shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-03 13:08:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6e9e39a4e02dfb155c4932f4a8e00deeb28f79d2
coder/coderd
T
History
Kyle Carberry 47846c0ee4 fix(site): inject permissions and organizations metadata to eliminate loading spinners (#22741) 
## Problem

Two network requests were blocking the initial page render with
fullscreen `<Loader fullscreen />` spinners:

1. **`POST /api/v2/authcheck`** (permissions) — blocked in `RequireAuth`
via `AuthProvider.isLoading`
2. **`GET /api/v2/organizations`** — blocked in `DashboardProvider`

All other bootstrap queries (`user`, `entitlements`, `appearance`,
`experiments`, `build-info`, `regions`) already used server-side
metadata injection via `index.html` meta tags and resolved instantly.
These two did not.

## Solution

Follow the existing `cachedQuery` + `<meta>` tag pattern to inject both
datasets server-side:

### Server-side (`site/site.go`)
- Add `Permissions` and `Organizations` fields to `htmlState`
- Fetch organizations via `GetOrganizationsByUserID` in parallel with
existing queries
- Evaluate all `permissionChecks` using the RBAC authorizer directly
- Inject results as HTML-escaped JSON into `<meta>` tags

### Frontend
- Register `permissions` and `organizations` in `useEmbeddedMetadata`
- Update `checkAuthorization()` to accept optional metadata and use
`disabledRefetchOptions` when available
- Update `organizations()` to accept optional metadata and use
`cachedQuery` when available
- Wire metadata through `AuthProvider` and `DashboardProvider`

