synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-06 15:41:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
57bb1084651392dc61809ea5c64d2aa04076526c
coder/coderd/rbac/error.go
Steven Masley 770c567123 feat: Add RBAC package for managing user permissions (#929) 
This PR adds an RBAC package for managing using permissions:
- The top-level `authz.Authorize` function is the main user-facing entrypoint to the package.
- Actual permission evaluation is handled in `policy.rego`.
- Unit tests for `authz.Authorize` are in `authz_test.go`
- Documentation for the package is in `README.md`.

Co-authored-by: Cian Johnston <cian@coder.com>
2022-04-13 08:35:35 -05:00

53 lines
1.5 KiB
Go
Raw Blame History

package rbac
import "github.com/open-policy-agent/opa/rego"
const (
// errUnauthorized is the error message that should be returned to
// clients when an action is forbidden. It is intentionally vague to prevent
// disclosing information that a client should not have access to.
errUnauthorized = "unauthorized"
)
// UnauthorizedError is the error type for authorization errors
type UnauthorizedError struct {
// internal is the internal error that should never be shown to the client.
// It is only for debugging purposes.
internal error
input map[string]interface{}
output rego.ResultSet
}
// ForbiddenWithInternal creates a new error that will return a simple
// "forbidden" to the client, logging internally the more detailed message
// provided.
func ForbiddenWithInternal(internal error, input map[string]interface{}, output rego.ResultSet) *UnauthorizedError {
if input == nil {
input = map[string]interface{}{}
}
return &UnauthorizedError{
internal: internal,
input: input,
output: output,
}
}
// Error implements the error interface.
func (UnauthorizedError) Error() string {
return errUnauthorized
}
// Internal allows the internal error message to be logged.
func (e *UnauthorizedError) Internal() error {
return e.internal
}
func (e *UnauthorizedError) Input() map[string]interface{} {
return e.input
}
// Output contains the results of the Rego query for debugging.
func (e *UnauthorizedError) Output() rego.ResultSet {
return e.output
}
Reference in New Issue View Git Blame Copy Permalink