Skip to content

Commit 2f0b499

Browse files
mtojekmtojek
committed
1 parent fbbbf9a commit 2f0b499

File tree

4 files changed

+21
-12
lines changed

4 files changed

+21
-12
lines changed

coderd/apidoc/docs.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -731,6 +731,7 @@ const docTemplate = `{
731731
},
732732
"definitions": {
733733
"codersdk.AuthorizationCheck": {
734+
"description": "AuthorizationCheck is used to check if the currently authenticated user (or the specified user) can do a given action to a given set of objects.",
734735
"type": "object",
735736
"properties": {
736737
"action": {
@@ -749,10 +750,11 @@ const docTemplate = `{
749750
}
750751
},
751752
"codersdk.AuthorizationObject": {
753+
"description": "AuthorizationObject can represent a \"set\" of objects, such as: all workspaces in an organization, all workspaces owned by me, all workspaces across the entire product.",
752754
"type": "object",
753755
"properties": {
754756
"organization_id": {
755-
"description": "Organization ID (optional) adds the set constraint to all resources owned by a given organization.",
757+
"description": "OrganizationID (optional) adds the set constraint to all resources owned by a given organization.",
756758
"type": "string"
757759
},
758760
"owner_id": {

coderd/apidoc/swagger.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -640,6 +640,7 @@
640640
},
641641
"definitions": {
642642
"codersdk.AuthorizationCheck": {
643+
"description": "AuthorizationCheck is used to check if the currently authenticated user (or the specified user) can do a given action to a given set of objects.",
643644
"type": "object",
644645
"properties": {
645646
"action": {
@@ -653,10 +654,11 @@
653654
}
654655
},
655656
"codersdk.AuthorizationObject": {
657+
"description": "AuthorizationObject can represent a \"set\" of objects, such as: all workspaces in an organization, all workspaces owned by me, all workspaces across the entire product.",
656658
"type": "object",
657659
"properties": {
658660
"organization_id": {
659-
"description": "Organization ID (optional) adds the set constraint to all resources owned by a given organization.",
661+
"description": "OrganizationID (optional) adds the set constraint to all resources owned by a given organization.",
660662
"type": "string"
661663
},
662664
"owner_id": {

codersdk/authorization.go

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,8 @@ type AuthorizationRequest struct {
2020
Checks map[string]AuthorizationCheck `json:"checks"`
2121
}
2222

23-
// AuthorizationCheck is used to check if the currently authenticated user (or
24-
// the specified user) can do a given action to a given set of objects.
23+
// @Description AuthorizationCheck is used to check if the currently authenticated user (or
24+
// @Description the specified user) can do a given action to a given set of objects.
2525
type AuthorizationCheck struct {
2626
// Object can represent a "set" of objects, such as:
2727
// - All workspaces in an organization
@@ -37,14 +37,15 @@ type AuthorizationCheck struct {
3737
Action string `json:"action" enums:"create,read,update,delete"`
3838
}
3939

40-
// AuthorizationObject can represent a "set" of objects, such as: all workspaces in an organization, all workspaces owned by me, all workspaces across the entire product.
40+
// @Description AuthorizationObject can represent a "set" of objects, such as: all workspaces in an organization, all workspaces owned by me,
41+
// @Description all workspaces across the entire product.
4142
type AuthorizationObject struct {
4243
// ResourceType is the name of the resource.
4344
// `./coderd/rbac/object.go` has the list of valid resource types.
4445
ResourceType string `json:"resource_type"`
4546
// OwnerID (optional) adds the set constraint to all resources owned by a given user.
4647
OwnerID string `json:"owner_id,omitempty"`
47-
// Organization ID (optional) adds the set constraint to all resources owned by a given organization.
48+
// OrganizationID (optional) adds the set constraint to all resources owned by a given organization.
4849
OrganizationID string `json:"organization_id,omitempty"`
4950
// ResourceID (optional) reduces the set to a singular resource. This assigns
5051
// a resource ID to the resource type, eg: a single workspace.

docs/api/schemas.md

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -16,12 +16,14 @@
1616
}
1717
```
1818

19+
AuthorizationCheck is used to check if the currently authenticated user (or the specified user) can do a given action to a given set of objects.
20+
1921
### Properties
2022

21-
| Name | Type | Required | Restrictions | Description |
22-
| -------- | ------------------------------------------------------------ | -------- | ------------ | ----------- |
23-
| `action` | string | false | none | none |
24-
| `object` | [codersdk.AuthorizationObject](#codersdkauthorizationobject) | false | none | none |
23+
| Name | Type | Required | Restrictions | Description |
24+
| -------- | ------------------------------------------------------------ | -------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------- |
25+
| `action` | string | false | none | none |
26+
| `object` | [codersdk.AuthorizationObject](#codersdkauthorizationobject) | false | none | Object can represent a "set" of objects, such as: all workspaces in an organization, all workspaces owned by me, all workspaces across the entire product. |
2527

2628
#### Enumerated Values
2729

@@ -43,11 +45,13 @@
4345
}
4446
```
4547

48+
AuthorizationObject can represent a "set" of objects, such as: all workspaces in an organization, all workspaces owned by me, all workspaces across the entire product.
49+
4650
### Properties
4751

4852
| Name | Type | Required | Restrictions | Description |
4953
| ----------------- | ------ | -------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
50-
| `organization_id` | string | false | none | Organization ID (optional) adds the set constraint to all resources owned by a given organization. |
54+
| `organization_id` | string | false | none | Organization id (optional) adds the set constraint to all resources owned by a given organization. |
5155
| `owner_id` | string | false | none | Owner id (optional) adds the set constraint to all resources owned by a given user. |
5256
| `resource_id` | string | false | none | Resource id (optional) reduces the set to a singular resource. This assigns<br>a resource ID to the resource type, eg: a single workspace.<br>The rbac library will not fetch the resource from the database, so if you<br>are using this option, you should also set the `OwnerID` and `OrganizationID`<br>if possible. Be as specific as possible using all the fields relevant. |
5357
| `resource_type` | string | false | none | Resource type is the name of the resource.<br>`./coderd/rbac/object.go` has the list of valid resource types. |
@@ -84,7 +88,7 @@
8488
| Name | Type | Required | Restrictions | Description |
8589
| ------------------ | ---------------------------------------------------------- | -------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
8690
| `checks` | object | false | none | Checks is a map keyed with an arbitrary string to a permission check.<br>The key can be any string that is helpful to the caller, and allows<br>multiple permission checks to be run in a single request.<br>The key ensures that each permission check has the same key in the<br>response. |
87-
| » `[any property]` | [codersdk.AuthorizationCheck](#codersdkauthorizationcheck) | false | none | none |
91+
| » `[any property]` | [codersdk.AuthorizationCheck](#codersdkauthorizationcheck) | false | none | » **additionalproperties** is used to check if the currently authenticated user (or the specified user) can do a given action to a given set of objects. |
8892

8993
## codersdk.AuthorizationResponse
9094

0 commit comments

Comments
 (0)