@@ -64,13 +64,8 @@ func (api *API) Authorize(r *http.Request, action rbac.Action, object rbac.Objec
6464// return
6565// }
6666func (h * HTTPAuthorizer ) Authorize (r * http.Request , action rbac.Action , object rbac.Objecter ) bool {
67- authz , ok := httpmw .Actor (r )
68- if ! ok {
69- // No authorization object.
70- return false
71- }
72-
73- err := h .Authorizer .Authorize (r .Context (), authz .Actor , action , object .RBACObject ())
67+ roles := httpmw .UserAuthorization (r )
68+ err := h .Authorizer .Authorize (r .Context (), roles .Actor , action , object .RBACObject ())
7469 if err != nil {
7570 // Log the errors for debugging
7671 internalError := new (rbac.UnauthorizedError )
@@ -81,10 +76,10 @@ func (h *HTTPAuthorizer) Authorize(r *http.Request, action rbac.Action, object r
8176 // Log information for debugging. This will be very helpful
8277 // in the early days
8378 logger .Warn (r .Context (), "unauthorized" ,
84- slog .F ("roles" , authz .Actor .SafeRoleNames ()),
85- slog .F ("actor_id" , authz .Actor .ID ),
86- slog .F ("actor_name" , authz .ActorName ),
87- slog .F ("scope" , authz .Actor .SafeScopeName ()),
79+ slog .F ("roles" , roles .Actor .SafeRoleNames ()),
80+ slog .F ("actor_id" , roles .Actor .ID ),
81+ slog .F ("actor_name" , roles .ActorName ),
82+ slog .F ("scope" , roles .Actor .SafeScopeName ()),
8883 slog .F ("route" , r .URL .Path ),
8984 slog .F ("action" , action ),
9085 slog .F ("object" , object ),
0 commit comments