8000 feat: Implied 'member' roles for site and organization by Emyrk · Pull Request #1917 · coder/coder · GitHub
[go: up one dir, main page]
Skip to content

feat: Implied 'member' roles for site and organization #1917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Jun 1, 2022
Merged

feat: Implied 'member' roles for site and organization #1917

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
501e581
feat: Member roles are implied and never exlpicitly added
Emyrk May 31, 2022
51521ca
Rename "GetAllUserRoles" to "GetAuthorizationRoles"
Emyrk May 31, 2022
844c9ce
feat: Add migration to remove implied roles
Emyrk May 31, 2022
28e3957
Add comment to sql
Emyrk May 31, 2022
058e7ab
test: Update test
Emyrk May 31, 2022
9a3d38e
handle null string array
Emyrk May 31, 2022
5060443
Merge remote-tracking branch 'origin/main' into stevenmasley/implied_…
Emyrk May 31, 2022
6a89023
rename user auth role middleware
Emyrk Jun 1, 2022
ccecdda
fixup! rename user auth role middleware
Emyrk Jun 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
rename user auth role middleware
  • Loading branch information
@Emyrk
Emyrk committed Jun 1, 2022
commit 6a89023eaf4355fcca6c43f2f4b92f174f80d433
4 changes: 2 additions & 2 deletions coderd/authorize.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,12 @@ import (
)

func AuthorizeFilter[O rbac.Objecter](api *API, r *http.Request, action rbac.Action, objects []O) []O {
roles := httpmw.UserAuthorizationRoles(r)
roles := httpmw.AuthorizationUserRoles(r)
return rbac.Filter(r.Context(), api.Authorizer, roles.ID.String(), roles.Roles, action, objects)
}

func (api *API) Authorize(rw http.ResponseWriter, r *http.Request, action rbac.Action, object rbac.Objecter) bool {
roles := httpmw.UserAuthorizationRoles(r)
roles := httpmw.AuthorizationUserRoles(r)
err := api.Authorizer.ByRoleName(r.Context(), roles.ID.String(), roles.Roles, action, object.RBACObject())
if err != nil {
httpapi.Write(rw, http.StatusForbidden, httpapi.Response{
Expand Down
4 changes: 2 additions & 2 deletions coderd/httpmw/apikey.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,9 @@ func APIKey(r *http.Request) database.APIKey {
// User roles are the 'subject' field of Authorize()
type userRolesKey struct{}

// UserAuthorizationRoles returns the roles used for authorization.
// AuthorizationUserRoles returns the roles used for authorization.
// Comes from the ExtractAPIKey handler.
func UserAuthorizationRoles(r *http.Request) database.GetAuthorizationUserRolesRow {
func AuthorizationUserRoles(r *http.Request) database.GetAuthorizationUserRolesRow {
apiKey, ok := r.Context().Value(userRolesKey{}).(database.GetAuthorizationUserRolesRow)
if !ok {
panic("developer error: user roles middleware not provided")
Expand Down
2 changes: 1 addition & 1 deletion coderd/httpmw/authorize_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ func TestExtractUserRoles(t *testing.T) {
httpmw.ExtractAPIKey(db, &httpmw.OAuth2Configs{}),
)
rtr.Get("/", func(_ http.ResponseWriter, r *http.Request) {
roles := httpmw.UserAuthorizationRoles(r)
roles := httpmw.AuthorizationUserRoles(r)
require.ElementsMatch(t, user.ID, roles.ID)
require.ElementsMatch(t, expRoles, roles.Roles)
})
Expand Down
0