MCPcopy Index your code
hub / github.com/coder/coder / Authorize

Method Authorize

coderd/authorize.go:69–94  ·  view source on GitHub ↗

Authorize will return false if the user is not authorized to do the action. This function will log appropriately, but the caller must return an error to the api client. Eg: if !h.Authorize(...) { httpapi.Forbidden(rw) return }

(r *http.Request, action policy.Action, object rbac.Objecter)

Source from the content-addressed store, hash-verified

67// return
68// }
69func (h *HTTPAuthorizer) Authorize(r *http.Request, action policy.Action, object rbac.Objecter) bool {
70 roles := httpmw.UserAuthorization(r.Context())
71 err := h.Authorizer.Authorize(r.Context(), roles, action, object.RBACObject())
72 if err != nil {
73 // Log the errors for debugging
74 internalError := new(rbac.UnauthorizedError)
75 logger := h.Logger
76 if xerrors.As(err, internalError) {
77 logger = h.Logger.With(slog.F("internal_error", internalError.Internal()))
78 }
79 // Log information for debugging. This will be very helpful
80 // in the early days
81 logger.Warn(r.Context(), "requester is not authorized to access the object",
82 slog.F("roles", roles.SafeRoleNames()),
83 slog.F("actor_id", roles.ID),
84 slog.F("actor_name", roles),
85 slog.F("scope", roles.SafeScopeName()),
86 slog.F("route", r.URL.Path),
87 slog.F("action", action),
88 slog.F("object", object),
89 )
90
91 return false
92 }
93 return true
94}
95
96// AuthorizeContext checks whether the RBAC subject on the context
97// is authorized to perform the given action. The subject must have

Callers

nothing calls this directly

Calls 8

UserAuthorizationFunction · 0.92
AsMethod · 0.80
InternalMethod · 0.80
SafeRoleNamesMethod · 0.80
SafeScopeNameMethod · 0.80
ContextMethod · 0.65
AuthorizeMethod · 0.65
RBACObjectMethod · 0.65

Tested by

no test coverage detected