8000 docs: applications and authorization by mtojek · Pull Request #5477 · coder/coder · GitHub
[go: up one dir, main page]
Skip to content

docs: applications and authorization #5477

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Dec 21, 2022
Merged

docs: applications and authorization #5477

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
ffc1748
docs: Applications
mtojek Dec 20, 2022
d259c05
WIP
mtojek Dec 20, 2022
a26eac5
WIP
mtojek Dec 20, 2022
9950d35
WIP
mtojek Dec 20, 2022
fbbbf9a
Fix: consume
mtojek Dec 20, 2022
2f0b499
Fix: @Description
mtojek Dec 20, 2022
e5a4618
Fix
mtojek Dec 20, 2022
7c9002f
Merge branch 'main' into 3522-document-more-methods
mtojek Dec 20, 2022
e8286f6
Fix: s/none//g
mtojek Dec 21, 2022
60e0f27
Fix: godoc nice
mtojek Dec 21, 2022
74de5d4
Fix: description
mtojek Dec 21, 2022
095a463
Fix: It
mtojek Dec 21, 2022
4719a18
Fix: code sample trim empty line
mtojek Dec 21, 2022
8000
ef213ac
More fixes
mtojek Dec 21, 2022
12d904a
Fix: br
mtojek Dec 21, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Fix: @description
  • Loading branch information
@mtojek
mtojek committed Dec 20, 2022
commit 2f0b499e0a07a6a95eeba5c9eb8fe4df9f89444a
4 changes: 3 additions & 1 deletion coderd/apidoc/docs.go
View file
Open 8000 in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -731,6 +731,7 @@ const docTemplate = `{
},
"definitions": {
"codersdk.AuthorizationCheck": {
"description": "AuthorizationCheck is used to check if the currently authenticated user (or the specified user) can do a given action to a given set of objects.",
"type": "object",
"properties": {
"action": {
Expand All @@ -749,10 +750,11 @@ const docTemplate = `{
}
},
"codersdk.AuthorizationObject": {
"description": "AuthorizationObject can represent a \"set\" of objects, such as: all workspaces in an organization, all workspaces owned by me, all workspaces across the entire product.",
"type": "object",
"properties": {
"organization_id": {
"description": "Organization ID (optional) adds the set constraint to all resources owned by a given organization.",
"description": "OrganizationID (optional) adds the set constraint to all resources owned by a given organization.",
"type": "string"
},
"owner_id": {
Expand Down
4 changes: 3 additions & 1 deletion coderd/apidoc/swagger.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -640,6 +640,7 @@
},
"definitions": {
"codersdk.AuthorizationCheck": {
"description": "AuthorizationCheck is used to check if the currently authenticated user (or the specified user) can do a given action to a given set of objects.",
"type": "object",
"properties": {
"action": {
Expand All @@ -653,10 +654,11 @@
}
},
"codersdk.AuthorizationObject": {
"description": "AuthorizationObject can represent a \"set\" of objects, such as: all workspaces in an organization, all workspaces owned by me, all workspaces across the entire product.",
"type": "object",
"properties": {
"organization_id": {
"description": "Organization ID (optional) adds the set constraint to all resources owned by a given organization.",
"description": "OrganizationID (optional) adds the set constraint to all resources owned by a given organization.",
"type": "string"
},
"owner_id": {
Expand Down
9 changes: 5 additions & 4 deletions codersdk/authorization.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ type AuthorizationRequest struct {
Checks map[string]AuthorizationCheck `json:"checks"`
}

// AuthorizationCheck is used to check if the currently authenticated user (or
// the specified user) can do a given action to a given set of objects.
// @Description AuthorizationCheck is used to check if the currently authenticated user (or
// @Description the specified user) can do a given action to a given set of objects.
type AuthorizationCheck struct {
// Object can represent a "set" of objects, such as:
// - All workspaces in an organization
Expand All @@ -37,14 +37,15 @@ type AuthorizationCheck struct {
Action string `json:"action" enums:"create,read,update,delete"`
}