### Note
The Go `permissionChecks` map in `site/site.go` mirrors
`site/src/modules/permissions/index.ts` and must be kept in sync.
2026-03-09 16:12:04 +00:00
..
agentapi
fix(coderd/agentapi/metadatabatcher): use clock.Since instead of time.Since in flush (#22841)
2026-03-09 16:51:46 +02:00
agentmetrics
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
aibridge
feat: use coder specific header for aibridge authentication from AI proxy (#21590)
2026-01-21 19:06:19 +00:00
apidoc
feat: add file/image attachment support to chat input (#22604)
2026-03-06 21:05:26 +02:00
apikey
fix: initialize API key LastUsed to Unix epoch instead of zero time (#22327)
2026-03-02 16:02:01 +01:00
appearance
audit
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
autobuild
fix: use "idle timeout" as task auto-pause reason (#22287)
2026-02-24 16:45:56 +00:00
awsidentity
azureidentity
chore: update azure certs (#21265)
2025-12-15 13:44:44 -09:00
boundaryusage
fix: make boundary usage telemetry collection atomic (#21907)
2026-02-06 09:52:17 -07:00
cachecompress
feat: add cachecompress package to compress static files for HTTP (#21915)
2026-02-06 10:12:58 +04:00
chatd
fix: update the compaction message to be the "user" role (#22819)
2026-03-08 22:25:27 -04:00
coderdtest
test: reduce Await* polling interval from 250ms to 25ms (#22536)
2026-03-03 13:48:58 +00:00
connectionlog
fix: avoid connection logging crashes in agent (#20307)
2025-10-16 01:56:43 +11:00
cryptokeys
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
database
fix: update the compaction message to be the "user" role (#22819)
2026-03-08 22:25:27 -04:00
devtunnel
chore: remove unnecessary loop variable captures (#22180)
2026-02-19 09:02:19 +00:00
dynamicparameters
chore(coderd/database): remove deprecated db2sdk.List(Lazy)? methods (#21902)
2026-02-03 17:52:07 +00:00
entitlements
feat: add Prometheus metrics for license warnings and errors (#21749)
2026-01-29 13:50:15 +01:00
externalauth
test: remove unnecessary dbauthz.AsSystemRestricted calls in tests (#22663)
2026-03-05 20:29:49 +00:00
files
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
gitsshkey
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
healthcheck
chore: improve healthcheck timeout message (#21520)
2026-01-15 16:37:05 +00:00
httpapi
fix(coderd): harden OAuth2 provider security (#22194)
2026-02-23 12:18:44 +01:00
httpmw
fix: rate limit by user instead of IP for authenticated requests (#22049)
2026-03-09 13:54:31 +01:00
idpsync
test: remove unnecessary dbauthz.AsSystemRestricted calls in tests (#22663)
2026-03-05 20:29:49 +00:00
jobreaper
fix: exclude provisioner_state from workspace_build_with_user view (#22159)
2026-02-23 22:46:17 -06:00
jwtutils
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
mcp
fix(coderd): harden OAuth2 provider security (#22194)
2026-02-23 12:18:44 +01:00
metricscache
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
notifications
test: remove unnecessary dbauthz.AsSystemRestricted calls in tests (#22663)
2026-03-05 20:29:49 +00:00
oauth2provider
fix(coderd): harden OAuth2 provider security (#22194)
2026-02-23 12:18:44 +01:00
oauthpki
fix(coderd): support string type for oidc response's expires_in json property (#20152)
2025-10-15 17:37:37 +00:00
portsharing
pproflabel
chore: add usage tracking package (#19095)
2025-08-16 01:31:00 +10:00
prebuilds
chore: remove unnecessary loop variable captures (#22180)
2026-02-19 09:02:19 +00:00
prometheusmetrics
test: remove unnecessary dbauthz.AsSystemRestricted calls in tests (#22663)
2026-03-05 20:29:49 +00:00
promoauth
fix!: remove deprecated prometheus metrics (#21788)
2026-01-30 13:30:06 +01:00
provisionerdserver
fix: early oidc refresh with fake idp tests (#22712)
2026-03-06 16:51:27 +00:00
provisionerkey
chore!: ensure consistent secret token generation and hashing (#20388)
2025-10-23 15:38:49 -05:00
proxyhealth
feat: add csp headers for embedded apps (#18374)
2025-06-17 09:00:32 -08:00
pubsub
fix(chat): fix streaming bugs in edit notifications, persist race, and frontend reconnect (#22737)
2026-03-06 15:11:05 -08:00
rbac
fix(coderd/rbac): speed up TestRolePermissions to reduce Windows CI timeout (#22657)
2026-03-09 15:57:55 +00:00
render
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
runtimeconfig
chore(coderd/runtimeconfig): remove dbmem from tests (#18790)
2025-07-08 14:31:05 +00:00
schedule
chore: remove unnecessary loop variable captures (#22180)
2026-02-19 09:02:19 +00:00
searchquery
feat: add AI Bridge request logs model filter (#22230)
2026-02-26 02:40:45 +11:00
taskname
fix(stringutil): operate on runes instead of bytes in Truncate (#22388)
2026-02-27 17:46:37 +00:00
telemetry
feat: add telemetry for task lifecycle events (#21922)
2026-02-24 17:04:42 +00:00
testdata
feat: add flag to disable template insights (#20940)
2025-12-14 03:00:03 +00:00
tracing
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
updatecheck
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
usage
chore: add unknown usage event type error (#19436)
2025-08-22 16:32:35 +10:00
userpassword
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
util
feat(namesgenerator): expand auto-generated name digit suffix to 00-99 (#22665)
