workspace

package
v0.750.9-dryrun Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 22, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var AuthZProvider authz.AuthZProviderType[WorkspaceAuthZ]

AuthZProvider providers WorkspaceAuthZ implementations.

View Source 
var ErrLookup = fmt.Errorf("error looking up user's permissions")

ErrLookup is the error returned when a user's permissions couldn't be looked up.

Functions

func AddWorkspace 

func AddWorkspace(ctx context.Context, workspace *model.Workspace, tx *bun.Tx) error

AddWorkspace adds the given workspace to the database.

func AddWorkspaceNamespaceBinding 

func AddWorkspaceNamespaceBinding(ctx context.Context, wkspNmsp *model.WorkspaceNamespace,
	tx *bun.Tx,
) error

AddWorkspaceNamespaceBinding adds a workspace-namespace binding.

func AllWorkspaces 

func AllWorkspaces(ctx context.Context) ([]*model.Workspace, error)

AllWorkspaces returns all the workspaces that exist.

func DeleteWorkspaceNamespaceBindings 

func DeleteWorkspaceNamespaceBindings(ctx context.Context, wkspID int,
	clusterNames []string, tx *bun.Tx,
) ([]model.WorkspaceNamespace, error)

DeleteWorkspaceNamespaceBindings deletes the workspace-namespace binding.

func Exists 

func Exists(ctx context.Context, id int) (bool, error)

Exists returns if the workspace exists and is not archived.

func GetAllNamespacesForRM 

func GetAllNamespacesForRM(ctx context.Context, rmName string) ([]string, error)

GetAllNamespacesForRM gets all namespaces associated with a particular kubernetes cluster. defaultNs is an optional parameter, if there is no defaultNs provided, the "default" namespace will be added to the list instead.

func GetNamespaceFromWorkspace 

func GetNamespaceFromWorkspace(ctx context.Context, workspaceName string, clusterName string) (string, error)

GetNamespaceFromWorkspace returns the namespace for the given workspace and kubernetes cluster.

func GetNumWorkspacesUsingNamespaceInCluster 

func GetNumWorkspacesUsingNamespaceInCluster(ctx context.Context, clusterName string,
	namespaceName string,
) (int, error)

GetNumWorkspacesUsingNamespaceInCluster gets the number of Workspaces that are using a particular namespace for the given cluster.

func GetWorkspaceNamespaceBindings 

func GetWorkspaceNamespaceBindings(ctx context.Context,
	wkspID int,
) ([]model.WorkspaceNamespace, error)

GetWorkspaceNamespaceBindings gets the workspace-namespace bindings for a given workspace.

func WorkspaceByName 

func WorkspaceByName(ctx context.Context, workspaceName string) (*model.Workspace, error)

WorkspaceByName returns a workspace given it's name.

func WorkspaceByProjectID 

func WorkspaceByProjectID(ctx context.Context, projectID int) (*model.Workspace, error)

WorkspaceByProjectID returns a workspace given a project ID.

func WorkspaceIDsFromNames 

func WorkspaceIDsFromNames(ctx context.Context, workspaceNames []string) (
	[]int32, error,
)

WorkspaceIDsFromNames returns an unordered slice of workspaceIDs that correlate with the given workspace names.

func WorkspacesIDsByExperimentIDs 

func WorkspacesIDsByExperimentIDs(ctx context.Context, expIDs []int) ([]int, error)

WorkspacesIDsByExperimentIDs gets workspace IDs associated with each experiment.

Types

type WorkspaceAuthZ 

type WorkspaceAuthZ interface {
	// GET /api/v1/workspaces/:workspace_id
	CanGetWorkspace(
		ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
	) error

	CanGetWorkspaceID(
		ctx context.Context, curUser model.User, workspace int32,
	) error

	// POST /api/v1/resource-pools/workspace-bind
	// POST /api/v1/resource-pools/workspace-unbind
	CanModifyRPWorkspaceBindings(
		ctx context.Context, curUser model.User, workspaceIDs []int32,
	) error

	// GET /api/v1/workspaces/:workspace_id/projects
	FilterWorkspaceProjects(
		ctx context.Context, curUser model.User, projects []*projectv1.Project,
	) ([]*projectv1.Project, error)

