NotificationsYou must be signed in to change notification settings
Fork927
Star10.1k

Commita77a9ab

authored

chore: skip audit log filter for owner/admin users (#14132)

* chore: audit log filter to be skipped if user is owner/adminOptimize for speed in the case the user can read all audit_logs* fixup! chore: audit log filter to be skipped if user is owner/admin

1 parent203f48a commita77a9abCopy full SHA for a77a9ab

File tree

2 files changed

-2

lines changed

coderd/database/dbauthz
- dbauthz.go
- dbauthz_test.go

2 files changed

-2

lines changed

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1248,6 +1248,13 @@ func (q *querier) GetApplicationName(ctx context.Context) (string, error) {`
`1248`	`1248`	`}`
`1249`	`1249`
`1250`	`1250`	`func (q*querier)GetAuditLogsOffset(ctx context.Context,arg database.GetAuditLogsOffsetParams) ([]database.GetAuditLogsOffsetRow,error) {`
	`1251`	`+// Shortcut if the user is an owner. The SQL filter is noticeable,`
	`1252`	`+// and this is an easy win for owners. Which is the common case.`
	`1253`	`+err:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceAuditLog)`
	`1254`	`+iferr==nil {`
	`1255`	`+returnq.db.GetAuditLogsOffset(ctx,arg)`
	`1256`	`+}`
	`1257`	`+`
`1251`	`1258`	`prep,err:=prepareSQLFilter(ctx,q.auth,policy.ActionRead,rbac.ResourceAuditLog.Type)`
`1252`	`1259`	`iferr!=nil {`
`1253`	`1260`	`returnnil,xerrors.Errorf("(dev error) prepare sql filter: %w",err)`

`‎coderd/database/dbauthz/dbauthz_test.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -267,14 +267,14 @@ func (s *MethodTestSuite) TestAuditLogs() {`
`267`	`267`	`_=dbgen.AuditLog(s.T(),db, database.AuditLog{})`
`268`	`268`	`check.Args(database.GetAuditLogsOffsetParams{`
`269`	`269`	`LimitOpt:10,`
`270`		`-}).Asserts()`
	`270`	`+}).Asserts(rbac.ResourceAuditLog,policy.ActionRead)`
`271`	`271`	`}))`
`272`	`272`	`s.Run("GetAuthorizedAuditLogsOffset",s.Subtest(func(db database.Store,check*expects) {`
`273`	`273`	`_=dbgen.AuditLog(s.T(),db, database.AuditLog{})`
`274`	`274`	`_=dbgen.AuditLog(s.T(),db, database.AuditLog{})`
`275`	`275`	`check.Args(database.GetAuditLogsOffsetParams{`
`276`	`276`	`LimitOpt:10,`
`277`		`-},emptyPreparedAuthorized{}).Asserts()`
	`277`	`+},emptyPreparedAuthorized{}).Asserts(rbac.ResourceAuditLog,policy.ActionRead)`
`278`	`278`	`}))`
`279`	`279`	`}`
`280`	`280`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commita77a9ab

File tree

2 files changed

2 files changed

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbauthz/dbauthz_test.go`

0 commit comments