2026-03-06 15:09:58 +01:00
webpush
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
workspaceapps
fix(coderd): use dbtime.Now() instead of time.Now() in test assertions against DB timestamps (#22685)
2026-03-06 09:14:11 +00:00
workspacestats
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
wsbuilder
fix: mark presets as validation_failed to prevent endless prebuild retries (#22085)
2026-02-27 14:26:48 +00:00
wspubsub
activitybump_test.go
chore: distinct operations for provisioner's 'parse', 'init', 'plan', 'apply', 'graph' (#21064)
2025-12-15 11:26:41 -06:00
aitasks_internal_test.go
fix: set codersdk.Task current_state during task initialization (#20692)
2025-11-17 13:24:12 +00:00
aitasks_test.go
test(coderd): remove provisioner daemon from SendToNonActiveStates test (#22298)
2026-02-25 13:14:32 +02:00
aitasks.go
feat: make coder task send resume paused tasks (#22203)
2026-03-07 01:36:03 +00:00
apikey_scopes_validation_test.go
feat: add multi-scope support to API keys (#19917)
2025-09-26 11:56:34 +02:00
apikey_test.go
fix(coderd): use dbtime.Now() instead of time.Now() in test assertions against DB timestamps (#22685)
2026-03-06 09:14:11 +00:00
apikey.go
feat(coderd): filter expired API tokens server-side (#22263)
2026-02-24 15:27:03 +00:00
apiroot.go
audit_internal_test.go
audit_test.go
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
audit.go
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
authorize_test.go
feat: add an organization member permission level (#19953)
2025-10-27 17:14:16 -06:00
authorize.go
feat: add experimental agents support (#22290)
2026-02-27 16:50:56 +00:00
chats_test.go
feat(site): add diff line reference and annotation system for agents chat (#22697)
2026-03-08 15:38:37 -04:00
chats.go
feat(site): add diff line reference and annotation system for agents chat (#22697)
2026-03-08 15:38:37 -04:00
client_test.go
coderd_internal_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
coderd_test.go
fix: rate limit by user instead of IP for authenticated requests (#22049)
2026-03-09 13:54:31 +01:00
coderd.go
fix(site): inject permissions and organizations metadata to eliminate loading spinners (#22741)
2026-03-09 16:12:04 +00:00
csp.go
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
debug_test.go
chore: improve healthcheck timeout message (#21520)
2026-01-15 16:37:05 +00:00
debug.go
chore: improve healthcheck timeout message (#21520)
2026-01-15 16:37:05 +00:00
deployment_test.go
deployment.go
chore: remove chats experiment (#18535)
2025-06-25 13:03:32 +00:00
deprecated.go
experiments_test.go
experiments.go
fix: do not warn on valid known experiments (#18514)
2025-06-24 09:14:41 +01:00
externalauth_test.go
feat(coderd/rbac): make organization-member a per-org system custom role (#21359)
2026-01-12 18:19:19 -08:00
externalauth.go
feat!: support PKCE in the oauth2 client's auth/exchange flow (#21215)
2025-12-15 17:41:47 +00:00
files_test.go
ci: improve 'tfail in goroutine' ruleguard rule (#19682)
2025-09-04 14:28:29 +10:00
files.go
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
gitsshkey_test.go
chore: distinct operations for provisioner's 'parse', 'init', 'plan', 'apply', 'graph' (#21064)
2025-12-15 11:26:41 -06:00
gitsshkey.go
feat: add API key scope to restrict access to user data (#17692)
2025-05-15 15:32:52 +01:00
inboxnotifications_internal_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
inboxnotifications_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
inboxnotifications.go
fix(coderd): ensure inbox WebSocket is closed when client disconnects (#21652)
2026-01-26 09:24:45 +00:00
initscript_test.go
feat(coderd): add support for external agents to API's and provisioner (#19286)
2025-08-19 10:41:33 +02:00
initscript.go
feat(coderd): add support for external agents to API's and provisioner (#19286)
2025-08-19 10:41:33 +02:00
insights_internal_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
insights_test.go
fix(coderd): fix flaky TestGetUserStatusCounts timezone boundary (#22639)
2026-03-04 18:01:56 -08:00
insights.go
fix: user status change chart accommodates DST (#22191)
2026-03-04 12:54:39 +02:00
latencycheck.go
mcp_http.go
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
members_test.go
feat: add endpoint to fetch singular org member (#21732)
2026-02-03 12:48:25 -06:00
members.go
feat: add endpoint to fetch singular org member (#21732)
2026-02-03 12:48:25 -06:00
notifications_test.go
chore: return 404, not 400 if missing or authz deny (#22069)
2026-02-13 08:19:07 -06:00
notifications.go
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
oauth2_error_compliance_test.go
refactor: add RFC-compliant enum types and use SDK as source of truth (#21468)
2026-01-15 12:41:28 +03:00
oauth2_metadata_test.go
refactor: add RFC-compliant enum types and use SDK as source of truth (#21468)
2026-01-15 12:41:28 +03:00
oauth2_metadata_validation_test.go
refactor: add RFC-compliant enum types and use SDK as source of truth (#21468)
2026-01-15 12:41:28 +03:00
oauth2_security_test.go
feat: implement OAuth2 dynamic client registration (RFC 7591/7592) (#18645)
2025-07-03 18:33:47 +02:00
oauth2_test.go
fix(coderd): use dbtime.Now() instead of time.Now() in test assertions against DB timestamps (#22685)
