Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-21 16:08:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 100
fleet/server/platform/authz/authz.go
Victor Lyuboslavsky 61f635dd44
Activity bounded context: Complete read operations (#38555) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #38534

moved `/api/_version_/fleet/hosts/{id:[0-9]+}/activities` endpoint and
`MarkActivitiesAsStreamed` to activity bounded context

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.

## Testing

- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [x] QA'd all new/changed functionality manually

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added new endpoint to retrieve host-specific past activities with
pagination metadata.
  
* **Refactor**
* Refactored activity service architecture and authorization layer to
improve data provider integration and activity streaming capabilities.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-09 15:29:12 -06:00

43 lines
1.3 KiB
Go
Raw Blame History

// Package authz provides authorization interfaces for bounded contexts.
// This package contains only interfaces with no dependencies on fleet packages,
// allowing bounded contexts to use authorization without coupling to legacy code.
package authz
import (
"context"
"errors"
)
// Action represents an authorization action.
type Action string
const (
ActionRead Action = "read"
ActionList Action = "list"
)
// Authorizer is the interface for authorization checks.
type Authorizer interface {
// Authorize checks if the current user (from context) can perform the action on the subject.
// subject must implement AuthzTyper interface.
Authorize(ctx context.Context, subject AuthzTyper, action Action) error
}
// AuthzTyper is implemented by types that can be authorized.
// Each bounded context defines its own authorization subjects that implement this interface.
type AuthzTyper interface {
AuthzType() string
}
// Forbidden is an interface for authorization errors.
// Errors implementing this interface indicate that the requested action was forbidden.
type Forbidden interface {
error
Forbidden()
}
// IsForbidden returns true if the error (or any wrapped error) is a forbidden/authorization error.
func IsForbidden(err error) bool {
var f Forbidden
return errors.As(err, &f)
}
Reference in a new issue View git blame Copy permalink