feat: Dbauthz is now default, remove out of experimental (#6650)

* feat: dbauthz always on, out of experimental
* Add ability to do rbac checks in unit tests
* Remove AuthorizeAllEndpoints
* Remove duplicate rbac checks
This commit is contained in:
Steven Masley
2023-03-21 09:10:22 -05:00
committed by GitHub
parent 8aae0b64d3
commit 2321160c62
37 changed files with 334 additions and 1271 deletions

View File

@ -1068,7 +1068,11 @@ func (q *querier) UpdateUserHashedPassword(ctx context.Context, arg database.Upd
err = q.authorizeContext(ctx, rbac.ActionUpdate, user.UserDataRBACObject())
if err != nil {
return err
// Admins can update passwords for other users.
err = q.authorizeContext(ctx, rbac.ActionUpdate, user.RBACObject())
if err != nil {
return err
}
}
return q.db.UpdateUserHashedPassword(ctx, arg)