mirror of
https://github.com/fleetdm/fleet
synced 2026-05-20 15:38:39 +00:00
18faa5a06b
- Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
29 lines
691 B
Go
29 lines
691 B
Go
package authz
|
|
|
|
import "net/http"
|
|
|
|
// Forbidden is the error type for authorization errors
|
|
type Forbidden struct {
|
|
internal string
|
|
}
|
|
|
|
// ForbiddenWithInternal creates a new error that will return a simple
|
|
// "forbidden" to the client, logging internally the more detailed message
|
|
// provided.
|
|
func ForbiddenWithInternal(internal string) *Forbidden {
|
|
return &Forbidden{internal: internal}
|
|
}
|
|
|
|
// Error implements the error interface.
|
|
func (e *Forbidden) Error() string {
|
|
return "forbidden"
|
|
}
|
|
|
|
// StatusCode implements the service.ErrWithStatusCode interface.
|
|
func (e *Forbidden) StatusCode() int {
|
|
return http.StatusForbidden
|
|
}
|
|
|
|
func (e *Forbidden) Internal() string {
|
|
return e.internal
|
|
}
|