PR comment fixes

- Rename authObject - Shorten 'AuthorizeByRoleName'
coder · Emyrk · May 17, 2022 · May 11, 2022 · May 12, 2022 · May 12, 2022
commit 89a367890c41e5f73403b9d672b02cefc3bf481e
diff --git a/coderd/coderd_test.go b/coderd/coderd_test.go
@@ -191,7 +191,7 @@ type fakeAuthorizer struct {
 	AlwaysReturn error
 }
 
-func (f *fakeAuthorizer) AuthorizeByRoleName(_ context.Context, subjectID string, roleNames []string, action rbac.Action, object rbac.Object) error {
+func (f *fakeAuthorizer) ByRoleName(_ context.Context, subjectID string, roleNames []string, action rbac.Action, object rbac.Object) error {
 	f.Called = &authCall{
 		SubjectID: subjectID,
 		Roles:     roleNames,

diff --git a/coderd/httpmw/authorize.go b/coderd/httpmw/authorize.go
@@ -13,7 +13,7 @@ import (
 	"github.com/coder/coder/coderd/rbac"
 )
 
-// Authorize will enforce if the user roles can complete the action on the AuthObject.
+// Authorize will enforce if the user roles can complete the action on the RBACObject.
 // The organization and owner are found using the ExtractOrganization and
 // ExtractUser middleware if present.
 func Authorize(logger slog.Logger, auth rbac.Authorizer, actions ...rbac.Action) func(http.Handler) http.Handler {
@@ -51,7 +51,7 @@ func Authorize(logger slog.Logger, auth rbac.Authorizer, actions ...rbac.Action)
 			}
 
 			for _, action := range actions {
-				err := auth.AuthorizeByRoleName(r.Context(), roles.ID.String(), roles.Roles, action, object)
+				err := auth.ByRoleName(r.Context(), roles.ID.String(), roles.Roles, action, object)
 				if err != nil {
 					internalError := new(rbac.UnauthorizedError)
 					if xerrors.As(err, internalError) {
@@ -80,15 +80,15 @@ func Authorize(logger slog.Logger, auth rbac.Authorizer, actions ...rbac.Action)
 
 type authObjectKey struct{}
 
-type AuthObject struct {
+type RBACObject struct {
 	Object rbac.Object
 
 	WithOwner func(r *http.Request) uuid.UUID
 }
 
 // APIKey returns the API key from the ExtractAPIKey handler.
-func rbacObject(r *http.Request) AuthObject {
-	obj, ok := r.Context().Value(authObjectKey{}).(AuthObject)
+func rbacObject(r *http.Request) RBACObject {
+	obj, ok := r.Context().Value(authObjectKey{}).(RBACObject)
 	if !ok {
 		panic("developer error: auth object middleware not provided")
 	}
@@ -107,11 +107,11 @@ func WithAPIKeyAsOwner() func(http.Handler) http.Handler {
 func WithOwner(withOwner func(r *http.Request) uuid.UUID) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
-			obj, ok := r.Context().Value(authObjectKey{}).(AuthObject)
+			obj, ok := r.Context().Value(authObjectKey{}).(RBACObject)
 			if ok {
 				obj.WithOwner = withOwner
 			} else {
-				obj = AuthObject{WithOwner: withOwner}
+				obj = RBACObject{WithOwner: withOwner}
 			}
 
 			ctx := context.WithValue(r.Context(), authObjectKey{}, obj)
@@ -125,11 +125,11 @@ func WithOwner(withOwner func(r *http.Request) uuid.UUID) func(http.Handler) htt
 func WithRBACObject(object rbac.Object) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
-			obj, ok := r.Context().Value(authObjectKey{}).(AuthObject)
+			obj, ok := r.Context().Value(authObjectKey{}).(RBACObject)
 			if ok {
 				obj.Object = object
 			} else {
-				obj = AuthObject{Object: object}
+				obj = RBACObject{Object: object}
 			}
 
 			ctx := context.WithValue(r.Context(), authObjectKey{}, obj)

diff --git a/coderd/rbac/authz.go b/coderd/rbac/authz.go
@@ -10,7 +10,7 @@ import (
 )
 
 type Authorizer interface {
-	AuthorizeByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error
+	ByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error
 }
 
