( logger slog.Logger, authorizer rbac.Authorizer, object rbac.Objecter, action policy.Action, insertFunc Insert, )
| 919 | } |
| 920 | |
| 921 | func insertWithAction[ |
| 922 | ObjectType any, |
| 923 | ArgumentType any, |
| 924 | Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error), |
| 925 | ]( |
| 926 | logger slog.Logger, |
| 927 | authorizer rbac.Authorizer, |
| 928 | object rbac.Objecter, |
| 929 | action policy.Action, |
| 930 | insertFunc Insert, |
| 931 | ) Insert { |
| 932 | return func(ctx context.Context, arg ArgumentType) (empty ObjectType, err error) { |
| 933 | // Fetch the rbac subject |
| 934 | act, ok := ActorFromContext(ctx) |
| 935 | if !ok { |
| 936 | return empty, ErrNoActor |
| 937 | } |
| 938 | |
| 939 | // Authorize the action |
| 940 | err = authorizer.Authorize(ctx, act, action, object.RBACObject()) |
| 941 | if err != nil { |
| 942 | return empty, logNotAuthorizedError(ctx, logger, err) |
| 943 | } |
| 944 | |
| 945 | // Insert the database object |
| 946 | return insertFunc(ctx, arg) |
| 947 | } |
| 948 | } |
| 949 | |
| 950 | func deleteQ[ |
| 951 | ObjectType rbac.Objecter, |
no test coverage detected