AuthorizeSQLFilter returns an authorization filter that can used in a SQL 'WHERE' clause. If the filter is used, the resulting rows returned from postgres are already authorized, and the caller does not need to call 'Authorize()' on the returned objects. Note the authorization is only for the given
(r *http.Request, action policy.Action, objectType string)
| 129 | // call 'Authorize()' on the returned objects. |
| 130 | // Note the authorization is only for the given action and object type. |
| 131 | func (h *HTTPAuthorizer) AuthorizeSQLFilter(r *http.Request, action policy.Action, objectType string) (rbac.PreparedAuthorized, error) { |
| 132 | roles := httpmw.UserAuthorization(r.Context()) |
| 133 | prepared, err := h.Authorizer.Prepare(r.Context(), roles, action, objectType) |
| 134 | if err != nil { |
| 135 | return nil, xerrors.Errorf("prepare filter: %w", err) |
| 136 | } |
| 137 | |
| 138 | return prepared, nil |
| 139 | } |
| 140 | |
| 141 | // AuthorizeSQLFilterContext is like AuthorizeSQLFilter but reads the |
| 142 | // RBAC subject from the context directly rather than from an |
no test coverage detected