 // RegoAuthorizer will use a prepared rego query for performing authorize()
@@ -42,10 +42,10 @@ type authSubject struct {
 	Roles []Role `json:"roles"`
 }
 
-// AuthorizeByRoleName will expand all roleNames into roles before calling Authorize().
+// ByRoleName will expand all roleNames into roles before calling Authorize().
 // This is the function intended to be used outside this package.
 // The role is fetched from the builtin map located in memory.
-func (a RegoAuthorizer) AuthorizeByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error {
+func (a RegoAuthorizer) ByRoleName(ctx context.Context, subjectID string, roleNames []string, action Action, object Object) error {
 	roles := make([]Role, 0, len(roleNames))
 	for _, n := range roleNames {
 		r, err := RoleByName(n)

diff --git a/coderd/users.go b/coderd/users.go
@@ -408,7 +408,7 @@ func (api *api) putUserRoles(rw http.ResponseWriter, r *http.Request) {
 		// Assigning a role requires the create permission. The middleware checks if
 		// we can update this user, so the combination of the 2 permissions enables
 		// assigning new roles.
-		err := api.Authorizer.AuthorizeByRoleName(r.Context(), roles.ID.String(), roles.Roles,
+		err := api.Authorizer.ByRoleName(r.Context(), roles.ID.String(), roles.Roles,
 			rbac.ActionCreate, rbac.ResourceUserRole.WithID(roleName))
 		if err != nil {
 			httpapi.Write(rw, http.StatusUnauthorized, httpapi.Response{
@@ -420,7 +420,7 @@ func (api *api) putUserRoles(rw http.ResponseWriter, r *http.Request) {
 
 	// Any roles that were removed also need to be checked.
 	for roleName := range has {
-		err := api.Authorizer.AuthorizeByRoleName(r.Context(), roles.ID.String(), roles.Roles,
+		err := api.Authorizer.ByRoleName(r.Context(), roles.ID.String(), roles.Roles,
 			rbac.ActionDelete, rbac.ResourceUserRole.WithID(roleName))
 		if err != nil {
 			httpapi.Write(rw, http.StatusUnauthorized, httpapi.Response{
@@ -490,7 +490,7 @@ func (api *api) organizationsByUser(rw http.ResponseWriter, r *http.Request) {
 
 	publicOrganizations := make([]codersdk.Organization, 0, len(organizations))
 	for _, organization := range organizations {
-		err := api.Authorizer.AuthorizeByRoleName(r.Context(), roles.ID.String(), roles.Roles, rbac.ActionRead,
+		err := api.Authorizer.ByRoleName(r.Context(), roles.ID.String(), roles.Roles, rbac.ActionRead,
 			rbac.ResourceOrganization.
 				WithID(organization.ID.String()).
 				InOrg(organization.ID),
@@ -522,7 +522,7 @@ func (api *api) organizationByUserAndName(rw http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	err = api.Authorizer.AuthorizeByRoleName(r.Context(), roles.ID.String(), roles.Roles, rbac.ActionRead,
+	err = api.Authorizer.ByRoleName(r.Context(), roles.ID.String(), roles.Roles, rbac.ActionRead,
 		rbac.ResourceOrganization.
 			InOrg(organization.ID).
 			WithID(organization.ID.String()),
@@ -825,7 +825,7 @@ func (api *api) workspacesByUser(rw http.ResponseWriter, r *http.Request) {
 	}
 	organizationIDs := make([]uuid.UUID, 0)
 	for _, organization := range organizations {
-		err = api.Authorizer.AuthorizeByRoleName(r.Context(), user.ID.String(), roles.Roles, rbac.ActionRead, rbac.ResourceWorkspace.All().InOrg(organization.ID))
+		err = api.Authorizer.ByRoleName(r.Context(), user.ID.String(), roles.Roles, rbac.ActionRead, rbac.ResourceWorkspace.All().InOrg(organization.ID))
 		var apiErr *rbac.UnauthorizedError
 		if xerrors.As(err, &apiErr) {
 			continue