Skip to content

Commit 89a3678

Browse files
EmyrkEmyrk
committed
PR comment fixes
- Rename authObject - Shorten 'AuthorizeByRoleName'
1 parent fdfef88 commit 89a3678

File tree

4 files changed

+18
-18
lines changed

4 files changed

+18
-18
lines changed

coderd/coderd_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -191,7 +191,7 @@ type fakeAuthorizer struct {
191191
AlwaysReturn error
192192
}
193193

194-
func (f *fakeAuthorizer) AuthorizeByRoleName(_ context.Context, subjectID string, roleNames []string, action rbac.Action, object rbac.Object) error {
194+
func (f *fakeAuthorizer) ByRoleName(_ context.Context, subjectID string, roleNames []string, action rbac.Action, object rbac.Object) error {
195195
f.Called = &authCall{
196196
SubjectID: subjectID,
197197
Roles: roleNames,

coderd/httpmw/authorize.go

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ import (
1313
"github.com/coder/coder/coderd/rbac"
1414
)
1515

16-
// Authorize will enforce if the user roles can complete the action on the AuthObject.
16+
// Authorize will enforce if the user roles can complete the action on the RBACObject.
1717
// The organization and owner are found using the ExtractOrganization and
1818
// ExtractUser middleware if present.
1919
func Authorize(logger slog.Logger, auth rbac.Authorizer, actions ...rbac.Action) func(http.Handler) http.Handler {
@@ -51,7 +51,7 @@ func Authorize(logger slog.Logger, auth rbac.Authorizer, actions ...rbac.Action)
5151
}
5252

5353
for _, action := range actions {
54-
err := auth.AuthorizeByRoleName(r.Context(), roles.ID.String(), roles.Roles, action, object)
54+
err := auth.ByRoleName(r.Context(), roles.ID.String(), roles.Roles, action, object)
5555
if err != nil {
5656
internalError := new(rbac.UnauthorizedError)
5757
if xerrors.As(err, internalError) {
@@ -80,15 +80,15 @@ func Authorize(logger slog.Logger, auth rbac.Authorizer, actions ...rbac.Action)
8080

8181
type authObjectKey struct{}
8282

83-
type AuthObject struct {
83+
type RBACObject struct {
8484
Object rbac.Object
8585

8686
WithOwner func(r *http.Request) uuid.UUID
8787
}
8888

8989
// APIKey returns the API key from the ExtractAPIKey handler.
90-
func rbacObject(r *http.Request) AuthObject {
91-
obj, ok := r.Context().Value(authObjectKey{}).(AuthObject)
90+
func rbacObject(r *http.Request) RBACObject {
91+
obj, ok := r.Context().Value(authObjectKey{}).(RBACObject)
9292
if !ok {
9393
panic("developer error: auth object middleware not provided")
9494
}
@@ -107,11 +107,11 @@ func WithAPIKeyAsOwner() func(http.Handler) http.Handler {
107107
func WithOwner(withOwner func(r *http.Request) uuid.UUID) func(http.Handler) http.Handler {
108108
return func(next http.Handler) http.Handler {
109109
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
110-
obj, ok := r.Context().Value(authObjectKey{}).(AuthObject)
110+
obj, ok := r.Context().Value(authObjectKey{}).(RBACObject)
111111
if ok {
112112
obj.WithOwner = withOwner
113113
} else {
114-
obj = AuthObject{WithOwner: withOwner}
114+
obj = RBACObject{WithOwner: withOwner}
115115
}
116116

117117
ctx := context.WithValue(r.Context(), authObjectKey{}, obj)
@@ -125,11 +125,11 @@ func WithOwner(withOwner func(r *http.Request) uuid.UUID) func(http.Handler) htt
125125
func WithRBACObject(object rbac.Object) func(http.Handler) http.Handler {
126126
return func(next http.Handler) http.Handler {
127127
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
128-
obj, ok := r.Context().Value(authObjectKey{}).(AuthObject)
128+
obj, ok := r.Context().Value(authObjectKey{}).(RBACObject)
129129
if ok {
130130
obj.Object = object
131131
} else {
132-
obj = AuthObject{Object: object}
132+
obj = RBACObject{Object: object}
133133
}
134134

135135
ctx := context.WithValue(r.Context(), authObjectKey{}, obj)

coderd/rbac/authz.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ import (
1010
)
1111

