Skip to content

Commit e0b8af3

Browse files
EmyrkEmyrk
committed
fixup comments
1 parent abb460c commit e0b8af3

File tree

3 files changed

+19
-14
lines changed

3 files changed

+19
-14
lines changed

coderd/coderd.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1076,7 +1076,7 @@ func New(options *Options) *API {
10761076

10771077
r.Group(func(r chi.Router) {
10781078
r.Use(
1079-
httpmw.ExtractOrganizationMemberParam(options.Database, api.HTTPAuth.Authorize),
1079+
httpmw.ExtractOrganizationMemberParam(options.Database),
10801080
)
10811081
r.Delete("/", api.deleteOrganizationMember)
10821082
r.Put("/roles", api.putMemberRoles)

coderd/httpmw/organizationparam.go

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -118,12 +118,12 @@ type OrganizationMember struct {
118118

119119
// ExtractOrganizationMemberParam grabs a user membership from the "organization" and "user" URL parameter.
120120
// This middleware requires the ExtractUser and ExtractOrganization middleware higher in the stack
121-
func ExtractOrganizationMemberParam(db database.Store, auth func(r *http.Request, action policy.Action, object rbac.Objecter) bool) func(http.Handler) http.Handler {
121+
func ExtractOrganizationMemberParam(db database.Store) func(http.Handler) http.Handler {
122122
return func(next http.Handler) http.Handler {
123123
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
124124
ctx := r.Context()
125125
organization := OrganizationParam(r)
126-
_, members, done := ExtractOrganizationMember(ctx, auth, rw, r, db, organization.ID)
126+
_, members, done := ExtractOrganizationMember(ctx, nil, rw, r, db, organization.ID)
127127
if done {
128128
return
129129
}
@@ -194,12 +194,12 @@ func ExtractOrganizationMember(ctx context.Context, auth func(r *http.Request, a
194194
return nil, nil, true
195195
}
196196

197-
if auth(r, policy.ActionRead, user) {
197+
if auth != nil && auth(r, policy.ActionRead, user) {
198198
return &user, organizationMembers, true
199199
}
200200

201201
// If the user cannot be read and 0 memberships exist, throw a 404 to not
202-
// leak the user existance.
202+
// leak the user existence.
203203
if len(organizationMembers) == 0 {
204204
httpapi.ResourceNotFound(rw)
205205
return nil, nil, true
@@ -209,7 +209,11 @@ func ExtractOrganizationMember(ctx context.Context, auth func(r *http.Request, a
209209
}
210210

211211
type OrganizationMembers struct {
212-
User *database.User
212+
// User is `nil` if the caller is not allowed access to the site wide
213+
// user object.
214+
User *database.User
215+
// Memberships can only be length 0 if `user != nil`. If `user == nil`, then
216+
// memberships will be at least length 1.
213217
Memberships []OrganizationMember
214218
}
215219

@@ -226,6 +230,9 @@ func (om OrganizationMembers) UserID() uuid.UUID {
226230

227231
// ExtractOrganizationMembersParam grabs all user organization memberships.
228232
// Only requires the "user" URL parameter.
233+
//
234+
// Use this if you want to grab as much information for a user as you can.
235+
// From an organization context, site wide user information might not available.
229236
func ExtractOrganizationMembersParam(db database.Store, auth func(r *http.Request, action policy.Action, object rbac.Objecter) bool) func(http.Handler) http.Handler {
230237
return func(next http.Handler) http.Handler {
231238
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {

coderd/httpmw/organizationparam_test.go

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -131,9 +131,7 @@ func TestOrganizationParam(t *testing.T) {
131131
}),
132132
httpmw.ExtractUserParam(db),
133133
httpmw.ExtractOrganizationParam(db),
134-
httpmw.ExtractOrganizationMemberParam(db, func(r *http.Request, _ policy.Action, _ rbac.Objecter) bool {
135-
return true
136-
}),
134+
httpmw.ExtractOrganizationMemberParam(db),
137135
)
138136
rtr.Get("/", nil)
139137
rtr.ServeHTTP(rw, r)
@@ -170,11 +168,10 @@ func TestOrganizationParam(t *testing.T) {
170168
}),
171169
httpmw.ExtractOrganizationParam(db),
172170
httpmw.ExtractUserParam(db),
173-
httpmw.ExtractOrganizationMemberParam(db, func(r *http.Request, _ policy.Action, _ rbac.Objecter) bool {
174-
return true
175-
}),
171+
httpmw.ExtractOrganizationMemberParam(db),
176172
httpmw.ExtractOrganizationMembersParam(db, func(r *http.Request, _ policy.Action, _ rbac.Objecter) bool {
177-
return true
173+
// Assume the caller cannot read the member
174+
return false
178175
}),
179176
)
180177
rtr.Get("/", func(rw http.ResponseWriter, r *http.Request) {
@@ -202,7 +199,8 @@ func TestOrganizationParam(t *testing.T) {
202199

203200
orgMems := httpmw.OrganizationMembersParam(r)
204201
assert.NotZero(t, orgMems)
205-
assert.Equal(t, orgMem.UserID, orgMems[0].UserID)
202+
assert.Equal(t, orgMem.UserID, orgMems.Memberships[0].UserID)
203+
assert.Nil(t, orgMems.User, "user data should not be available, hard coded false authorize")
206204
})
207205

208206
// Try by ID

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy