NotificationsYou must be signed in to change notification settings
Fork906
Star10k

Commit9bbef21

committed

expanded user query with email on authorization and extracted actor injection to a single method

1 parent8faaa14 commit9bbef21Copy full SHA for 9bbef21

File tree

5 files changed

+29

-12

lines changed

coderd
- database
  - dbauthz
    - dbauthz.go
  - queries
    - users.sql
  - queries.sql.go
- httpmw
  - apikey.go
- rbac
  - authz.go

5 files changed

+29

-12

lines changed

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 20 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -388,59 +388,59 @@ var (`
`388`	`388`	`// AsProvisionerd returns a context with an actor that has permissions required`
`389`	`389`	`// for provisionerd to function.`
`390`	`390`	`funcAsProvisionerd(ctx context.Context) context.Context {`
`391`		`-returncontext.WithValue(ctx,authContextKey{},subjectProvisionerd)`
	`391`	`+returnInjectActorToContext(ctx,subjectProvisionerd)`
`392`	`392`	`}`
`393`	`393`
`394`	`394`	`// AsAutostart returns a context with an actor that has permissions required`
`395`	`395`	`// for autostart to function.`
`396`	`396`	`funcAsAutostart(ctx context.Context) context.Context {`
`397`		`-returncontext.WithValue(ctx,authContextKey{},subjectAutostart)`
	`397`	`+returnInjectActorToContext(ctx,subjectAutostart)`
`398`	`398`	`}`
`399`	`399`
`400`	`400`	`// AsHangDetector returns a context with an actor that has permissions required`
`401`	`401`	`// for unhanger.Detector to function.`
`402`	`402`	`funcAsHangDetector(ctx context.Context) context.Context {`
`403`		`-returncontext.WithValue(ctx,authContextKey{},subjectHangDetector)`
	`403`	`+returnInjectActorToContext(ctx,subjectHangDetector)`
`404`	`404`	`}`
`405`	`405`
`406`	`406`	`// AsKeyRotator returns a context with an actor that has permissions required for rotating crypto keys.`
`407`	`407`	`funcAsKeyRotator(ctx context.Context) context.Context {`
`408`		`-returncontext.WithValue(ctx,authContextKey{},subjectCryptoKeyRotator)`
	`408`	`+returnInjectActorToContext(ctx,subjectCryptoKeyRotator)`
`409`	`409`	`}`
`410`	`410`
`411`	`411`	`// AsKeyReader returns a context with an actor that has permissions required for reading crypto keys.`
`412`	`412`	`funcAsKeyReader(ctx context.Context) context.Context {`
`413`		`-returncontext.WithValue(ctx,authContextKey{},subjectCryptoKeyReader)`
	`413`	`+returnInjectActorToContext(ctx,subjectCryptoKeyReader)`
`414`	`414`	`}`
`415`	`415`
`416`	`416`	`// AsNotifier returns a context with an actor that has permissions required for`
`417`	`417`	`// creating/reading/updating/deleting notifications.`
`418`	`418`	`funcAsNotifier(ctx context.Context) context.Context {`
`419`		`-returncontext.WithValue(ctx,authContextKey{},subjectNotifier)`
	`419`	`+returnInjectActorToContext(ctx,subjectNotifier)`
`420`	`420`	`}`
`421`	`421`
`422`	`422`	`// AsResourceMonitor returns a context with an actor that has permissions required for`
`423`	`423`	`// updating resource monitors.`
`424`	`424`	`funcAsResourceMonitor(ctx context.Context) context.Context {`
`425`		`-returncontext.WithValue(ctx,authContextKey{},subjectResourceMonitor)`
	`425`	`+returnInjectActorToContext(ctx,subjectResourceMonitor)`
`426`	`426`	`}`
`427`	`427`
`428`	`428`	`// AsSystemRestricted returns a context with an actor that has permissions`
`429`	`429`	`// required for various system operations (login, logout, metrics cache).`
`430`	`430`	`funcAsSystemRestricted(ctx context.Context) context.Context {`
`431`		`-returncontext.WithValue(ctx,authContextKey{},subjectSystemRestricted)`
	`431`	`+returnInjectActorToContext(ctx,subjectSystemRestricted)`
`432`	`432`	`}`
`433`	`433`
`434`	`434`	`// AsSystemReadProvisionerDaemons returns a context with an actor that has permissions`
`435`	`435`	`// to read provisioner daemons.`
`436`	`436`	`funcAsSystemReadProvisionerDaemons(ctx context.Context) context.Context {`
`437`		`-returncontext.WithValue(ctx,authContextKey{},subjectSystemReadProvisionerDaemons)`
	`437`	`+returnInjectActorToContext(ctx,subjectSystemReadProvisionerDaemons)`
`438`	`438`	`}`
`439`	`439`
`440`	`440`	`// AsPrebuildsOrchestrator returns a context with an actor that has permissions`
`441`	`441`	`// to read orchestrator workspace prebuilds.`
`442`	`442`	`funcAsPrebuildsOrchestrator(ctx context.Context) context.Context {`
`443`		`-returncontext.WithValue(ctx,authContextKey{},subjectPrebuildsOrchestrator)`
	`443`	`+returnInjectActorToContext(ctx,subjectPrebuildsOrchestrator)`
`444`	`444`	`}`
`445`	`445`
`446`	`446`	`varAsRemoveActor= rbac.Subject{`
`@@ -458,6 +458,16 @@ func As(ctx context.Context, actor rbac.Subject) context.Context {`
`458`	`458`	`// should be removed from the context.`
`459`	`459`	`returncontext.WithValue(ctx,authContextKey{},nil)`
`460`	`460`	`}`
	`461`	`+returnInjectActorToContext(ctx,actor)`
	`462`	`+}`
	`463`	`+`
	`464`	`+funcInjectActorToContext(ctx context.Context,actor rbac.Subject) context.Context {`
	`465`	`+// if rlogger := httpmw.RequestLoggerFromContext(ctx); rlogger != nil {`
	`466`	`+// rlogger.WithFields(`
	`467`	`+// slog.F("requestor_id", actor.ID),`
	`468`	`+// slog.F("requestor_email", actor.Email),`
	`469`	`+// )`
	`470`	`+// }`
`461`	`471`	`returncontext.WithValue(ctx,authContextKey{},actor)`
`462`	`472`	`}`
`463`	`473`

