@@ -243,24 +243,30 @@ func (r *dynamicRenderer) getWorkspaceOwnerData(ctx context.Context, ownerID uui
243243 return nil // already fetched
244244 }
245245
246- // You only need to be able to read the organization member to get the owner
247- // data. Only the terraform files can therefore leak more information than the
248- // caller should have access to. All this info should be public assuming you can
249- // read the user though.
250- mem , err := database .ExpectOne (r .db .OrganizationMembers (ctx , database.OrganizationMembersParams {
251- OrganizationID : r .data .templateVersion .OrganizationID ,
252- UserID : ownerID ,
253- IncludeSystem : true ,
254- }))
246+ user , err := r .db .GetUserByID (ctx , ownerID )
255247 if err != nil {
256- return err
257- }
248+ // If the user failed to read, we also try to read the user from their
249+ // organization member. You only need to be able to read the organization member
250+ // to get the owner data.
251+ //
252+ // Only the terraform files can therefore leak more information than the
253+ // caller should have access to. All this info should be public assuming you can
254+ // read the user though.
255+ mem , err := database .ExpectOne (r .db .OrganizationMembers (ctx , database.OrganizationMembersParams {
256+ OrganizationID : r .data .templateVersion .OrganizationID ,
257+ UserID : ownerID ,
258+ IncludeSystem : true ,
259+ }))
260+ if err != nil {
261+ return xerrors .Errorf ("fetch user: %w" , err )
262+ }
258263
259- // User data is required for the form. Org member is checked above
260- // nolint:gocritic
261- user , err := r .db .GetUserByID (dbauthz .AsProvisionerd (ctx ), mem .OrganizationMember .UserID )
262- if err != nil {
263- return xerrors .Errorf ("fetch user: %w" , err )
264+ // Org member fetched, so use the provisioner context to fetch the user.
265+ //nolint:gocritic // Has the correct permissions, and matches the provisioning flow.
266+ user , err = r .db .GetUserByID (dbauthz .AsProvisionerd (ctx ), mem .OrganizationMember .UserID )
267+ if err != nil {
268+ return xerrors .Errorf ("fetch user: %w" , err )
269+ }
264270 }
265271
266272 // nolint:gocritic // This is kind of the wrong query to use here, but it
@@ -314,10 +320,10 @@ func (r *dynamicRenderer) getWorkspaceOwnerData(ctx context.Context, ownerID uui
314320 }
315321
316322 r .currentOwner = & previewtypes.WorkspaceOwner {
317- ID : mem . OrganizationMember . UserID .String (),
318- Name : mem .Username ,
319- FullName : mem .Name ,
320- Email : mem .Email ,
323+ ID : user . ID .String (),
324+ Name : user .Username ,
325+ FullName : user .Name ,
326+ Email : user .Email ,
321327 LoginType : string (user .LoginType ),
322328 RBACRoles : ownerRoles ,
323329 SSHPublicKey : key .PublicKey ,
0 commit comments