	// GET /api/v1/workspaces
	FilterWorkspaces(
		ctx context.Context, curUser model.User, workspaces []*workspacev1.Workspace,
	) ([]*workspacev1.Workspace, error)

	FilterWorkspaceIDs(
		ctx context.Context, curUser model.User, workspaces []int32,
	) ([]int32, error)

	// POST /api/v1/workspaces
	CanCreateWorkspace(ctx context.Context, curUser model.User) error
	CanCreateWorkspaceWithAgentUserGroup(ctx context.Context, curUser model.User) error
	CanCreateWorkspaceWithCheckpointStorageConfig(ctx context.Context, curUser model.User) error
	CanSetWorkspaceNamespaceBindings(ctx context.Context, curUser model.User) error
	CanSetResourceQuotas(ctx context.Context, curUser model.User) error

	// PATCH /api/v1/workspaces/:workspace_id
	CanSetWorkspacesName(
		ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
	) error
	CanSetWorkspacesAgentUserGroup(
		ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
	) error
	CanSetWorkspacesCheckpointStorageConfig(
		ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
	) error
	CanSetWorkspacesDefaultPools(
		ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
	) error

	// DELETE /api/v1/workspaces/:workspace_id
	CanDeleteWorkspace(
		ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
	) error

	// POST /api/v1/workspaces/:workspace_id/archive
	CanArchiveWorkspace(
		ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
	) error
	// POST /api/v1/workspaces/:workspace_id/unarchive
	CanUnarchiveWorkspace(
		ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
	) error

	// POST /api/v1/workspaces/:workspace_id/pin
	CanPinWorkspace(
		ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
	) error
	// POST /api/v1/workspaces/:workspace_id/unpin
	CanUnpinWorkspace(
		ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
	) error
}

WorkspaceAuthZ is the interface for workspace authorization.

type WorkspaceAuthZBasic 

type WorkspaceAuthZBasic struct{}

WorkspaceAuthZBasic is classic OSS Determined authentication for workspaces.

func (*WorkspaceAuthZBasic) CanArchiveWorkspace 

func (a *WorkspaceAuthZBasic) CanArchiveWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanArchiveWorkspace returns an error if the user is not an admin or not the owner of the workspace.

func (*WorkspaceAuthZBasic) CanCreateWorkspace 

func (a *WorkspaceAuthZBasic) CanCreateWorkspace(ctx context.Context, curUser model.User) error

CanCreateWorkspace always returns a nil error.

func (*WorkspaceAuthZBasic) CanCreateWorkspaceWithAgentUserGroup 

func (a *WorkspaceAuthZBasic) CanCreateWorkspaceWithAgentUserGroup(
	ctx context.Context, curUser model.User,
) error

CanCreateWorkspaceWithAgentUserGroup requires user to be an admin.

func (*WorkspaceAuthZBasic) CanCreateWorkspaceWithCheckpointStorageConfig 

func (a *WorkspaceAuthZBasic) CanCreateWorkspaceWithCheckpointStorageConfig(
	ctx context.Context, curUser model.User,
) error

CanCreateWorkspaceWithCheckpointStorageConfig returns an nil error.

func (*WorkspaceAuthZBasic) CanDeleteWorkspace 

func (a *WorkspaceAuthZBasic) CanDeleteWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanDeleteWorkspace returns an error if the user is not an admin or not the owner of the workspace.

func (*WorkspaceAuthZBasic) CanGetWorkspace 

func (a *WorkspaceAuthZBasic) CanGetWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanGetWorkspace always return true and a nil error.

func (*WorkspaceAuthZBasic) CanGetWorkspaceID 

func (a *WorkspaceAuthZBasic) CanGetWorkspaceID(
	ctx context.Context, curUser model.User, workspaceID int32,
) error

CanGetWorkspaceID always return true and a nil error.

func (*WorkspaceAuthZBasic) CanModifyRPWorkspaceBindings 

func (a *WorkspaceAuthZBasic) CanModifyRPWorkspaceBindings(
	ctx context.Context, curUser model.User, workspaceIDs []int32,
) error

CanModifyRPWorkspaceBindings requires user to be an admin.

func (*WorkspaceAuthZBasic) CanPinWorkspace 

func (a *WorkspaceAuthZBasic) CanPinWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanPinWorkspace always returns a nil error.

