MCPcopy Index your code
hub / github.com/coder/coder / AuthorizeSQLFilter

Method AuthorizeSQLFilter

coderd/authorize.go:131–139  ·  view source on GitHub ↗

AuthorizeSQLFilter returns an authorization filter that can used in a SQL 'WHERE' clause. If the filter is used, the resulting rows returned from postgres are already authorized, and the caller does not need to call 'Authorize()' on the returned objects. Note the authorization is only for the given

(r *http.Request, action policy.Action, objectType string)

Source from the content-addressed store, hash-verified

129// call 'Authorize()' on the returned objects.
130// Note the authorization is only for the given action and object type.
131func (h *HTTPAuthorizer) AuthorizeSQLFilter(r *http.Request, action policy.Action, objectType string) (rbac.PreparedAuthorized, error) {
132 roles := httpmw.UserAuthorization(r.Context())
133 prepared, err := h.Authorizer.Prepare(r.Context(), roles, action, objectType)
134 if err != nil {
135 return nil, xerrors.Errorf("prepare filter: %w", err)
136 }
137
138 return prepared, nil
139}
140
141// AuthorizeSQLFilterContext is like AuthorizeSQLFilter but reads the
142// RBAC subject from the context directly rather than from an

Callers 3

fetchTemplatesMethod · 0.80
workspacesMethod · 0.80
tailnetRPCConnMethod · 0.80

Calls 4

UserAuthorizationFunction · 0.92
ContextMethod · 0.65
PrepareMethod · 0.65
ErrorfMethod · 0.45

Tested by

no test coverage detected