Skip to content

Commit 2cf0fb2

Browse files
EmyrkEmyrk
committed
Consolidate files
1 parent 924ef9c commit 2cf0fb2

File tree

3 files changed

+40
-49
lines changed

3 files changed

+40
-49
lines changed

coderd/database/dbauthz/context.go

Lines changed: 0 additions & 35 deletions
This file was deleted.

coderd/database/dbauthz/dbauthz.go

Lines changed: 27 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,14 @@ import (
44
"context"
55
"database/sql"
66
"fmt"
7-
"time"
87

98
"golang.org/x/xerrors"
109

1110
"cdr.dev/slog"
1211

1312
"github.com/coder/coder/coderd/database"
1413
"github.com/coder/coder/coderd/rbac"
14+
"github.com/google/uuid"
1515
)
1616

1717
var _ database.Store = (*AuthzQuerier)(nil)
@@ -75,19 +75,6 @@ func New(db database.Store, authorizer rbac.Authorizer, logger slog.Logger) *Aut
7575
}
7676
}
7777

78-
func (q *AuthzQuerier) Ping(ctx context.Context) (time.Duration, error) {
79-
return q.db.Ping(ctx)
80-
}
81-
82-
// InTx runs the given function in a transaction.
83-
func (q *AuthzQuerier) InTx(function func(querier database.Store) error, txOpts *sql.TxOptions) error {
84-
return q.db.InTx(func(tx database.Store) error {
85-
// Wrap the transaction store in an AuthzQuerier.
86-
wrapped := New(tx, q.auth, q.log)
87-
return function(wrapped)
88-
}, txOpts)
89-
}
90-
9178
// authorizeContext is a helper function to authorize an action on an object.
9279
func (q *AuthzQuerier) authorizeContext(ctx context.Context, action rbac.Action, object rbac.Objecter) error {
9380
act, ok := ActorFromContext(ctx)
@@ -102,6 +89,32 @@ func (q *AuthzQuerier) authorizeContext(ctx context.Context, action rbac.Action,
10289
return nil
10390
}
10491

92+
type authContextKey struct{}
93+
94+
// ActorFromContext returns the authorization subject from the context.
95+
// All authentication flows should set the authorization subject in the context.
96+
// If no actor is present, the function returns false.
97+
func ActorFromContext(ctx context.Context) (rbac.Subject, bool) {
98+
a, ok := ctx.Value(authContextKey{}).(rbac.Subject)
99+
return a, ok
100+
}
101+
102+
func WithAuthorizeContext(ctx context.Context, actor rbac.Subject) context.Context {
103+
return context.WithValue(ctx, authContextKey{}, actor)
104+
}
105+
106+
func WithAuthorizeSystemContext(ctx context.Context, roles rbac.ExpandableRoles) context.Context {
107+
// TODO: Add protections to search for user roles. If user roles are found,
108+
// this should panic. That is a developer error that should be caught
109+
// in unit tests.
110+
return context.WithValue(ctx, authContextKey{}, rbac.Subject{
111+
ID: uuid.Nil.String(),
112+
Roles: roles,
113+
Scope: rbac.ScopeAll,
114+
Groups: []string{},
115+
})
116+
}
117+
105118
//
106119
// Generic functions used to implement the database.Store methods.
107120
//

coderd/database/dbauthz/methods.go

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,19 @@ import (
1515
"github.com/google/uuid"
1616
)
1717

18+
func (q *AuthzQuerier) Ping(ctx context.Context) (time.Duration, error) {
19+
return q.db.Ping(ctx)
20+
}
21+
22+
// InTx runs the given function in a transaction.
23+
func (q *AuthzQuerier) InTx(function func(querier database.Store) error, txOpts *sql.TxOptions) error {
24+
return q.db.InTx(func(tx database.Store) error {
25+
// Wrap the transaction store in an AuthzQuerier.
26+
wrapped := New(tx, q.auth, q.log)
27+
return function(wrapped)
28+
}, txOpts)
29+
}
30+
1831
func (q *AuthzQuerier) DeleteAPIKeyByID(ctx context.Context, id string) error {
1932
return deleteQ(q.log, q.auth, q.db.GetAPIKeyByID, q.db.DeleteAPIKeyByID)(ctx, id)
2033
}

0 commit comments

Comments
 (0)