MCPcopy Index your code
hub / github.com/coder/coder / recordAuthzCheck

Function recordAuthzCheck

coderd/rbac/authz.go:868–908  ·  view source on GitHub ↗
(ctx context.Context, action policy.Action, object Object, authorized bool)

Source from the content-addressed store, hash-verified

866}
867
868func recordAuthzCheck(ctx context.Context, action policy.Action, object Object, authorized bool) {
869 r, ok := ctx.Value(authzCheckRecorderKey{}).(*AuthzCheckRecorder)
870 if !ok {
871 return
872 }
873
874 // We serialize the check using the following syntax
875 var b strings.Builder
876 if object.OrgID != "" {
877 _, err := fmt.Fprintf(&b, "organization:%v::", object.OrgID)
878 if err != nil {
879 return
880 }
881 }
882 if object.AnyOrgOwner {
883 _, err := fmt.Fprint(&b, "organization:any::")
884 if err != nil {
885 return
886 }
887 }
888 if object.Owner != "" {
889 _, err := fmt.Fprintf(&b, "owner:%v::", object.Owner)
890 if err != nil {
891 return
892 }
893 }
894 if object.ID != "" {
895 _, err := fmt.Fprintf(&b, "id:%v::", object.ID)
896 if err != nil {
897 return
898 }
899 }
900 _, err := fmt.Fprintf(&b, "%v.%v", object.RBACObject().Type, action)
901 if err != nil {
902 return
903 }
904
905 r.lock.Lock()
906 defer r.lock.Unlock()
907 r.checks = append(r.checks, recordedCheck{name: b.String(), result: authorized})
908}
909
910func GetAuthzCheckRecorder(ctx context.Context) (*AuthzCheckRecorder, bool) {
911 checks, ok := ctx.Value(authzCheckRecorderKey{}).(*AuthzCheckRecorder)

Callers 1

AuthorizeMethod · 0.85

Calls 5

RBACObjectMethod · 0.65
ValueMethod · 0.45
LockMethod · 0.45
UnlockMethod · 0.45
StringMethod · 0.45

Tested by

no test coverage detected