synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Implement RBAC checks on /templates endpoints (#1678)

Browse Source 
* feat: Generic Filter method for rbac objects
This commit is contained in:
Steven Masley
2022-05-24 08:43:34 -05:00
committed by GitHub
parent fcd610ee7b
commit c7ca86d374
11 changed files with 221 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
coderd/authorize.go
View File

@ -12,9 +12,14 @@ import (
"github.com/coder/coder/coderd/rbac"
)
func (api *api) Authorize(rw http.ResponseWriter, r *http.Request, action rbac.Action, object rbac.Object) bool {
func AuthorizeFilter[O rbac.Objecter](api *api, r *http.Request, action rbac.Action, objects []O) []O {
roles := httpmw.UserRoles(r)
err := api.Authorizer.ByRoleName(r.Context(), roles.ID.String(), roles.Roles, action, object)
return rbac.Filter(r.Context(), api.Authorizer, roles.ID.String(), roles.Roles, action, objects)
}
func (api *api) Authorize(rw http.ResponseWriter, r *http.Request, action rbac.Action, object rbac.Objecter) bool {
roles := httpmw.UserRoles(r)
err := api.Authorizer.ByRoleName(r.Context(), roles.ID.String(), roles.Roles, action, object.RBACObject())
if err != nil {
httpapi.Write(rw, http.StatusForbidden, httpapi.Response{
Message: err.Error(),