MCPcopy Index your code
hub / github.com/coder/coder / AuthzUserSubjectWithDB

Function AuthzUserSubjectWithDB

coderd/coderdtest/coderdtest.go:876–918  ·  view source on GitHub ↗

AuthzUserSubjectWithDB is like AuthzUserSubject but adds db-backed roles (like organization-member).

(ctx context.Context, t testing.TB, db database.Store, user codersdk.User)

Source from the content-addressed store, hash-verified

874// AuthzUserSubjectWithDB is like AuthzUserSubject but adds db-backed roles
875// (like organization-member).
876func AuthzUserSubjectWithDB(ctx context.Context, t testing.TB, db database.Store, user codersdk.User) rbac.Subject {
877 t.Helper()
878
879 roles := make(rbac.RoleIdentifiers, 0, len(user.Roles)+2)
880 // Member role is always implied
881 roles = append(roles, rbac.RoleMember())
882 for _, r := range user.Roles {
883 parsedOrgID, _ := uuid.Parse(r.OrganizationID) // defaults to nil
884 roles = append(roles, rbac.RoleIdentifier{
885 Name: r.Name,
886 OrganizationID: parsedOrgID,
887 })
888 }
889
890 //nolint:gocritic // We’re constructing the subject. The incoming ctx
891 // typically has no dbauthz actor yet, and using AuthzUserSubject(user)
892 // here would be circular (it lacks DB-backed org-member roles needed for
893 // organization:read). Use system-restricted ctx for the membership lookup.
894 orgs, err := db.GetOrganizationsByUserID(dbauthz.AsSystemRestricted(ctx), database.GetOrganizationsByUserIDParams{
895 UserID: user.ID,
896 Deleted: sql.NullBool{
897 Valid: true,
898 Bool: false,
899 },
900 })
901 require.NoError(t, err)
902 for _, org := range orgs {
903 roles = append(roles, rbac.ScopedRoleOrgMember(org.ID))
904 }
905
906 //nolint:gocritic // We need to expand DB-backed/system roles. The caller
907 // ctx may not have permission to read system roles, so use system-restricted
908 // context for the internal role lookup.
909 rbacRoles, err := rolestore.Expand(dbauthz.AsSystemRestricted(ctx), db, roles)
910 require.NoError(t, err)
911
912 return rbac.Subject{
913 ID: user.ID.String(),
914 Roles: rbacRoles,
915 Groups: []string{},
916 Scope: rbac.ScopeAll,
917 }.WithCachedASTValue()
918}
919
920func createAnotherUserRetry(t testing.TB, client *codersdk.Client, organizationIDs []uuid.UUID, retries int, roles []rbac.RoleIdentifier, mutators ...func(r *codersdk.CreateUserRequestWithOrgs)) (*codersdk.Client, codersdk.User) {
921 req := codersdk.CreateUserRequestWithOrgs{

Calls 9

RoleMemberFunction · 0.92
AsSystemRestrictedFunction · 0.92
ScopedRoleOrgMemberFunction · 0.92
ExpandFunction · 0.92
WithCachedASTValueMethod · 0.80
HelperMethod · 0.65
ParseMethod · 0.65
StringMethod · 0.45