Merge branch 'main' of github.com:/coder/coder into dk/prebuilds

2025-07-06 15:41:45 +00:00 · 2025-02-20 14:57:50 +00:00
parent 4d97580666 54b09d9878
commit d1b159ad12
80 changed files with 3033 additions and 1920 deletions
--- a/coderd/coderd.go
+++ b/coderd/coderd.go
@ -933,6 +933,25 @@ func New(options *Options) *API {
 		r.Route("/audit", func(r chi.Router) {
 			r.Use(
 				apiKeyMiddleware,
+				// This middleware only checks the site and orgs for the audit_log read
+				// permission.
+				// In the future if it makes sense to have this permission on the user as
+				// well we will need to update this middleware to include that check.
+				func(next http.Handler) http.Handler {
+					return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+						if api.Authorize(r, policy.ActionRead, rbac.ResourceAuditLog) {
+							next.ServeHTTP(rw, r)
+							return
+						}
+
+						if api.Authorize(r, policy.ActionRead, rbac.ResourceAuditLog.AnyOrganization()) {
+							next.ServeHTTP(rw, r)
+							return
+						}
+
+						httpapi.Forbidden(rw)
+					})
+				},
 			)

 			r.Get("/", api.auditLogs)