shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(dbauthz): add authz for system-level functions (#6513)

Browse Source 
- Introduces rbac.ResourceSystem
- Grants system.* to system and provisionerd rbac subjects
- Updates dbauthz system queries where applicable
- coderd: Avoid index out of bounds in api.workspaceBuilds
- dbauthz: move GetUsersByIDs out of system, modify RBAC check to ResourceUser
- workspaceapps: Add test case for when owner of app is not found
This commit is contained in:
Cian Johnston
2023-03-10 18:09:28 +00:00
committed by GitHub
parent 1db2b12b8e
commit 144f374f60
17 changed files with 470 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files
coderd/updatecheck/updatecheck.go
+5 -2
View File
@@ -20,6 +20,7 @@ import (
"cdr.dev/slog"
"github.com/coder/coder/coderd/database"
"github.com/coder/coder/coderd/database/dbauthz"
)
const (
@@ -209,7 +210,8 @@ func (c *Checker) update() (r Result, err error) {
return r, xerrors.Errorf("json marshal result: %w", err)
}
err = c.db.InsertOrUpdateLastUpdateCheck(ctx, string(b))
// nolint:gocritic // Inserting the last update check is a system function.
err = c.db.InsertOrUpdateLastUpdateCheck(dbauthz.AsSystemRestricted(ctx), string(b))
if err != nil {
return r, err
}
@@ -224,7 +226,8 @@ func (c *Checker) notifyIfNewer(prev, next Result) {
}
func (c *Checker) lastUpdateCheck(ctx context.Context) (r Result, err error) {
s, err := c.db.GetLastUpdateCheck(ctx)
// nolint:gocritic // Getting the last update check is a system function.
s, err := c.db.GetLastUpdateCheck(dbauthz.AsSystemRestricted(ctx))
if err != nil {
return r, err
}