synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-15 22:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Return more 404s vs 403s (#2194)

Browse Source 
* feat: Return more 404s vs 403s
* Return vague 404 in all cases
This commit is contained in:
Steven Masley
2022-06-14 10:14:05 -05:00
committed by GitHub
parent dc1de58857
commit 251316751e
31 changed files with 231 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
coderd/organizations.go
View File

@ -19,9 +19,10 @@ import (
func (api *API) organization(rw http.ResponseWriter, r *http.Request) {
organization := httpmw.OrganizationParam(r)
if !api.Authorize(rw, r, rbac.ActionRead, rbac.ResourceOrganization.
if !api.Authorize(r, rbac.ActionRead, rbac.ResourceOrganization.
InOrg(organization.ID).
WithID(organization.ID.String())) {
httpapi.ResourceNotFound(rw)
return
}
@ -32,8 +33,8 @@ func (api *API) postOrganizations(rw http.ResponseWriter, r *http.Request) {
apiKey := httpmw.APIKey(r)
// Create organization uses the organization resource without an OrgID.
// This means you need the site wide permission to make a new organization.
if !api.Authorize(rw, r, rbac.ActionCreate,
rbac.ResourceOrganization) {
if !api.Authorize(r, rbac.ActionCreate, rbac.ResourceOrganization) {
httpapi.Forbidden(rw)
return
}