PR comment fixes

Emyrk · Emyrk · commit 89a367890c41 · 2022-05-12T12:29:45.000-05:00
- Rename authObject
- Shorten 'AuthorizeByRoleName'
diff --git a/coderd/coderd_test.go b/coderd/coderd_test.go
@@ -191,7 +191,7 @@ type fakeAuthorizer struct {
 	AlwaysReturn error
 }
 
-func (f *fakeAuthorizer) AuthorizeByRoleName(_ context.Context, subjectID string, roleNames []string, action rbac.Action, object rbac.Object) error {
+func (f *fakeAuthorizer) ByRoleName(_ context.Context, subjectID string, roleNames []string, action rbac.Action, object rbac.Object) error {
 	f.Called = &authCall{
 		SubjectID: subjectID,
 		Roles:     roleNames,
diff --git a/coderd/httpmw/authorize.go b/coderd/httpmw/authorize.go
@@ -13,7 +13,7 @@ import (
 	"github.com/coder/coder/coderd/rbac"
 )
 
-// Authorize will enforce if the user roles can complete the action on the AuthObject.
+// Authorize will enforce if the user roles can complete the action on the RBACObject.
 // The organization and owner are found using the ExtractOrganization and
 // ExtractUser middleware if present.
 func Authorize(logger slog.Logger, auth rbac.Authorizer, actions ...rbac.Action) func(http.Handler) http.Handler {
@@ -51,7 +51,7 @@ func Authorize(logger slog.Logger, auth rbac.Authorizer, actions ...rbac.Action)
 			}
 
 			for _, action := range actions {
-				err := auth.AuthorizeByRoleName(r.Context(), roles.ID.String(), roles.Roles, action, object)
+				err := auth.ByRoleName(r.Context(), roles.ID.String(), roles.Roles, action, object)
 				if err != nil {
 					internalError := new(rbac.UnauthorizedError)
 					if xerrors.As(err, internalError) {
@@ -80,15 +80,15 @@ func Authorize(logger slog.Logger, auth rbac.Authorizer, actions ...rbac.Action)
 
 type authObjectKey struct{}
 
-type AuthObject struct {
+type RBACObject struct {
 	Object rbac.Object
 
 	WithOwner func(r *http.Request) uuid.UUID
 }
 
 // APIKey returns the API key from the ExtractAPIKey handler.
-func rbacObject(r *http.Request) AuthObject {
-	obj, ok := r.Context().Value(authObjectKey{}).(AuthObject)
+func rbacObject(r *http.Request) RBACObject {
+	obj, ok := r.Context().Value(authObjectKey{}).(RBACObject)
 	if !ok {
 		panic("developer error: auth object middleware not provided")
 	}
@@ -107,11 +107,11 @@ func WithAPIKeyAsOwner() func(http.Handler) http.Handler {
 func WithOwner(withOwner func(r *http.Request) uuid.UUID) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
-			obj, ok := r.Context().Value(authObjectKey{}).(AuthObject)
+			obj, ok := r.Context().Value(authObjectKey{}).(RBACObject)
 			if ok {
 				obj.WithOwner = withOwner
 			} else {
-				obj = AuthObject{WithOwner: withOwner}
+				obj = RBACObject{WithOwner: withOwner}
 			}
 
 			ctx := context.WithValue(r.Context(), authObjectKey{}, obj)
@@ -125,11 +125,11 @@ func WithOwner(withOwner func(r *http.Request) uuid.UUID) func(http.Handler) htt
 func WithRBACObject(object rbac.Object) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
-			obj, ok := r.Context().Value(authObjectKey{}).(AuthObject)
+			obj, ok := r.Context().Value(authObjectKey{}).(RBACObject)
 			if ok {
 				obj.Object = object
 			} else {
-				obj = AuthObject{Object: object}
+				obj = RBACObject{Object: object}
 			}
 
 			ctx := context.WithValue(r.Context(), authObjectKey{}, obj)
diff --git a/coderd/rbac/authz.go b/coderd/rbac/authz.go
@@ -10,7 +10,7 @@ import (
 )
 
 type Authorizer interface {
-	AuthorizeByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error
+	ByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error
 }
 
 // RegoAuthorizer will use a prepared rego query for performing authorize()
@@ -42,10 +42,10 @@ type authSubject struct {
 	Roles []Role `json:"roles"`
 }
 
