8000 chore: audit log filter to be skipped if user is owner/admin · coder/coder@ae4220c · GitHub
[go: up one dir, main page]

Skip to content

Commit ae4220c

Browse files
committed
chore: audit log filter to be skipped if user is owner/admin
Optimize for speed in the case the user can read all audit_logs
1 parent 6e36082 commit ae4220c

File tree

2 files changed

+8
-1
lines changed

2 files changed

+8
-1
lines changed

coderd/database/dbauthz/dbauthz.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1248,6 +1248,13 @@ func (q *querier) GetApplicationName(ctx context.Context) (string, error) {
12481248
}
12491249

12501250
func (q *querier) GetAuditLogsOffset(ctx context.Context, arg database.GetAuditLogsOffsetParams) ([]database.GetAuditLogsOffsetRow, error) {
1251+
// Shortcut if the user is an owner. The SQL filter is noticeable,
1252+
// and this is an easy win for owners. Which is the common case.
1253+
err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceAuditLog)
1254+
if err == nil {
1255+
return q.db.GetAuditLogsOffset(ctx, arg)
1256+
}
1257+
12511258
prep, err := prepareSQLFilter(ctx, q.auth, policy.ActionRead, rbac.ResourceAuditLog.Type)
12521259
if err != nil {
12531260
return nil, xerrors.Errorf("(dev error) prepare sql filter: %w", err)

coderd/database/dbauthz/dbauthz_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -266,7 +266,7 @@ func (s *MethodTestSuite) TestAuditLogs() {
266266
_ = dbgen.AuditLog(s.T(), db, database.AuditLog{})
267267
check.Args(database.GetAuditLogsOffsetParams{
268268
LimitOpt: 10,
269-
}).Asserts()
269+
}).Asserts(rbac.ResourceAuditLog, policy.ActionRead)
270270
}))
271271
s.Run("GetAuthorizedAuditLogsOffset", s.Subtest(func(db database.Store, check *expects) {
272272
_ = dbgen.AuditLog(s.T(), db, database.AuditLog{})

0 commit comments

Comments
 (0)
0