fix: send workspace create/update notifications to template admins only (#16071)

Relates to https://github.com/coder/coder/issues/15845

Rather than sending the notification to the user, we send it to the
template admins. We also do not send it to the person that created the
request.

coderd/workspaces.go

@@ -665,9 +665,6 @@ func createWorkspace(
 		)
 		return err
 	}, nil)
-
-	api.notifyWorkspaceCreated(ctx, workspace, req.RichParameterValues)
-
 	var bldErr wsbuilder.BuildError
 	if xerrors.As(err, &bldErr) {
 		httpapi.Write(ctx, rw, bldErr.Status, codersdk.Response{
@@ -689,6 +686,21 @@ func createWorkspace(
 		api.Logger.Error(ctx, "failed to post provisioner job to pubsub", slog.Error(err))
 	}
 
+	// nolint:gocritic // Need system context to fetch admins
+	admins, err := findTemplateAdmins(dbauthz.AsSystemRestricted(ctx), api.Database)
+	if err != nil {
+		api.Logger.Error(ctx, "find template admins", slog.Error(err))
+	} else {
+		for _, admin := range admins {
+			// Don't send notifications to user which initiated the event.
+			if admin.ID == initiatorID {
+				continue
+			}
+
+			api.notifyWorkspaceCreated(ctx, admin.ID, workspace, req.RichParameterValues)
+		}
+	}
+
 	auditReq.New = workspace.WorkspaceTable()
 
 	api.Telemetry.Report(&telemetry.Snapshot{
@@ -739,6 +751,7 @@ func createWorkspace(
 
 func (api *API) notifyWorkspaceCreated(
 	ctx context.Context,
+	receiverID uuid.UUID,
 	workspace database.Workspace,
 	parameters []codersdk.WorkspaceBuildParameter,
 ) {
@@ -773,7 +786,7 @@ func (api *API) notifyWorkspaceCreated(
 	if _, err := api.NotificationsEnqueuer.EnqueueWithData(
 		// nolint:gocritic // Need notifier actor to enqueue notifications
 		dbauthz.AsNotifier(ctx),
-		workspace.OwnerID,
+		receiverID,
 		notifications.TemplateWorkspaceCreated,
 		map[string]string{
 			"workspace": workspace.Name,