Skip to content

Commit dee6265

Browse files
evgeniy-scherbinaevgeniy-scherbina
committed
temporary commit
1 parent a660292 commit dee6265

File tree

12 files changed

+103
-36
lines changed

12 files changed

+103
-36
lines changed

coderd/apidoc/docs.go

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/apidoc/swagger.json

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/dbauthz/dbauthz.go

Lines changed: 42 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -590,9 +590,9 @@ func As(ctx context.Context, actor rbac.Subject) context.Context {
590590
// running the insertFunc. The insertFunc is expected to return the object that
591591
// was inserted.
592592
func insert[
593-
ObjectType any,
594-
ArgumentType any,
595-
Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
593+
ObjectType any,
594+
ArgumentType any,
595+
Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
596596
](
597597
logger slog.Logger,
598598
authorizer rbac.Authorizer,
@@ -603,9 +603,9 @@ func insert[
603603
}
604604

605605
func insertWithAction[
606-
ObjectType any,
607-
ArgumentType any,
608-
Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
606+
ObjectType any,
607+
ArgumentType any,
608+
Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
609609
](
610610
logger slog.Logger,
611611
authorizer rbac.Authorizer,
@@ -632,10 +632,10 @@ func insertWithAction[
632632
}
633633

634634
func deleteQ[
635-
ObjectType rbac.Objecter,
636-
ArgumentType any,
637-
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
638-
Delete func(ctx context.Context, arg ArgumentType) error,
635+
ObjectType rbac.Objecter,
636+
ArgumentType any,
637+
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
638+
Delete func(ctx context.Context, arg ArgumentType) error,
639639
](
640640
logger slog.Logger,
641641
authorizer rbac.Authorizer,
@@ -647,10 +647,10 @@ func deleteQ[
647647
}
648648

649649
func updateWithReturn[
650-
ObjectType rbac.Objecter,
651-
ArgumentType any,
652-
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
653-
UpdateQuery func(ctx context.Context, arg ArgumentType) (ObjectType, error),
650+
ObjectType rbac.Objecter,
651+
ArgumentType any,
652+
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
653+
UpdateQuery func(ctx context.Context, arg ArgumentType) (ObjectType, error),
654654
](
655655
logger slog.Logger,
656656
authorizer rbac.Authorizer,
@@ -661,10 +661,10 @@ func updateWithReturn[
661661
}
662662

663663
func update[
664-
ObjectType rbac.Objecter,
665-
ArgumentType any,
666-
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
667-
Exec func(ctx context.Context, arg ArgumentType) error,
664+
ObjectType rbac.Objecter,
665+
ArgumentType any,
666+
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
667+
Exec func(ctx context.Context, arg ArgumentType) error,
668668
](
669669
logger slog.Logger,
670670
authorizer rbac.Authorizer,
@@ -682,9 +682,9 @@ func update[
682682
// user cannot read the resource. This is because the resource details are
683683
// required to run a proper authorization check.
684684
func fetchWithAction[
685-
ArgumentType any,
686-
ObjectType rbac.Objecter,
687-
DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
685+
ArgumentType any,
686+
ObjectType rbac.Objecter,
687+
DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
688688
](
689689
logger slog.Logger,
690690
authorizer rbac.Authorizer,
@@ -715,9 +715,9 @@ func fetchWithAction[
715715
}
716716

717717
func fetch[
718-
ArgumentType any,
719-
ObjectType rbac.Objecter,
720-
DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
718+
ArgumentType any,
719+
ObjectType rbac.Objecter,
720+
DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
721721
](
722722
logger slog.Logger,
723723
authorizer rbac.Authorizer,
@@ -730,10 +730,10 @@ func fetch[
730730
// from SQL 'exec' functions which only return an error.
731731
// See fetchAndQuery for more information.
732732
func fetchAndExec[
733-
ObjectType rbac.Objecter,
734-
ArgumentType any,
735-
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
736-
Exec func(ctx context.Context, arg ArgumentType) error,
733+
ObjectType rbac.Objecter,
734+
ArgumentType any,
735+
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
736+
Exec func(ctx context.Context, arg ArgumentType) error,
737737
](
738738
logger slog.Logger,
739739
authorizer rbac.Authorizer,
@@ -756,10 +756,10 @@ func fetchAndExec[
756756
// **before** the query runs. The returns from the fetch are only used to
757757
// assert rbac. The final return of this function comes from the Query function.
758758
func fetchAndQuery[
759-
ObjectType rbac.Objecter,
760-
ArgumentType any,
761-
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
762-
Query func(ctx context.Context, arg ArgumentType) (ObjectType, error),
759+
ObjectType rbac.Objecter,
760+
ArgumentType any,
761+
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
762+
Query func(ctx context.Context, arg ArgumentType) (ObjectType, error),
763763
](
764764
logger slog.Logger,
765765
authorizer rbac.Authorizer,
@@ -793,9 +793,9 @@ func fetchAndQuery[
793793
// fetchWithPostFilter is like fetch, but works with lists of objects.
794794
// SQL filters are much more optimal.
795795
func fetchWithPostFilter[
796-
ArgumentType any,
797-
ObjectType rbac.Objecter,
798-
DatabaseFunc func(ctx context.Context, arg ArgumentType) ([]ObjectType, error),
796+
ArgumentType any,
797+
ObjectType rbac.Objecter,
798+
DatabaseFunc func(ctx context.Context, arg ArgumentType) ([]ObjectType, error),
799799
](
800800
authorizer rbac.Authorizer,
801801
action policy.Action,
@@ -3872,7 +3872,13 @@ func (q *querier) InsertUserLink(ctx context.Context, arg database.InsertUserLin
38723872
}
38733873

38743874
func (q *querier) InsertUserSecret(ctx context.Context, arg database.InsertUserSecretParams) (database.UserSecret, error) {
3875-
panic("not implemented")
3875+
return database.UserSecret{}, nil
3876+
3877+
//if err := q.authorizeContext(ctx, policy.ActionUpdate, rbac.ResourceUserObject(arg.UserID)); err != nil {
3878+
// return database.UserLink{}, err
3879+
//}
3880+
3881+
//return q.db.InsertUserLink(ctx, arg)
38763882
}
38773883

38783884
func (q *querier) InsertVolumeResourceMonitor(ctx context.Context, arg database.InsertVolumeResourceMonitorParams) (database.WorkspaceAgentVolumeResourceMonitor, error) {

coderd/database/dbmock/dbmock.go

Lines changed: 15 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/modelmethods.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -615,3 +615,10 @@ func (m WorkspaceAgentVolumeResourceMonitor) Debounce(
615615

616616
return m.DebouncedUntil, false
617617
}
618+
619+
func (s UserSecret) RBACObject() rbac.Object {
620+
return rbac.ResourceUserSecret.WithID(s.ID).
621+
InOrg(s.OrganizationID).
622+
WithACLUserList(t.UserACL).
623+
WithGroupACL(t.GroupACL)
624+
}

coderd/rbac/object_gen.go

Lines changed: 11 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/rbac/policy/policy.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -349,4 +349,12 @@ var RBACPermissions = map[string]PermissionDefinition{
349349
ActionCreate: actDef("create workspace agent devcontainers"),
350350
},
351351
},
352+
"user_secret": {
353+
Actions: map[Action]ActionDefinition{
354+
ActionCreate: actDef("create a user secret"),
355+
ActionRead: actDef("read a user secret"),
356+
ActionUpdate: actDef("update a user secret"),
357+
ActionDelete: actDef("delete a user secret"),
358+
},
359+
},
352360
}

codersdk/rbacresources_gen.go

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/reference/api/members.md

Lines changed: 5 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/reference/api/schemas.md

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy