synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Rbac more coderd endpoints, unit test to confirm (#1437)

Browse Source 
* feat: Enforce authorize call on all endpoints
- Make 'request()' exported for running custom requests
* Rbac users endpoints
* 401 -> 403
This commit is contained in:
Steven Masley
2022-05-17 13:43:19 -05:00
committed by GitHub
parent 495c87b6c3
commit 4ad5ac2d4a
40 changed files with 631 additions and 319 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
coderd/httpmw/organizationparam.go
View File

@ -63,7 +63,7 @@ func ExtractOrganizationParam(db database.Store) func(http.Handler) http.Handler
UserID: apiKey.UserID,
})
if errors.Is(err, sql.ErrNoRows) {
httpapi.Write(rw, http.StatusUnauthorized, httpapi.Response{
httpapi.Write(rw, http.StatusForbidden, httpapi.Response{
Message: "not a member of the organization",
})
return