func (*WorkspaceAuthZBasic) CanSetResourceQuotas 

func (a *WorkspaceAuthZBasic) CanSetResourceQuotas(ctx context.Context, curUser model.User,
) error

CanSetResourceQuotas returns an error if the user is not a cluster admin.

func (*WorkspaceAuthZBasic) CanSetWorkspaceNamespaceBindings 

func (a *WorkspaceAuthZBasic) CanSetWorkspaceNamespaceBindings(
	ctx context.Context, curUser model.User,
) error

CanSetWorkspaceNamespaceBindings retruns an error if the user is not a cluster admin.

func (*WorkspaceAuthZBasic) CanSetWorkspacesAgentUserGroup 

func (a *WorkspaceAuthZBasic) CanSetWorkspacesAgentUserGroup(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanSetWorkspacesAgentUserGroup can only be done by admins.

func (*WorkspaceAuthZBasic) CanSetWorkspacesCheckpointStorageConfig 

func (a *WorkspaceAuthZBasic) CanSetWorkspacesCheckpointStorageConfig(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanSetWorkspacesCheckpointStorageConfig returns an error if the user is not an admin or owner of the workspace.

func (*WorkspaceAuthZBasic) CanSetWorkspacesDefaultPools 

func (a *WorkspaceAuthZBasic) CanSetWorkspacesDefaultPools(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanSetWorkspacesDefaultPools returns a nil error.

func (*WorkspaceAuthZBasic) CanSetWorkspacesName 

func (a *WorkspaceAuthZBasic) CanSetWorkspacesName(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanSetWorkspacesName returns an error if the user is not an admin or not the owner of the workspace.

func (*WorkspaceAuthZBasic) CanUnarchiveWorkspace 

func (a *WorkspaceAuthZBasic) CanUnarchiveWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanUnarchiveWorkspace returns an error if the user is not an admin or not the owner of the workspace.

func (*WorkspaceAuthZBasic) CanUnpinWorkspace 

func (a *WorkspaceAuthZBasic) CanUnpinWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanUnpinWorkspace always returns a nil error.

func (*WorkspaceAuthZBasic) FilterWorkspaceIDs 

func (a *WorkspaceAuthZBasic) FilterWorkspaceIDs(
	ctx context.Context, curUser model.User, workspaceIDs []int32,
) ([]int32, error)

FilterWorkspaceIDs always returns provided list and a nil error.

func (*WorkspaceAuthZBasic) FilterWorkspaceProjects 

func (a *WorkspaceAuthZBasic) FilterWorkspaceProjects(
	ctx context.Context, curUser model.User, projects []*projectv1.Project,
) ([]*projectv1.Project, error)

FilterWorkspaceProjects always returns the list provided and a nil error.

func (*WorkspaceAuthZBasic) FilterWorkspaces 

func (a *WorkspaceAuthZBasic) FilterWorkspaces(
	ctx context.Context, curUser model.User, workspaces []*workspacev1.Workspace,
) ([]*workspacev1.Workspace, error)

FilterWorkspaces always returns provided list and a nil errir.

type WorkspaceAuthZPermissive 

type WorkspaceAuthZPermissive struct{}

WorkspaceAuthZPermissive is the permission implementation.

func (*WorkspaceAuthZPermissive) CanArchiveWorkspace 

func (p *WorkspaceAuthZPermissive) CanArchiveWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanArchiveWorkspace calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) CanCreateWorkspace 

func (p *WorkspaceAuthZPermissive) CanCreateWorkspace(
	ctx context.Context, curUser model.User,
) error

CanCreateWorkspace calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) CanCreateWorkspaceWithAgentUserGroup 

func (p *WorkspaceAuthZPermissive) CanCreateWorkspaceWithAgentUserGroup(
	ctx context.Context, curUser model.User,
) error

CanCreateWorkspaceWithAgentUserGroup calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) CanCreateWorkspaceWithCheckpointStorageConfig 

func (p *WorkspaceAuthZPermissive) CanCreateWorkspaceWithCheckpointStorageConfig(
	ctx context.Context, curUser model.User,
) error

