(), db, database.Organization{})
 
@@ -4094,6 +4094,16 @@ func (q *FakeQuerier) GetOrganizationIDsByMemberIDs(_ context.Context, ids []uui
 	return getOrganizationIDsByMemberIDRows, nil
 }
 
+func (q *FakeQuerier) GetOrganizationMemberRoles(ctx context.Context, params database.GetOrganizationMemberRolesParams) ([]string, error) {
+	for _, it := range q.organizationMembers {
+		if it.UserID == params.UserID && it.OrganizationID == params.OrganizationID {
+			return it.Roles, nil
+		}
+	}
+
+	return nil, sql.ErrNoRows
+}
+
 func (q *FakeQuerier) GetOrganizationResourceCountByID(_ context.Context, organizationID uuid.UUID) (database.GetOrganizationResourceCountByIDRow, error) {
 	q.mutex.RLock()
 	defer q.mutex.RUnlock()