-// AuthorizeByRoleName will expand all roleNames into roles before calling Authorize().
+// ByRoleName will expand all roleNames into roles before calling Authorize().
 // This is the function intended to be used outside this package.
 // The role is fetched from the builtin map located in memory.
-func (a RegoAuthorizer) AuthorizeByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error {
+func (a RegoAuthorizer) ByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error {
 	roles := make([]Role, 0, len(roleNames))
 	for _, n := range roleNames {
 		r, err := RoleByName(n)
diff --git a/coderd/users.go b/coderd/users.go
@@ -408,7 +408,7 @@ func (api *api) putUserRoles(rw http.ResponseWriter, r *http.Request) {
 		// Assigning a role requires the create permission. The middleware checks if
 		// we can update this user, so the combination of the 2 permissions enables
 		// assigning new roles.
-		err := api.Authorizer.AuthorizeByRoleName(r.Context(), roles.ID.String(), roles.Roles,
+		err := api.Authorizer.ByRoleName(r.Context(), roles.ID.String(), roles.Roles,
 			rbac.ActionCreate, rbac.ResourceUserRole.WithID(roleName))
 		if err != nil {
 			httpapi.Write(rw, http.StatusUnauthorized, httpapi.Response{
@@ -420,7 +420,7 @@ func (api *api) putUserRoles(rw http.ResponseWriter, r *http.Request) {
 
 	// Any roles that were removed also need to be checked.
 	for roleName := range has {
-		err := api.Authorizer.AuthorizeByRoleName(r.Context(), roles.ID.String(), roles.Roles,
+		err := api.Authorizer.ByRoleName(r.Context(), roles.ID.String(), roles.Roles,
 			rbac.ActionDelete, rbac.ResourceUserRole.WithID(roleName))
 		if err != nil {
 			httpapi.Write(rw, http.StatusUnauthorized, httpapi.Response{
@@ -490,7 +490,7 @@ func (api *api) organizationsByUser(rw http.ResponseWriter, r *http.Request) {
 
 	publicOrganizations := make([]codersdk.Organization, 0, len(organizations))
 	for _, organization := range organizations {
-		err := api.Authorizer.AuthorizeByRoleName(r.Context(), roles.ID.String(), roles.Roles, rbac.ActionRead,
+		err := api.Authorizer.ByRoleName(r.Context(), roles.ID.String(), roles.Roles, rbac.ActionRead,
 			rbac.ResourceOrganization.
 				WithID(organization.ID.String()).
 				InOrg(organization.ID),
@@ -522,7 +522,7 @@ func (api *api) organizationByUserAndName(rw http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	err = api.Authorizer.AuthorizeByRoleName(r.Context(), roles.ID.String(), roles.Roles, rbac.ActionRead,
+	err = api.Authorizer.ByRoleName(r.Context(), roles.ID.String(), roles.Roles, rbac.ActionRead,
 		rbac.ResourceOrganization.
 			InOrg(organization.ID).
 			WithID(organization.ID.String()),
@@ -825,7 +825,7 @@ func (api *api) workspacesByUser(rw http.ResponseWriter, r *http.Request) {
 	}
 	organizationIDs := make([]uuid.UUID, 0)
 	for _, organization := range organizations {
-		err = api.Authorizer.AuthorizeByRoleName(r.Context(), user.ID.String(), roles.Roles, rbac.ActionRead, rbac.ResourceWorkspace.All().InOrg(organization.ID))
+		err = api.Authorizer.ByRoleName(r.Context(), user.ID.String(), roles.Roles, rbac.ActionRead, rbac.ResourceWorkspace.All().InOrg(organization.ID))
 		var apiErr *rbac.UnauthorizedError
 		if xerrors.As(err, &apiErr) {
 			continue

Original file line number	Diff line number	Diff line change
`@@ -191,7 +191,7 @@ type fakeAuthorizer struct {`
`191`	`191`	`AlwaysReturn error`
`192`	`192`	`}`
`193`	`193`
`194`		`-func (f *fakeAuthorizer) AuthorizeByRoleName(_ context.Context, subjectID string, roleNames []string, action rbac.Action, object rbac.Object) error {`
	`194`	`+func (f *fakeAuthorizer) ByRoleName(_ context.Context, subjectID string, roleNames []string, action rbac.Action, object rbac.Object) error {`
`195`	`195`	`f.Called = &authCall{`
`196`	`196`	`SubjectID: subjectID,`
`197`	`197`	`Roles: roleNames,`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ import (`
`10`	`10`	`)`
`11`	`11`
`12`	`12`	`type Authorizer interface {`
`13`		`- AuthorizeByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error`
	`13`	`+ ByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`// RegoAuthorizer will use a prepared rego query for performing authorize()`
`@@ -42,10 +42,10 @@ type authSubject struct {`
`42`	`42`	Roles []Role `json:"roles"`
`43`	`43`	`}`
`44`	`44`
`45`		`-// AuthorizeByRoleName will expand all roleNames into roles before calling Authorize().`
	`45`	`+// ByRoleName will expand all roleNames into roles before calling Authorize().`
`46`	`46`	`// This is the function intended to be used outside this package.`
`47`	`47`	`// The role is fetched from the builtin map located in memory.`
`48`		`-func (a RegoAuthorizer) AuthorizeByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error {`
	`48`	`+func (a RegoAuthorizer) ByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error {`
`49`	`49`	`roles := make([]Role, 0, len(roleNames))`
`50`	`50`	`for _, n := range roleNames {`
`51`	`51`	`r, err := RoleByName(n)`