CanCreateWorkspaceWithCheckpointStorageConfig calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) CanDeleteWorkspace 

func (p *WorkspaceAuthZPermissive) CanDeleteWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanDeleteWorkspace calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) CanGetWorkspace 

func (p *WorkspaceAuthZPermissive) CanGetWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanGetWorkspace calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) CanGetWorkspaceID 

func (p *WorkspaceAuthZPermissive) CanGetWorkspaceID(
	ctx context.Context, curUser model.User, workspaceID int32,
) error

CanGetWorkspaceID always return true and a nil error.

func (*WorkspaceAuthZPermissive) CanModifyRPWorkspaceBindings 

func (p *WorkspaceAuthZPermissive) CanModifyRPWorkspaceBindings(
	ctx context.Context, curUser model.User, workspaceIDs []int32,
) error

CanModifyRPWorkspaceBindings requires user to be an admin.

func (*WorkspaceAuthZPermissive) CanPinWorkspace 

func (p *WorkspaceAuthZPermissive) CanPinWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanPinWorkspace calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) CanSetResourceQuotas 

func (p *WorkspaceAuthZPermissive) CanSetResourceQuotas(
	ctx context.Context, curUser model.User,
) error

CanSetResourceQuotas calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) CanSetWorkspaceNamespaceBindings 

func (p *WorkspaceAuthZPermissive) CanSetWorkspaceNamespaceBindings(
	ctx context.Context, curUser model.User,
) error

CanSetWorkspaceNamespaceBindings calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) CanSetWorkspacesAgentUserGroup 

func (p *WorkspaceAuthZPermissive) CanSetWorkspacesAgentUserGroup(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanSetWorkspacesAgentUserGroup calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) CanSetWorkspacesCheckpointStorageConfig 

func (p *WorkspaceAuthZPermissive) CanSetWorkspacesCheckpointStorageConfig(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanSetWorkspacesCheckpointStorageConfig calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) CanSetWorkspacesDefaultPools 

func (p *WorkspaceAuthZPermissive) CanSetWorkspacesDefaultPools(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanSetWorkspacesDefaultPools calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) CanSetWorkspacesName 

func (p *WorkspaceAuthZPermissive) CanSetWorkspacesName(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanSetWorkspacesName calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) CanUnarchiveWorkspace 

func (p *WorkspaceAuthZPermissive) CanUnarchiveWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanUnarchiveWorkspace calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) CanUnpinWorkspace 

func (p *WorkspaceAuthZPermissive) CanUnpinWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) error

CanUnpinWorkspace calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) FilterWorkspaceIDs 

func (p *WorkspaceAuthZPermissive) FilterWorkspaceIDs(
	ctx context.Context, curUser model.User, workspaceIDs []int32,
) ([]int32, error)

FilterWorkspaceIDs always returns provided list and a nil error.

func (*WorkspaceAuthZPermissive) FilterWorkspaceProjects 

func (p *WorkspaceAuthZPermissive) FilterWorkspaceProjects(
	ctx context.Context, curUser model.User, projects []*projectv1.Project,
) ([]*projectv1.Project, error)

FilterWorkspaceProjects calls RBAC authz but enforces basic authz.

func (*WorkspaceAuthZPermissive) FilterWorkspaces 

func (p *WorkspaceAuthZPermissive) FilterWorkspaces(
	ctx context.Context, curUser model.User, workspaces []*workspacev1.Workspace,
) ([]*workspacev1.Workspace, error)

FilterWorkspaces calls RBAC authz but enforces basic authz.

type WorkspaceAuthZRBAC 

type WorkspaceAuthZRBAC struct{}

WorkspaceAuthZRBAC is the RBAC implementation of WorkspaceAuthZ.

func (*WorkspaceAuthZRBAC) CanArchiveWorkspace 

func (r *WorkspaceAuthZRBAC) CanArchiveWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) (err error)

CanArchiveWorkspace determines whether a user can archive a workspace.

func (*WorkspaceAuthZRBAC) CanCreateWorkspace 

func (r *WorkspaceAuthZRBAC) CanCreateWorkspace(ctx context.Context, curUser model.User,
) (err error)

CanCreateWorkspace determines whether a user can create workspaces.

func (*WorkspaceAuthZRBAC) CanCreateWorkspaceWithAgentUserGroup 

func (r *WorkspaceAuthZRBAC) CanCreateWorkspaceWithAgentUserGroup(
	ctx context.Context, curUser model.User,
) (err error)

