AuthorizeFilter takes a list of objects and returns the filtered list of objects that the user is authorized to perform the given action on. This is faster than calling Authorize() on each object.
(h *HTTPAuthorizer, r *http.Request, action policy.Action, objects []O)
| 21 | // objects that the user is authorized to perform the given action on. |
| 22 | // This is faster than calling Authorize() on each object. |
| 23 | func AuthorizeFilter[O rbac.Objecter](h *HTTPAuthorizer, r *http.Request, action policy.Action, objects []O) ([]O, error) { |
| 24 | roles := httpmw.UserAuthorization(r.Context()) |
| 25 | objects, err := rbac.Filter(r.Context(), h.Authorizer, roles, action, objects) |
| 26 | if err != nil { |
| 27 | // Log the error as Filter should not be erroring. |
| 28 | h.Logger.Error(r.Context(), "authorization filter failed", |
| 29 | slog.Error(err), |
| 30 | slog.F("user_id", roles.ID), |
| 31 | slog.F("username", roles), |
| 32 | slog.F("roles", roles.SafeRoleNames()), |
| 33 | slog.F("scope", roles.SafeScopeName()), |
| 34 | slog.F("route", r.URL.Path), |
| 35 | slog.F("action", action), |
| 36 | ) |
| 37 | return nil, err |
| 38 | } |
| 39 | return objects, nil |
| 40 | } |
| 41 | |
| 42 | type HTTPAuthorizer struct { |
| 43 | Authorizer rbac.Authorizer |
no test coverage detected