docs: applications and authorization (#5477)

* docs: Applications

* WIP

* WIP

* WIP

* Fix: consume

* Fix: @Description

* Fix

* Fix: s/none//g

* Fix: godoc nice

* Fix: description

* Fix: It

* Fix: code sample trim empty line

* More fixes

* Fix: br

codersdk/authorization.go

@@ -10,7 +10,7 @@ type AuthorizationResponse map[string]bool
 
 // AuthorizationRequest is a structure instead of a map because
 // go-playground/validate can only validate structs. If you attempt to pass
-// a map into 'httpapi.Read', you will get an invalid type error.
+// a map into `httpapi.Read`, you will get an invalid type error.
 type AuthorizationRequest struct {
 	// Checks is a map keyed with an arbitrary string to a permission check.
 	// The key can be any string that is helpful to the caller, and allows
@@ -20,8 +20,9 @@ type AuthorizationRequest struct {
 	Checks map[string]AuthorizationCheck `json:"checks"`
 }
 
-// AuthorizationCheck is used to check if the currently authenticated user (or
-// the specified user) can do a given action to a given set of objects.
+// AuthorizationCheck is used to check if the currently authenticated user (or the specified user) can do a given action to a given set of objects.
+//
+// @Description AuthorizationCheck is used to check if the currently authenticated user (or the specified user) can do a given action to a given set of objects.
 type AuthorizationCheck struct {
 	// Object can represent a "set" of objects, such as:
 	//	- All workspaces in an organization
@@ -34,24 +35,26 @@ type AuthorizationCheck struct {
 	// Omitting the 'OrganizationID' could produce the incorrect value, as
 	// workspaces have both `user` and `organization` owners.
 	Object AuthorizationObject `json:"object"`
-	// Action can be 'create', 'read', 'update', or 'delete'
-	Action string `json:"action"`
+	Action string              `json:"action" enums:"create,read,update,delete"`
 }
 
+// AuthorizationObject can represent a "set" of objects, such as: all workspaces in an organization, all workspaces owned by me,
+// all workspaces across the entire product.
+//
+// @Description AuthorizationObject can represent a "set" of objects, such as: all workspaces in an organization, all workspaces owned by me,
+// @Description all workspaces across the entire product.
 type AuthorizationObject struct {
 	// ResourceType is the name of the resource.
-	// './coderd/rbac/object.go' has the list of valid resource types.
+	// `./coderd/rbac/object.go` has the list of valid resource types.
 	ResourceType string `json:"resource_type"`
-	// OwnerID (optional) is a user_id. It adds the set constraint to all resources owned
-	// by a given user.
+	// OwnerID (optional) adds the set constraint to all resources owned by a given user.
 	OwnerID string `json:"owner_id,omitempty"`
-	// OrganizationID (optional) is an organization_id. It adds the set constraint to
-	// all resources owned by a given organization.
+	// OrganizationID (optional) adds the set constraint to all resources owned by a given organization.
 	OrganizationID string `json:"organization_id,omitempty"`
 	// ResourceID (optional) reduces the set to a singular resource. This assigns
 	// a resource ID to the resource type, eg: a single workspace.
 	// The rbac library will not fetch the resource from the database, so if you
-	// are using this option, you should also set the 'OwnerID' and 'OrganizationID'
+	// are using this option, you should also set the `OwnerID` and `OrganizationID`
 	// if possible. Be as specific as possible using all the fields relevant.
 	ResourceID string `json:"resource_id,omitempty"`
 }