// AuthorizationObject can represent a "set" of objects, such as: all workspaces in an organization, all workspaces owned by me, all workspaces across the entire product.
// @Description AuthorizationObject can represent a "set" of objects, such as: all workspaces in an organization, all workspaces owned by me,
// @Description all workspaces across the entire product.
type AuthorizationObject struct {
// ResourceType is the name of the resource.
// `./coderd/rbac/object.go` has the list of valid resource types.
ResourceType string `json:"resource_type"`
// OwnerID (optional) adds the set constraint to all resources owned by a given user.
OwnerID string `json:"owner_id,omitempty"`
// Organization ID (optional) adds the set constraint to all resources owned by a given organization.
// OrganizationID (optional) adds the set constraint to all resources owned by a given organization.
OrganizationID string `json:"organization_id,omitempty"`
// ResourceID (optional) reduces the set to a singular resource. This assigns
// a resource ID to the resource type, eg: a single workspace.
Expand Down
16 changes: 10 additions & 6 deletions docs/api/schemas.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,14 @@
}
```

AuthorizationCheck is used to check if the currently authenticated user (or the specified user) can do a given action to a given set of objects.

### Properties

| Name | Type | Required | Restrictions | Description |
| -------- | ------------------------------------------------------------ | -------- | ------------ | ----------- |
| `action` | string | false | none | none |
| `object` | [codersdk.AuthorizationObject](#codersdkauthorizationobject) | false | none | none |
| Name | Type | Required | Restrictions | Description |
| -------- | ------------------------------------------------------------ | -------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `action` | string | false | none | none |
| `object` | [codersdk.AuthorizationObject](#codersdkauthorizationobject) | false | none | Object can represent a "set" of objects, such as: all workspaces in an organization, all workspaces owned by me, all workspaces across the entire product. |

#### Enumerated Values

Expand All @@ -43,11 +45,13 @@
}
```

AuthorizationObject can represent a "set" of objects, such as: all workspaces in an organization, all workspaces owned by me, all workspaces across the entire product.

### Properties

| Name | Type | Required | Restrictions | Description |
| ----------------- | ------ | -------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `organization_id` | string | false | none | Organization ID (optional) adds the set const 9F8E raint to all resources owned by a given organization. |
| `organization_id` | string | false | none | Organization id (optional) adds the set constraint to all resources owned by a given organization. |
| `owner_id` | string | false | none | Owner id (optional) adds the set constraint to all resources owned by a given user. |
| `resource_id` | string | false | none | Resource id (optional) reduces the set to a singular resource. This assigns<br>a resource ID to the resource type, eg: a single workspace.<br>The rbac library will not fetch the resource from the database, so if you<br>are using this option, you should also set the `OwnerID` and `OrganizationID`<br>if possible. Be as specific as possible using all the fields relevant. |
| `resource_type` | string | false | none | Resource type is the name of the resource.<br>`./coderd/rbac/object.go` has the list of valid resource types. |
Expand Down Expand Up @@ -84,7 +88,7 @@
| Name | Type | Required | Restrictions | Description |
| ------------------ | ---------------------------------------------------------- | -------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `checks` | object | false | none | Checks is a map keyed with an arbitrary string to a permission check.<br>The key can be any string that is helpful to the caller, and allows<br>multiple permission checks to be run in a single request.<br>The key ensures that each permission check has the same key in the<br>response. |
| » `[any property]` | [codersdk.AuthorizationCheck](#codersdkauthorizationcheck) | false | none | none |
| » `[any property]` | [codersdk.AuthorizationCheck](#codersdkauthorizationcheck) | false | none | » **additionalproperties** is used to check if the currently authenticated user (or the specified user) can do a given action to a given set of objects. |

## codersdk.AuthorizationResponse

Expand Down
0