coder
diff --git a/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 4 additions & 0 deletions b/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 4 additions & 0 deletions
diff --git a/‎coderd/database/dbmem/dbmem.go
Lines changed: 4 additions & 0 deletions b/‎coderd/database/dbmem/dbmem.go
Lines changed: 4 additions & 0 deletions
diff --git a/‎coderd/database/dbmetrics/dbmetrics.go
Lines changed: 7 additions & 0 deletions b/‎coderd/database/dbmetrics/dbmetrics.go
Lines changed: 7 additions & 0 deletions
diff --git a/‎coderd/database/dbmock/dbmock.go
Lines changed: 15 additions & 0 deletions b/‎coderd/database/dbmock/dbmock.go
Lines changed: 15 additions & 0 deletions
diff --git a/‎coderd/database/modelqueries.go
Lines changed: 88 additions & 0 deletions b/‎coderd/database/modelqueries.go
Lines changed: 88 additions & 0 deletions
diff --git a/‎coderd/database/queries.sql.go
Lines changed: 3 additions & 0 deletions b/‎coderd/database/queries.sql.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/database/queries/auditlogs.sql
Lines changed: 3 additions & 0 deletions b/‎coderd/database/queries/auditlogs.sql
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/rbac/regosql/configs.go
Lines changed: 15 additions & 0 deletions b/‎coderd/rbac/regosql/configs.go
Lines changed: 15 additions & 0 deletions
@@ -3852,3 +3852,7 @@ func (q *querier) GetAuthorizedUsers(ctx context.Context, arg database.GetUsersP
 	// GetUsers is authenticated.
 	return q.GetUsers(ctx, arg)
 }
+
+func (q *querier) GetAuthorizedAuditLogsOffset(ctx context.Context, arg database.GetAuditLogsOffsetParams, prepared rbac.PreparedAuthorized) ([]database.GetAuditLogsOffsetRow, error) {
+	panic("not implemented")
+}
@@ -10080,3 +10080,7 @@ func (q *FakeQuerier) GetAuthorizedUsers(ctx context.Context, arg database.GetUs
 	}
 	return filteredUsers, nil
 }
+
+func (q *FakeQuerier) GetAuthorizedAuditLogsOffset(ctx context.Context, arg database.GetAuditLogsOffsetParams, prepared rbac.PreparedAuthorized) ([]database.GetAuditLogsOffsetRow, error) {
+	panic("not implemented")
+}
@@ -48,6 +48,7 @@ type customQuerier interface {
 	templateQuerier
 	workspaceQuerier
 	userQuerier
+	auditLogQuerier
 }
 
 type templateQuerier interface {
@@ -375,6 +376,93 @@ func (q *sqlQuerier) GetAuthorizedUsers(ctx context.Context, arg GetUsersParams,
 	return items, nil
 }
 
