synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-15 22:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Fix nil-pointer deref on checkAuthorization (#5236)

Browse Source 
Remove call to `err.Error()` on a `nil` error in `checkAuthorization`.
This commit is contained in:
Mathias Fredriksson
2022-12-01 20:42:10 +02:00
committed by GitHub
parent f77a445bfe
commit 2ec3b09ca7
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
coderd/authorize.go
View File

@ -192,9 +192,10 @@ func (api *API) checkAuthorization(rw http.ResponseWriter, r *http.Request) {
case rbac.ResourceGroup.Type: case rbac.ResourceGroup.Type:
dbObj, dbErr = api.Database.GetGroupByID(ctx, id) dbObj, dbErr = api.Database.GetGroupByID(ctx, id)
default: default:
msg := fmt.Sprintf("Object type %q does not support \"resource_id\" field.", v.Object.ResourceType)
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: fmt.Sprintf("Object type %q does not support \"resource_id\" field.", v.Object.ResourceType), Message: msg,
Validations: []codersdk.ValidationError{{Field: "resource_type", Detail: err.Error()}}, Validations: []codersdk.ValidationError{{Field: "resource_type", Detail: msg}},
}) })
return return
} }
@ -206,7 +207,7 @@ func (api *API) checkAuthorization(rw http.ResponseWriter, r *http.Request) {
obj = dbObj.RBACObject() obj = dbObj.RBACObject()
} }
err := api.Authorizer.ByRoleName(r.Context(), auth.ID.String(), auth.Roles, auth.Scope.ToRBAC(), auth.Groups, rbac.Action(v.Action), obj) err := api.Authorizer.ByRoleName(ctx, auth.ID.String(), auth.Roles, auth.Scope.ToRBAC(), auth.Groups, rbac.Action(v.Action), obj)
response[k] = err == nil response[k] = err == nil
} }