MCPcopy Index your code
hub / github.com/coder/coder / authorizeTemplateInsights

Method authorizeTemplateInsights

coderd/database/dbauthz/dbauthz.go:1378–1399  ·  view source on GitHub ↗
(ctx context.Context, templateIDs []uuid.UUID)

Source from the content-addressed store, hash-verified

1376}
1377
1378func (q *querier) authorizeTemplateInsights(ctx context.Context, templateIDs []uuid.UUID) error {
1379 // Abort early if can read all template insights, aka admins.
1380 // TODO: If we know the org, that would allow org admins to abort early too.
1381 if err := q.authorizeContext(ctx, policy.ActionViewInsights, rbac.ResourceTemplate); err != nil {
1382 for _, templateID := range templateIDs {
1383 template, err := q.db.GetTemplateByID(ctx, templateID)
1384 if err != nil {
1385 return err
1386 }
1387
1388 if err := q.authorizeContext(ctx, policy.ActionViewInsights, template); err != nil {
1389 return err
1390 }
1391 }
1392 if len(templateIDs) == 0 {
1393 if err := q.authorizeContext(ctx, policy.ActionViewInsights, rbac.ResourceTemplate.All()); err != nil {
1394 return err
1395 }
1396 }
1397 }
1398 return nil
1399}
1400
1401// customRoleEscalationCheck checks to make sure the caller has every permission they are adding
1402// to a custom role. This prevents permission escalation.

Calls 3

authorizeContextMethod · 0.95
AllMethod · 0.80
GetTemplateByIDMethod · 0.65

Tested by

no test coverage detected