NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Commit4c25ec6

committed

beginnning of a disaster

1 parent8b92f23 commit4c25ec6Copy full SHA for 4c25ec6

File tree

2 files changed

+28

-21

lines changed

coderd/rbac
- astvalue.go
- roles.go

2 files changed

+28

-21

lines changed

`‎coderd/rbac/astvalue.go‎`

Lines changed: 20 additions & 13 deletions

Original file line number	Diff line number	Diff line change
`@@ -157,30 +157,37 @@ func (role Role) regoValue() ast.Value {`
`157`	`157`	`ifrole.cachedRegoValue!=nil {`
`158`	`158`	`returnrole.cachedRegoValue`
`159`	`159`	`}`
`160`		`-orgMap:=ast.NewObject()`
`161`		`-fork,p:=rangerole.Org {`
`162`		`-orgMap.Insert(ast.StringTerm(k),ast.NewTerm(regoSlice(p)))`
`163`		`-}`
`164`		`-orgMemberMap:=ast.NewObject()`
`165`		`-fork,p:=rangerole.OrgMember {`
`166`		`-orgMemberMap.Insert(ast.StringTerm(k),ast.NewTerm(regoSlice(p)))`
	`160`	`+byOrgIDMap:=ast.NewObject()`
	`161`	`+fork,p:=rangerole.ByOrgID {`
	`162`	`+byOrgIDMap.Insert(ast.StringTerm(k),ast.NewTerm(`
	`163`	`+ast.NewObject(`
	`164`	`+[2]*ast.Term{`
	`165`	`+ast.StringTerm("org"),`
	`166`	`+ast.NewTerm(regoSlice(p.Org)),`
	`167`	`+},`
	`168`	`+),`
	`169`	`+))`
	`170`	`+byOrgIDMap.Insert(ast.StringTerm(k),ast.NewTerm(`
	`171`	`+ast.NewObject(`
	`172`	`+[2]*ast.Term{`
	`173`	`+ast.StringTerm("member"),`
	`174`	`+ast.NewTerm(regoSlice(p.Member)),`
	`175`	`+},`
	`176`	`+),`
	`177`	`+))`
`167`	`178`	`}`
`168`	`179`	`returnast.NewObject(`
`169`	`180`	`[2]*ast.Term{`
`170`	`181`	`ast.StringTerm("site"),`
`171`	`182`	`ast.NewTerm(regoSlice(role.Site)),`
`172`	`183`	`},`
`173`		`-[2]*ast.Term{`
`174`		`-ast.StringTerm("org"),`
`175`		`-ast.NewTerm(orgMap),`
`176`		`-},`
`177`	`184`	`[2]*ast.Term{`
`178`	`185`	`ast.StringTerm("user"),`
`179`	`186`	`ast.NewTerm(regoSlice(role.User)),`
`180`	`187`	`},`
`181`	`188`	`[2]*ast.Term{`
`182`		`-ast.StringTerm("org_member"),`
`183`		`-ast.NewTerm(orgMemberMap),`
	`189`	`+ast.StringTerm("by_org_id"),`
	`190`	`+ast.NewTerm(byOrgIDMap),`
`184`	`191`	`},`
`185`	`192`	`)`
`186`	`193`	`}`

`‎coderd/rbac/roles.go‎`

Lines changed: 8 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -701,20 +701,20 @@ type Role struct {`
`701`	`701`	DisplayNamestring`json:"display_name"`
`702`	`702`	Site []Permission`json:"site"`
`703`	`703`	User []Permission`json:"user"`
`704`		`-ByOrgIDmap[string]struct {`
`705`		`-// Org is a map of organization IDs to permissions. Grouping by organization`
`706`		`-// makes roles easy to combine.`
`707`		-Org []Permission`json:"org"`
`708`		`-// OrgMember is a map of organization IDs to permissions. Grouping by`
`709`		`-// organization makes roles easy to combine.`
`710`		-Member []Permission`json:"member"`
`711`		-}`json:"by_org_id"`
	`704`	`+// Org is a map of organization IDs to permissions. Grouping by organization`
	`705`	`+// makes roles easy to combine.`
	`706`	+ByOrgIDmap[string]RolePermissionsByOrgID`json:"by_org_id"`
`712`	`707`
`713`	`708`	`// cachedRegoValue can be used to cache the rego value for this role.`
`714`	`709`	`// This is helpful for static roles that never change.`
`715`	`710`	`cachedRegoValue ast.Value`
`716`	`711`	`}`
`717`	`712`
	`713`	`+typeRolePermissionsByOrgIDstruct {`
	`714`	+Org []Permission`json:"org"`
	`715`	+Member []Permission`json:"member"`
	`716`	`+}`
	`717`	`+`
`718`	`718`	`// Valid will check all it's permissions and ensure they are all correct`
`719`	`719`	`// according to the policy. This verifies every action specified make sense`
`720`	`720`	`// for the given resource.`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit4c25ec6

File tree

2 files changed

2 files changed

`‎coderd/rbac/astvalue.go‎`

`‎coderd/rbac/roles.go‎`

0 commit comments