Skip to content

feat: Implement list roles & enforce authorize examples #1273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
May 3, 2022
Merged

feat: Implement list roles & enforce authorize examples #1273

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
30e2031
feat: First draft of adding authorize to an http endpoint
Emyrk May 3, 2022
2161f84
WIP: Using middleware to change auth object params
Emyrk May 3, 2022
54bc054
feat: Implement basic authorize and unit test
Emyrk May 3, 2022
d083a7c
Some cleanup
Emyrk May 3, 2022
95b9a14
Merge remote-tracking branch 'origin/main' into stevenmasley/list_roles
Emyrk May 3, 2022
1498dcd
Expand 'orgs' to 'organizations' in func namings
Emyrk May 3, 2022
f36ae37
Renamings
Emyrk May 3, 2022
b831260
Use rbac.object directly
Emyrk May 3, 2022
db04d67
Fix broken tests
Emyrk May 3, 2022
b76f373
Add some comments
Emyrk May 3, 2022
117f838
Linting
Emyrk May 3, 2022
42b42ab
Handle out of order lists
Emyrk May 3, 2022
0efe72c
Add unit test
Emyrk May 3, 2022
dba617d
Add unit test for mw
Emyrk May 3, 2022
190940f
parallel unit test
Emyrk May 3, 2022
c86c67c
style order
Emyrk May 3, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add some comments
  • Loading branch information
@Emyrk
Emyrk committed May 3, 2022
commit b76f373ae1dc276110b71f3b701ccfaf102e970d
4 changes: 2 additions & 2 deletions coderd/httpmw/authorize.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ func Authorize(logger slog.Logger, auth *rbac.RegoAuthorizer, action rbac.Action
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
roles := UserRoles(r)
object := authObject(r)
object := rbacObject(r)

if object.Type == "" {
panic("developer error: auth object has no type")
Expand Down Expand Up @@ -72,7 +72,7 @@ func Authorize(logger slog.Logger, auth *rbac.RegoAuthorizer, action rbac.Action
type authObjectKey struct{}

// APIKey returns the API key from the ExtractAPIKey handler.
func authObject(r *http.Request) rbac.Object {
func rbacObject(r *http.Request) rbac.Object {
obj, ok := r.Context().Value(authObjectKey{}).(rbac.Object)
if !ok {
panic("developer error: auth object middleware not provided")
Expand Down
10 changes: 7 additions & 3 deletions coderd/rbac/builtin.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,9 +146,11 @@ func IsOrgRole(roleName string) (string, bool) {
}

// OrganizationRoles lists all roles that can be applied to an organization user
// in the given organization.
// in the given organization. This is the list of available roles,
// and specific to an organization.
//
// This should be a list in a database, but until then we build
// the list from the builtins.
// the list from the builtins.
func OrganizationRoles(organizationID uuid.UUID) []string {
var roles []string
for _, roleF := range builtInRoles {
Expand All @@ -166,8 +168,10 @@ func OrganizationRoles(organizationID uuid.UUID) []string {
}

// SiteRoles lists all roles that can be applied to a user.
// This is the list of available roles, and not specific to a user
//
// This should be a list in a database, but until then we build
// the list from the builtins.
// the list from the builtins.
func SiteRoles() []string {
var roles []string
for role := range builtInRoles {
Expand Down