AuthorizeSQLFilterContext is like AuthorizeSQLFilter but reads the RBAC subject from the context directly rather than from an *http.Request. The subject must have been set via dbauthz.As.
(ctx context.Context, action policy.Action, objectType string)
| 142 | // RBAC subject from the context directly rather than from an |
| 143 | // *http.Request. The subject must have been set via dbauthz.As. |
| 144 | func (h *HTTPAuthorizer) AuthorizeSQLFilterContext(ctx context.Context, action policy.Action, objectType string) (rbac.PreparedAuthorized, error) { |
| 145 | roles, ok := dbauthz.ActorFromContext(ctx) |
| 146 | if !ok { |
| 147 | return nil, xerrors.New("no authorization actor in context") |
| 148 | } |
| 149 | prepared, err := h.Authorizer.Prepare(ctx, roles, action, objectType) |
| 150 | if err != nil { |
| 151 | return nil, xerrors.Errorf("prepare filter: %w", err) |
| 152 | } |
| 153 | |
| 154 | return prepared, nil |
| 155 | } |
| 156 | |
| 157 | // checkAuthorization returns if the current API key can use the given |
| 158 | // permissions, factoring in the current user's roles and the API key scopes. |
nothing calls this directly
no test coverage detected