1212
type Authorizer interface {
13-
AuthorizeByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error
13+
ByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error
1414
}
1515

1616
// RegoAuthorizer will use a prepared rego query for performing authorize()
@@ -42,10 +42,10 @@ type authSubject struct {
4242
Roles []Role `json:"roles"`
4343
}
4444

45-
// AuthorizeByRoleName will expand all roleNames into roles before calling Authorize().
45+
// ByRoleName will expand all roleNames into roles before calling Authorize().
4646
// This is the function intended to be used outside this package.
4747
// The role is fetched from the builtin map located in memory.
48-
func (a RegoAuthorizer) AuthorizeByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error {
48+
func (a RegoAuthorizer) ByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error {
4949
roles := make([]Role, 0, len(roleNames))
5050
for _, n := range roleNames {
5151
r, err := RoleByName(n)

coderd/users.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -408,7 +408,7 @@ func (api *api) putUserRoles(rw http.ResponseWriter, r *http.Request) {
408408
// Assigning a role requires the create permission. The middleware checks if
409409
// we can update this user, so the combination of the 2 permissions enables
410410
// assigning new roles.
411-
err := api.Authorizer.AuthorizeByRoleName(r.Context(), roles.ID.String(), roles.Roles,
411+
err := api.Authorizer.ByRoleName(r.Context(), roles.ID.String(), roles.Roles,
412412
rbac.ActionCreate, rbac.ResourceUserRole.WithID(roleName))
413413
if err != nil {
414414
httpapi.Write(rw, http.StatusUnauthorized, httpapi.Response{
@@ -420,7 +420,7 @@ func (api *api) putUserRoles(rw http.ResponseWriter, r *http.Request) {
420420

421421
// Any roles that were removed also need to be checked.
422422
for roleName := range has {
423-
err := api.Authorizer.AuthorizeByRoleName(r.Context(), roles.ID.String(), roles.Roles,
423+
err := api.Authorizer.ByRoleName(r.Context(), roles.ID.String(), roles.Roles,
424424
rbac.ActionDelete, rbac.ResourceUserRole.WithID(roleName))
425425
if err != nil {
426426
httpapi.Write(rw, http.StatusUnauthorized, httpapi.Response{
@@ -490,7 +490,7 @@ func (api *api) organizationsByUser(rw http.ResponseWriter, r *http.Request) {
490490

491491
publicOrganizations := make([]codersdk.Organization, 0, len(organizations))
492492
for _, organization := range organizations {
493-
err := api.Authorizer.AuthorizeByRoleName(r.Context(), roles.ID.String(), roles.Roles, rbac.ActionRead,
493+
err := api.Authorizer.ByRoleName(r.Context(), roles.ID.String(), roles.Roles, rbac.ActionRead,
494494
rbac.ResourceOrganization.
495495
WithID(organization.ID.String()).
496496
InOrg(organization.ID),
@@ -522,7 +522,7 @@ func (api *api) organizationByUserAndName(rw http.ResponseWriter, r *http.Reques
522522
return
523523
}
524524

525-
err = api.Authorizer.AuthorizeByRoleName(r.Context(), roles.ID.String(), roles.Roles, rbac.ActionRead,
525+
err = api.Authorizer.ByRoleName(r.Context(), roles.ID.String(), roles.Roles, rbac.ActionRead,
526526
rbac.ResourceOrganization.
527527
InOrg(organization.ID).
528528
WithID(organization.ID.String()),
@@ -825,7 +825,7 @@ func (api *api) workspacesByUser(rw http.ResponseWriter, r *http.Request) {
825825
}
826826
organizationIDs := make([]uuid.UUID, 0)
827827
for _, organization := range organizations {
828-
err = api.Authorizer.AuthorizeByRoleName(r.Context(), user.ID.String(), roles.Roles, rbac.ActionRead, rbac.ResourceWorkspace.All().InOrg(organization.ID))
828+
err = api.Authorizer.ByRoleName(r.Context(), user.ID.String(), roles.Roles, rbac.ActionRead, rbac.ResourceWorkspace.All().InOrg(organization.ID))
829829
var apiErr *rbac.UnauthorizedError
830830
if xerrors.As(err, &apiErr) {
831831
continue

0 commit comments

Comments
 (0)