2026-03-06 09:14:11 +00:00
oauth2.go
feat: implement oauth2 RFC 7009 token revocation endpoint (#20362)
2025-10-22 15:18:42 -05:00
organizations_test.go
organizations.go
chore(coderd/database): remove deprecated db2sdk.List(Lazy)? methods (#21902)
2026-02-03 17:52:07 +00:00
pagination_test.go
feat: add connectionlogs API (#18628)
2025-07-15 14:55:34 +10:00
pagination.go
feat: add connectionlogs API (#18628)
2025-07-15 14:55:34 +10:00
parameters_test.go
feat: archive modules in size order until limit is hit (#21773)
2026-02-02 09:03:18 -06:00
parameters.go
chore(coderd/database): remove deprecated db2sdk.List(Lazy)? methods (#21902)
2026-02-03 17:52:07 +00:00
presets_test.go
chore: remove unnecessary loop variable captures (#22180)
2026-02-19 09:02:19 +00:00
presets.go
feat: support icon and description in preset (#18977)
2025-07-28 15:02:26 +01:00
provisionerdaemons_test.go
feat: add filtering options to provisioners list (#19378)
2025-08-21 16:03:34 -04:00
provisionerdaemons.go
chore(coderd/database): remove deprecated db2sdk.List(Lazy)? methods (#21902)
2026-02-03 17:52:07 +00:00
provisionerjobs_internal_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
provisionerjobs_test.go
test: reduce unnecessary sleep durations in tests (#22552)
2026-03-03 10:19:00 -05:00
provisionerjobs.go
chore(coderd/database): remove deprecated db2sdk.List(Lazy)? methods (#21902)
2026-02-03 17:52:07 +00:00
roles_test.go
roles.go
feat(coderd/rbac): make organization-member a per-org system custom role (#21359)
2026-01-12 18:19:19 -08:00
scopes_catalog_api_test.go
feat: add external API key scopes (#19916)
2025-09-26 11:43:32 +02:00
scopes_catalog.go
feat: add external API key scopes (#19916)
2025-09-26 11:43:32 +02:00
tailnet_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
tailnet.go
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
templates_test.go
fix: hide "Create Workspace" button for deleted templates (#22092)
2026-02-13 19:44:50 -05:00
templates.go
fix: hide "Create Workspace" button for deleted templates (#22092)
2026-02-13 19:44:50 -05:00
templateversions_test.go
feat: validate prebuild presets using dynamic parameter validation (#21858)
2026-03-03 16:50:18 +00:00
templateversions.go
feat: validate prebuild presets using dynamic parameter validation (#21858)
2026-03-03 16:50:18 +00:00
updatecheck_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
updatecheck.go
userauth_test.go
chore: optionally prefix authentication related cookies (#22148)
2026-02-20 09:01:00 -06:00
userauth.go
chore: optionally prefix authentication related cookies (#22148)
2026-02-20 09:01:00 -06:00
users_test.go
fix(coderd): use dbtime.Now() instead of time.Now() in test assertions against DB timestamps (#22685)
2026-03-06 09:14:11 +00:00
users.go
chore(coderd/database): remove deprecated db2sdk.List(Lazy)? methods (#21902)
2026-02-03 17:52:07 +00:00
webpush_test.go
refactor(webpush): use RequireExperimentWithDevBypass middleware (#22525)
2026-03-03 09:49:04 +00:00
webpush.go
refactor(webpush): use RequireExperimentWithDevBypass middleware (#22525)
2026-03-03 09:49:04 +00:00
workspaceagentportshare_test.go
feat(coderd/rbac): make organization-member a per-org system custom role (#21359)
2026-01-12 18:19:19 -08:00
workspaceagentportshare.go
docs: fix swagger documentation for DELETE port share endpoint (#18426)
2025-06-18 14:07:53 +00:00
workspaceagents_internal_test.go
feat: agents git watch backend (#22565)
2026-03-06 10:47:55 +01:00
workspaceagents_test.go
fix(coderd): use dbtime.Now() instead of time.Now() in test assertions against DB timestamps (#22685)
2026-03-06 09:14:11 +00:00
workspaceagents.go
fix: scope git askpass diff status updates to initiating chat (#22534)
2026-03-02 22:52:39 -05:00
workspaceagentsrpc_internal_test.go
test: use not before in TestAgentConnectionMonitor_* (#21332)
2025-12-22 10:21:39 +04:00
workspaceagentsrpc_test.go
fix(coderd): add role param to agent RPC to prevent false connectivity (#22052)
2026-02-18 09:44:06 +01:00
workspaceagentsrpc.go
fix(coderd): add role param to agent RPC to prevent false connectivity (#22052)
2026-02-18 09:44:06 +01:00
workspaceapps_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
workspaceapps.go
feat: add multi-scope support to API keys (#19917)
2025-09-26 11:56:34 +02:00
workspacebuilds_test.go
feat: add link for viewing raw build logs in workspace and template build jobs (#21727)
2026-02-03 09:45:23 +00:00
workspacebuilds.go
fix: exclude provisioner_state from workspace_build_with_user view (#22159)
2026-02-23 22:46:17 -06:00
workspaceproxies_test.go
workspaceproxies.go
workspaceresourceauth_test.go
chore: distinct operations for provisioner's 'parse', 'init', 'plan', 'apply', 'graph' (#21064)
2025-12-15 11:26:41 -06:00
workspaceresourceauth.go
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
workspaces_test.go
fix(coderd): use dbtime.Now() instead of time.Now() in test assertions against DB timestamps (#22685)
2026-03-06 09:14:11 +00:00
workspaces.go
feat: add experimental agents support (#22290)
2026-02-27 16:50:56 +00:00
workspaceupdates_test.go
workspaceupdates.go
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00