MCPcopy Index your code
hub / github.com/coder/coder / AuthorizeContext

Method AuthorizeContext

coderd/authorize.go:100–124  ·  view source on GitHub ↗

AuthorizeContext checks whether the RBAC subject on the context is authorized to perform the given action. The subject must have been set via dbauthz.As or the ExtractAPIKey middleware. Returns false if the subject is missing or unauthorized.

(ctx context.Context, action policy.Action, object rbac.Objecter)

Source from the content-addressed store, hash-verified

98// been set via dbauthz.As or the ExtractAPIKey middleware. Returns
99// false if the subject is missing or unauthorized.
100func (h *HTTPAuthorizer) AuthorizeContext(ctx context.Context, action policy.Action, object rbac.Objecter) bool {
101 roles, ok := dbauthz.ActorFromContext(ctx)
102 if !ok {
103 h.Logger.Error(ctx, "no authorization actor in context")
104 return false
105 }
106 err := h.Authorizer.Authorize(ctx, roles, action, object.RBACObject())
107 if err != nil {
108 internalError := new(rbac.UnauthorizedError)
109 logger := h.Logger
110 if xerrors.As(err, internalError) {
111 logger = h.Logger.With(slog.F("internal_error", internalError.Internal()))
112 }
113 logger.Warn(ctx, "requester is not authorized to access the object",
114 slog.F("roles", roles.SafeRoleNames()),
115 slog.F("actor_id", roles.ID),
116 slog.F("actor_name", roles),
117 slog.F("scope", roles.SafeScopeName()),
118 slog.F("action", action),
119 slog.F("object", object),
120 )
121 return false
122 }
123 return true
124}
125
126// AuthorizeSQLFilter returns an authorization filter that can used in a
127// SQL 'WHERE' clause. If the filter is used, the resulting rows returned

Callers 1

createWorkspaceFunction · 0.80

Calls 8

ActorFromContextFunction · 0.92
AsMethod · 0.80
InternalMethod · 0.80
SafeRoleNamesMethod · 0.80
SafeScopeNameMethod · 0.80
AuthorizeMethod · 0.65
RBACObjectMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected