Movatterモバイル変換

[0]ホーム
URL:

dbauthz

package
v2.23.0Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest Published: Jun 3, 2025 License:AGPL-3.0Imports:23Imported by:0

Details

Repository

github.com/coder/coder

Links

Documentation

Overview

Package dbauthz provides an authorization layer on top of the database. Thispackage exposes an interface that is currently a 1:1 mapping withdatabase.Store.

The same cultural rules apply to this package as they do to database.Store.Meaning that each method implemented should keep the number of databasequeries as close to 1 as possible. Each method should do 1 thing, with nounexpected side effects (eg: updating multiple tables in a single method).

Do not implement business logic in this package. Only authorization relatedlogic should be implemented here. In most cases, this should only be a call tothe rbac authorizer.

When a new database method is added to database.Store, it should be added tothis package as well. The unit test "Accounting" will ensure all methods aretested. See other unit tests for examples on how to write these.

Index

Constants

This section is empty.

Variables

View Source
var AsRemoveActor =rbac.Subject{ID: "remove-actor",}
View Source
var ErrNoActor =xerrors.Errorf("no authorization actor in context")

ErrNoActor is returned if no actor is present in the context.

Functions

funcActorFromContext

func ActorFromContext(ctxcontext.Context) (rbac.Subject,bool)

ActorFromContext returns the authorization subject from the context.All authentication flows should set the authorization subject in the context.If no actor is present, the function returns false.

funcAs

As returns a context with the given actor stored in the context.This is used for cases where the actor touching the database is not theactor stored in the context.When you use this function, be sure to add a //nolint commentexplaining why it is necessary.

funcAsAutostart

func AsAutostart(ctxcontext.Context)context.Context

AsAutostart returns a context with an actor that has permissions requiredfor autostart to function.

funcAsJobReaperadded inv2.23.0

func AsJobReaper(ctxcontext.Context)context.Context

AsJobReaper returns a context with an actor that has permissions requiredfor reaper.Detector to function.

funcAsKeyReaderadded inv2.17.0

func AsKeyReader(ctxcontext.Context)context.Context

AsKeyReader returns a context with an actor that has permissions required for reading crypto keys.

funcAsKeyRotatoradded inv2.17.0

func AsKeyRotator(ctxcontext.Context)context.Context

AsKeyRotator returns a context with an actor that has permissions required for rotating crypto keys.

funcAsNotifieradded inv2.18.0

func AsNotifier(ctxcontext.Context)context.Context

AsNotifier returns a context with an actor that has permissions required forcreating/reading/updating/deleting notifications.

funcAsPrebuildsOrchestratoradded inv2.22.0

func AsPrebuildsOrchestrator(ctxcontext.Context)context.Context

AsPrebuildsOrchestrator returns a context with an actor that has permissionsto read orchestrator workspace prebuilds.

funcAsProvisionerd

func AsProvisionerd(ctxcontext.Context)context.Context

AsProvisionerd returns a context with an actor that has permissions requiredfor provisionerd to function.

funcAsResourceMonitoradded inv2.20.0

func AsResourceMonitor(ctxcontext.Context)context.Context

AsResourceMonitor returns a context with an actor that has permissions required forupdating resource monitors.

funcAsSystemReadProvisionerDaemonsadded inv2.18.1

func AsSystemReadProvisionerDaemons(ctxcontext.Context)context.Context

AsSystemReadProvisionerDaemons returns a context with an actor that has permissionsto read provisioner daemons.

funcAsSystemRestricted

func AsSystemRestricted(ctxcontext.Context)context.Context

AsSystemRestricted returns a context with an actor that has permissionsrequired for various system operations (login, logout, metrics cache).

funcIsNotAuthorizedError

func IsNotAuthorizedError(errerror)bool

Types

typeAGPLTemplateAccessControlStoreadded inv2.3.2

type AGPLTemplateAccessControlStore struct{}

AGPLTemplateAccessControlStore always returns the defaults for access controlsettings.

func (AGPLTemplateAccessControlStore)GetTemplateAccessControladded inv2.3.2

func (AGPLTemplateAccessControlStore)SetTemplateAccessControladded inv2.3.2

typeAccessControlStoreadded inv2.3.2

type AccessControlStore interface {GetTemplateAccessControl(tdatabase.Template)TemplateAccessControlSetTemplateAccessControl(ctxcontext.Context, storedatabase.Store, iduuid.UUID, optsTemplateAccessControl)error}

AccessControlStore fetches access control-related configurationthat is used when determining whether an actor is authorizedto interact with an RBAC object.

typeNotAuthorizedError

type NotAuthorizedError struct {Errerror}

NotAuthorizedError is a sentinel error that unwraps to sql.ErrNoRows.This allows the internal error to be read by the caller if needed. Otherwiseit will be handled as a 404.

func (NotAuthorizedError)Error

func (eNotAuthorizedError) Error()string

func (NotAuthorizedError)IsUnauthorizedadded inv2.1.5

func (NotAuthorizedError) IsUnauthorized()bool

IsUnauthorized implements the IsUnauthorized interface.

func (NotAuthorizedError)Unwrap

func (eNotAuthorizedError) Unwrap()error

Unwrap will always unwrap to a sql.ErrNoRows so the API returns a 404.So 'errors.Is(err, sql.ErrNoRows)' will always be true.

typeTemplateAccessControladded inv2.3.2

type TemplateAccessControl struct {RequireActiveVersionboolDeprecatedstring}

func (TemplateAccessControl)IsDeprecatedadded inv2.5.0

func (tTemplateAccessControl) IsDeprecated()bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f orF : Jump to
y orY : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic.Learn more.
[8]ページ先頭
©2009-2025 Movatter.jp