authorizeContext is a helper function to authorize an action on an object.
(ctx context.Context, action policy.Action, object rbac.Objecter)
| 136 | |
| 137 | // authorizeContext is a helper function to authorize an action on an object. |
| 138 | func (q *querier) authorizeContext(ctx context.Context, action policy.Action, object rbac.Objecter) error { |
| 139 | act, ok := ActorFromContext(ctx) |
| 140 | if !ok { |
| 141 | return ErrNoActor |
| 142 | } |
| 143 | |
| 144 | err := q.auth.Authorize(ctx, act, action, object.RBACObject()) |
| 145 | if err != nil { |
| 146 | return logNotAuthorizedError(ctx, q.log, err) |
| 147 | } |
| 148 | return nil |
| 149 | } |
| 150 | |
| 151 | // authorizePrebuiltWorkspace handles authorization for workspace resource types. |
| 152 | // prebuilt_workspaces are a subset of workspaces, currently limited to |
no test coverage detected