+type auditLogQuerier interface {
+	GetAuthorizedAuditLogsOffset(ctx context.Context, arg GetAuditLogsOffsetParams, prepared rbac.PreparedAuthorized) ([]GetAuditLogsOffsetRow, error)
+}
+
+func (q *sqlQuerier) GetAuthorizedAuditLogsOffset(ctx context.Context, arg GetAuditLogsOffsetParams, prepared rbac.PreparedAuthorized) ([]GetAuditLogsOffsetRow, error) {
+	authorizedFilter, err := prepared.CompileToSQL(ctx, regosql.ConvertConfig{
+		VariableConverter: regosql.AuditLogConverter(),
+	})
+	if err != nil {
+		return nil, xerrors.Errorf("compile authorized filter: %w", err)
+	}
+
+	filtered, err := insertAuthorizedFilter(getAuditLogsOffset, fmt.Sprintf(" AND %s", authorizedFilter))
+	if err != nil {
+		return nil, xerrors.Errorf("insert authorized filter: %w", err)
+	}
+
+	query := fmt.Sprintf("-- name: GetAuthorizedAuditLogsOffset :many\n%s", filtered)
+	rows, err := q.db.QueryContext(ctx, query,
+		arg.ResourceType,
+		arg.ResourceID,
+		arg.OrganizationID,
+		arg.ResourceTarget,
+		arg.Action,
+		arg.UserID,
+		arg.Username,
+		arg.Email,
+		arg.DateFrom,
+		arg.DateTo,
+		arg.BuildReason,
+		arg.OffsetOpt,
+		arg.LimitOpt,
+	)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []GetAuditLogsOffsetRow
+	for rows.Next() {
+		var i GetAuditLogsOffsetRow
+		if err := rows.Scan(
+			&i.ID,
+			&i.Time,
+			&i.UserID,
+			&i.OrganizationID,
+			&i.Ip,
+			&i.UserAgent,
+			&i.ResourceType,
+			&i.ResourceID,
+			&i.ResourceTarget,
+			&i.Action,
+			&i.Diff,
+			&i.StatusCode,
+			&i.AdditionalFields,
+			&i.RequestID,
+			&i.ResourceIcon,
+			&i.UserUsername,
+			&i.UserName,
+			&i.UserEmail,
+			&i.UserCreatedAt,
+			&i.UserUpdatedAt,
+			&i.UserLastSeenAt,
+			&i.UserStatus,
+			&i.UserLoginType,
+			&i.UserRoles,
+			&i.UserAvatarUrl,
+			&i.UserDeleted,
+			&i.UserThemePreference,
+			&i.UserQuietHoursSchedule,
+			&i.OrganizationName,
+			&i.OrganizationDisplayName,
+			&i.OrganizationIcon,
+			&i.Count,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
 func insertAuthorizedFilter(query string, replaceWith string) (string, error) {
 	if !strings.Contains(query, authorizedQueryPlaceholder) {
 		return "", xerrors.Errorf("query does not contain authorized replace string, this is not an authorized query")
 
@@ -117,6 +117,9 @@ WHERE
             workspace_builds.reason::text = @build_reason
         ELSE true
     END
+
+	-- Authorize Filter clause will be injected below in GetAuthorizedAuditLogsOffset
+	-- @authorize_filter
 ORDER BY
     "time" DESC
 LIMIT
 
@@ -36,6 +36,21 @@ func TemplateConverter() *sqltypes.VariableConverter {
 	return matcher
 }
 
+func AuditLogConverter() *sqltypes.VariableConverter {
+	matcher := sqltypes.NewVariableConverter().RegisterMatcher(
+		resourceIDMatcher(),
+		organizationOwnerMatcher(),
+		// Templates have no user owner, only owner by an organization.
+		sqltypes.AlwaysFalse(userOwnerMatcher()),
+	)
+	matcher.RegisterMatcher(
+		// No ACLs on the user type
+		sqltypes.AlwaysFalse(groupACLMatcher(matcher)),
+		sqltypes.AlwaysFalse(userACLMatcher(matcher)),
+	)
+	return matcher
+}
+
 func UserConverter() *sqltypes.VariableConverter {
 	matcher := sqltypes.NewVariableConverter().RegisterMatcher(
 		resourceIDMatcher(),
Original file line number	Diff line number	Diff line change
`@@ -3852,3 +3852,7 @@ func (q *querier) GetAuthorizedUsers(ctx context.Context, arg database.GetUsersP`
`3852`	`3852`	`// GetUsers is authenticated.`
`3853`	`3853`	`return q.GetUsers(ctx, arg)`
`3854`	`3854`	`}`
	`3855`	`+`
	`3856`	`+func (q *querier) GetAuthorizedAuditLogsOffset(ctx context.Context, arg database.GetAuditLogsOffsetParams, prepared rbac.PreparedAuthorized) ([]database.GetAuditLogsOffsetRow, error) {`
	`3857`	`+ panic("not implemented")`
	`3858`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -10080,3 +10080,7 @@ func (q *FakeQuerier) GetAuthorizedUsers(ctx context.Context, arg database.GetUs`
`10080`	`10080`	`}`
`10081`	`10081`	`return filteredUsers, nil`
`10082`	`10082`	`}`
	`10083`	`+`
	`10084`	`+func (q *FakeQuerier) GetAuthorizedAuditLogsOffset(ctx context.Context, arg database.GetAuditLogsOffsetParams, prepared rbac.PreparedAuthorized) ([]database.GetAuditLogsOffsetRow, error) {`
	`10085`	`+ panic("not implemented")`
	`10086`	`+}`