`‎coderd/database/queries.sql.go`

Lines changed: 3 additions & 1 deletion

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries/users.sql`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -303,7 +303,7 @@ SELECT`
`303`	`303`	`-- username is returned just to help for logging purposes`
`304`	`304`	`-- status is used to enforce 'suspended' users, as all roles are ignored`
`305`	`305`	`--when suspended.`
`306`		`-id, username, status,`
	`306`	`+id, username, status, email,`
`307`	`307`	`-- All user roles, including their org roles.`
`308`	`308`	`array_cat(`
`309`	`309`	`-- All users are members`

`‎coderd/httpmw/apikey.go`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -466,6 +466,7 @@ func UserRBACSubject(ctx context.Context, db database.Store, userID uuid.UUID, s`
`466`	`466`
`467`	`467`	`actor:= rbac.Subject{`
`468`	`468`	`FriendlyName:roles.Username,`
	`469`	`+Email:roles.Email,`
`469`	`470`	`ID:userID.String(),`
`470`	`471`	`Roles:rbacRoles,`
`471`	`472`	`Groups:roles.Groups,`

`‎coderd/rbac/authz.go`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -66,6 +66,10 @@ type Subject struct {`
`66`	`66`	`// external workspace proxy or other service type actor.`
`67`	`67`	`FriendlyNamestring`
`68`	`68`
	`69`	`+// Email is entirely optional and is used for logging and debugging`
	`70`	`+// It is not used in any functional way.`
	`71`	`+Emailstring`
	`72`	`+`
`69`	`73`	`IDstring`
`70`	`74`	`RolesExpandableRoles`
`71`	`75`	`Groups []string`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit9bbef21

File tree

5 files changed

5 files changed

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/queries.sql.go`

`‎coderd/database/queries/users.sql`

`‎coderd/httpmw/apikey.go`

`‎coderd/rbac/authz.go`

0 commit comments