MCPcopy Index your code
hub / github.com/coder/coder / AsAuthzSystem

Function AsAuthzSystem

coderd/httpmw/authz.go:22–41  ·  view source on GitHub ↗

AsAuthzSystem is a chained handler that temporarily sets the dbauthz context to System for the inner handlers, and resets the context afterwards. TODO: Refactor the middleware functions to not require this. This is a bit of a kludge for now as some middleware functions require usage as a system use

(mws ...func(http.Handler) http.Handler)

Source from the content-addressed store, hash-verified

20// usage as a system user in some cases, but not all cases. To avoid large
21// refactors, we use this middleware to temporarily set the context to a system.
22func AsAuthzSystem(mws ...func(http.Handler) http.Handler) func(http.Handler) http.Handler {
23 chain := chi.Chain(mws...)
24 return func(next http.Handler) http.Handler {
25 return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
26 ctx := r.Context()
27 before, beforeExists := dbauthz.ActorFromContext(r.Context())
28 if !beforeExists {
29 // AsRemoveActor will actually remove the actor from the context.
30 before = dbauthz.AsRemoveActor
31 }
32
33 // nolint:gocritic // AsAuthzSystem needs to do this.
34 r = r.WithContext(dbauthz.AsSystemRestricted(ctx))
35 chain.Handler(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
36 r = r.WithContext(dbauthz.As(r.Context(), before))
37 next.ServeHTTP(rw, r)
38 })).ServeHTTP(rw, r)
39 })
40 }
41}
42
43// RecordAuthzChecks enables recording all the authorization checks that
44// occurred in the processing of a request. This is mostly helpful for debugging

Callers 1

TestAsAuthzSystemFunction · 0.92

Calls 7

ActorFromContextFunction · 0.92
AsSystemRestrictedFunction · 0.92
AsFunction · 0.92
WithContextMethod · 0.80
ContextMethod · 0.65
ServeHTTPMethod · 0.45
HandlerMethod · 0.45

Tested by 1

TestAsAuthzSystemFunction · 0.74