"description": "Action can be ` + "`" + `create` + "`" + `, ` + "`" + `read` + "`" + `, ` + "`" + `update` + "`" + `, or ` + "`" + `delete` + "`" + `",

"description": "Object can represent a \"set\" of objects, such as:\n\t- All workspaces in an organization\n\t- All workspaces owned by me\n\t- All workspaces across the entire product\nWhen defining an object, use the most specific language when possible to\nproduce the smallest set. Meaning to set as many fields on 'Object' as\nyou can. Example, if you want to check if you can update all workspaces\nowned by 'me', try to also add an 'OrganizationID' to the settings.\nOmitting the 'OrganizationID' could produce the incorrect value, as\nworkspaces have both ` + "`" + `user` + "`" + ` and ` + "`" + `organization` + "`" + ` owners.",

"description": "ResourceType is the name of the resource.\n` + "`" + `./coderd/rbac/object.go` + "`" + ` has the list of valid resource types.",

"/authcheck": {

"post": {

"security": [

{

"CoderSessionToken": []

}

],

"produces": ["application/json"],

"tags": ["Authorization"],

"summary": "Check authorization",

"operationId": "check-authorization",

"parameters": [

{

"description": "Authorization request",

"name": "request",

"in": "body",

"required": true,

"schema": {

"$ref": "#/definitions/codersdk.AuthorizationRequest"

}

}

],

"responses": {

"200": {

"description": "OK",

"schema": {

"$ref": "#/definitions/codersdk.AuthorizationResponse"

}

}

}

}

},

"codersdk.AuthorizationCheck": {

"type": "object",

"properties": {

"action": {

"description": "Action can be `create`, `read`, `update`, or `delete`",

"type": "string",

"enum": ["create", "read", "update", "delete"]

},

"object": {

"description": "Object can represent a \"set\" of objects, such as:\n\t- All workspaces in an organization\n\t- All workspaces owned by me\n\t- All workspaces across the entire product\nWhen defining an object, use the most specific language when possible to\nproduce the smallest set. Meaning to set as many fields on 'Object' as\nyou can. Example, if you want to check if you can update all workspaces\nowned by 'me', try to also add an 'OrganizationID' to the settings.\nOmitting the 'OrganizationID' could produce the incorrect value, as\nworkspaces have both `user` and `organization` owners.",

"$ref": "#/definitions/codersdk.AuthorizationObject"

}

}

},

"codersdk.AuthorizationObject": {

"type": "object",

"properties": {

"organization_id": {

"description": "OrganizationID (optional) is an organization_id. It adds the set constraint to\nall resources owned by a given organization.",

"type": "string"

},

"owner_id": {

"description": "OwnerID (optional) is a user_id. It adds the set constraint to all resources owned\nby a given user.",

"type": "string"

},

"resource_id": {

"description": "ResourceID (optional) reduces the set to a singular resource. This assigns\na resource ID to the resource type, eg: a single workspace.\nThe rbac library will not fetch the resource from the database, so if you\nare using this option, you should also set the 'OwnerID' and 'OrganizationID'\nif possible. Be as specific as possible using all the fields relevant.",

"type": "string"

},

"resource_type": {

"description": "ResourceType is the name of the resource.\n`./coderd/rbac/object.go` has the list of valid resource types.",

"type": "string"

}

}

},

"codersdk.AuthorizationRequest": {

"type": "object",

"properties": {

"checks": {

"description": "Checks is a map keyed with an arbitrary string to a permission check.\nThe key can be any string that is helpful to the caller, and allows\nmultiple permission checks to be run in a single request.\nThe key ensures that each permission check has the same key in the\nresponse.",

"type": "object",

"additionalProperties": {

"$ref": "#/definitions/codersdk.AuthorizationCheck"

}

}

}

},

"codersdk.AuthorizationResponse": {

"type": "object",

"additionalProperties": {

"type": "boolean"

}

},

// Action can be `create`, `read`, `update`, or `delete`

Action string `json:"action" enums:"create,read,update,delete"`

// `./coderd/rbac/object.go` has the list of valid resource types.

curl -X POST http://coder-server:8080/api/v2/authcheck \

-H 'Content-Type: application/json' \

-H 'Accept: application/json' \

-H 'Coder-Session-Token: API_KEY'

{

"checks": {

"property1": {

"action": "create",

"object": {

"organization_id": "string",

"owner_id": "string",

"resource_id": "string",

"resource_type": "string"

}

},

"property2": {

"action": "create",

"object": {

"organization_id": "string",

"owner_id": "string",

"resource_id": "string",

"resource_type": "string"

}

}

}

}

| Name | In | Type | Required | Description |

| ---- | ---- | ------------------------------------------------------------------------ | -------- | --------------------- |

| body | body | [codersdk.AuthorizationRequest](schemas.md#codersdkauthorizationrequest) | true | Authorization request |

{

"property1": true,

"property2": true

}

| Status | Meaning | Description | Schema |

| ------ | ------------------------------------------------------- | ----------- | -------------------------------------------------------------------------- |

| 200 | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | OK | [codersdk.AuthorizationResponse](schemas.md#codersdkauthorizationresponse) |

To perform this operation, you must be authenticated by means of one of the following methods: **CoderSessionToken**.