MCPcopy Index your code
hub / github.com/coder/coder / UserRBACSubject

Function UserRBACSubject

coderd/httpmw/apikey.go:899–927  ·  view source on GitHub ↗

UserRBACSubject fetches a user's rbac.Subject from the database. It pulls all roles from both site and organization scopes. It also pulls the groups, and the user's status.

(ctx context.Context, db database.Store, userID uuid.UUID, scope rbac.ExpandableScope)

Source from the content-addressed store, hash-verified

897// UserRBACSubject fetches a user's rbac.Subject from the database. It pulls all roles from both
898// site and organization scopes. It also pulls the groups, and the user's status.
899func UserRBACSubject(ctx context.Context, db database.Store, userID uuid.UUID, scope rbac.ExpandableScope) (rbac.Subject, database.UserStatus, error) {
900 //nolint:gocritic // system needs to update user roles
901 roles, err := db.GetAuthorizationUserRoles(dbauthz.AsSystemRestricted(ctx), userID)
902 if err != nil {
903 return rbac.Subject{}, "", xerrors.Errorf("get authorization user roles: %w", err)
904 }
905
906 roleNames, err := roles.RoleNames()
907 if err != nil {
908 return rbac.Subject{}, "", xerrors.Errorf("expand role names: %w", err)
909 }
910
911 //nolint:gocritic // Permission to lookup custom roles the user has assigned.
912 rbacRoles, err := rolestore.Expand(dbauthz.AsSystemRestricted(ctx), db, roleNames)
913 if err != nil {
914 return rbac.Subject{}, "", xerrors.Errorf("expand role names: %w", err)
915 }
916
917 actor := rbac.Subject{
918 Type: rbac.SubjectTypeUser,
919 FriendlyName: roles.Username,
920 Email: roles.Email,
921 ID: userID.String(),
922 Roles: rbacRoles,
923 Groups: roles.Groups,
924 Scope: scope,
925 }.WithCachedASTValue()
926 return actor, roles.Status, nil
927}
928
929// APITokenFromRequest returns the api token from the request.
930// Find the session token from:

Calls 7

AsSystemRestrictedFunction · 0.92
ExpandFunction · 0.92
RoleNamesMethod · 0.80
WithCachedASTValueMethod · 0.80
ErrorfMethod · 0.45
StringMethod · 0.45