MCPcopy Index your code
hub / github.com/coder/coder / AuthorizeFilter

Function AuthorizeFilter

coderd/authorize.go:23–40  ·  view source on GitHub ↗

AuthorizeFilter takes a list of objects and returns the filtered list of objects that the user is authorized to perform the given action on. This is faster than calling Authorize() on each object.

(h *HTTPAuthorizer, r *http.Request, action policy.Action, objects []O)

Source from the content-addressed store, hash-verified

21// objects that the user is authorized to perform the given action on.
22// This is faster than calling Authorize() on each object.
23func AuthorizeFilter[O rbac.Objecter](h *HTTPAuthorizer, r *http.Request, action policy.Action, objects []O) ([]O, error) {
24 roles := httpmw.UserAuthorization(r.Context())
25 objects, err := rbac.Filter(r.Context(), h.Authorizer, roles, action, objects)
26 if err != nil {
27 // Log the error as Filter should not be erroring.
28 h.Logger.Error(r.Context(), "authorization filter failed",
29 slog.Error(err),
30 slog.F("user_id", roles.ID),
31 slog.F("username", roles),
32 slog.F("roles", roles.SafeRoleNames()),
33 slog.F("scope", roles.SafeScopeName()),
34 slog.F("route", r.URL.Path),
35 slog.F("action", action),
36 )
37 return nil, err
38 }
39 return objects, nil
40}
41
42type HTTPAuthorizer struct {
43 Authorizer rbac.Authorizer

Callers 3

licensesMethod · 0.92
organizationsByUserMethod · 0.70
tokensMethod · 0.70

Calls 6

UserAuthorizationFunction · 0.92
FilterFunction · 0.92
SafeRoleNamesMethod · 0.80
SafeScopeNameMethod · 0.80
ContextMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected