MCPcopy Index your code
hub / github.com/coder/coder / authorizeUpdateFileTemplate

Method authorizeUpdateFileTemplate

coderd/database/dbauthz/dbauthz.go:1169–1186  ·  view source on GitHub ↗

authorizeReadFile is a hotfix for the fact that file permissions are independent of template permissions. This function checks if the user has update access to any of the file's templates.

(ctx context.Context, file database.File)

Source from the content-addressed store, hash-verified

1167// independent of template permissions. This function checks if the user has
1168// update access to any of the file's templates.
1169func (q *querier) authorizeUpdateFileTemplate(ctx context.Context, file database.File) error {
1170 tpls, err := q.db.GetFileTemplates(ctx, file.ID)
1171 if err != nil {
1172 return err
1173 }
1174 // There __should__ only be 1 template per file, but there can be more than
1175 // 1, so check them all.
1176 for _, tpl := range tpls {
1177 // If the user has update access to any template, they have read access to the file.
1178 if err := q.authorizeContext(ctx, policy.ActionUpdate, tpl); err == nil {
1179 return nil
1180 }
1181 }
1182
1183 return NotAuthorizedError{
1184 Err: xerrors.Errorf("not authorized to read file %s", file.ID),
1185 }
1186}
1187
1188// convertToOrganizationRoles converts a set of scoped role names to their unique
1189// scoped names. The database stores roles as an array of strings, and needs to be

Callers 2

GetFileByIDMethod · 0.95

Calls 3

authorizeContextMethod · 0.95
GetFileTemplatesMethod · 0.65
ErrorfMethod · 0.45

Tested by

no test coverage detected