chore: authz 'any_org' to return if at least 1 org has perms (#14009)

* chore: authz 'any_org' to return if at least 1 org has perms

Allows checking if a user can do an action in any organization,
rather than a specific one. Allows asking general questions on the
UI to determine which elements to show.

* more strict, add comments to policy
* add unit tests and extend to /authcheck api
* make field optional
This commit is contained in:
Steven Masley
2024-07-29 19:58:48 -05:00
committed by GitHub
parent b7102b39af
commit 3209c863b8
14 changed files with 196 additions and 14 deletions

View File

@ -54,6 +54,9 @@ type AuthorizationObject struct {
// are using this option, you should also set the owner ID and organization ID
// if possible. Be as specific as possible using all the fields relevant.
ResourceID string `json:"resource_id,omitempty"`
// AnyOrgOwner (optional) will disregard the org_owner when checking for permissions.
// This cannot be set to true if the OrganizationID is set.
AnyOrgOwner bool `json:"any_org,omitempty"`
}
// AuthCheck allows the authenticated user to check if they have the given permissions