CanCreateWorkspaceWithAgentUserGroup determines whether a user can set agent uid/gid on a new workspace.

func (*WorkspaceAuthZRBAC) CanCreateWorkspaceWithCheckpointStorageConfig 

func (r *WorkspaceAuthZRBAC) CanCreateWorkspaceWithCheckpointStorageConfig(
	ctx context.Context, curUser model.User,
) (err error)

CanCreateWorkspaceWithCheckpointStorageConfig determines if a user can set checkpoint storage access on a new workspace.

func (*WorkspaceAuthZRBAC) CanDeleteWorkspace 

func (r *WorkspaceAuthZRBAC) CanDeleteWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) (err error)

CanDeleteWorkspace determines whether a user can delete a workspace.

func (*WorkspaceAuthZRBAC) CanGetWorkspace 

func (r *WorkspaceAuthZRBAC) CanGetWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) (serverError error)

CanGetWorkspace determines whether a user can view a workspace.

func (*WorkspaceAuthZRBAC) CanGetWorkspaceID 

func (r *WorkspaceAuthZRBAC) CanGetWorkspaceID(
	ctx context.Context, curUser model.User, workspaceID int32,
) (err error)

CanGetWorkspaceID determines whether a user can view a workspace given its id.

func (*WorkspaceAuthZRBAC) CanModifyRPWorkspaceBindings 

func (r *WorkspaceAuthZRBAC) CanModifyRPWorkspaceBindings(
	ctx context.Context, curUser model.User, workspaceIDs []int32,
) (err error)

CanModifyRPWorkspaceBindings requires user to be an admin.

func (*WorkspaceAuthZRBAC) CanPinWorkspace 

func (r *WorkspaceAuthZRBAC) CanPinWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) (err error)

CanPinWorkspace determines whether a user can pin a workspace.

func (*WorkspaceAuthZRBAC) CanSetResourceQuotas 

func (r *WorkspaceAuthZRBAC) CanSetResourceQuotas(ctx context.Context,
	curUser model.User,
) (err error)

CanSetResourceQuotas determines whether a user can set a resource quota on a workspace.

func (*WorkspaceAuthZRBAC) CanSetWorkspaceNamespaceBindings 

func (r *WorkspaceAuthZRBAC) CanSetWorkspaceNamespaceBindings(ctx context.Context,
	curUser model.User,
) (err error)

CanSetWorkspaceNamespaceBindings determines whether a user can set a workspace namespace bindng.

func (*WorkspaceAuthZRBAC) CanSetWorkspacesAgentUserGroup 

func (r *WorkspaceAuthZRBAC) CanSetWorkspacesAgentUserGroup(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) (err error)

CanSetWorkspacesAgentUserGroup determines whether a user can set agent uid/gid.

func (*WorkspaceAuthZRBAC) CanSetWorkspacesCheckpointStorageConfig 

func (r *WorkspaceAuthZRBAC) CanSetWorkspacesCheckpointStorageConfig(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) (err error)

CanSetWorkspacesCheckpointStorageConfig determines if a user can set checkpoint storage access.

func (*WorkspaceAuthZRBAC) CanSetWorkspacesDefaultPools 

func (r *WorkspaceAuthZRBAC) CanSetWorkspacesDefaultPools(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) (err error)

CanSetWorkspacesDefaultPools determines whether a user can set a workspace default compute or aux pool.

func (*WorkspaceAuthZRBAC) CanSetWorkspacesName 

func (r *WorkspaceAuthZRBAC) CanSetWorkspacesName(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) (err error)

CanSetWorkspacesName determines whether a user can set a workspace's name.

func (*WorkspaceAuthZRBAC) CanUnarchiveWorkspace 

func (r *WorkspaceAuthZRBAC) CanUnarchiveWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) (err error)

CanUnarchiveWorkspace determines whether a user can unarchive a workspace.

func (*WorkspaceAuthZRBAC) CanUnpinWorkspace 

func (r *WorkspaceAuthZRBAC) CanUnpinWorkspace(
	ctx context.Context, curUser model.User, workspace *workspacev1.Workspace,
) (err error)

CanUnpinWorkspace determines whether a user can unpin a workspace.

func (*WorkspaceAuthZRBAC) FilterWorkspaceIDs 

func (r *WorkspaceAuthZRBAC) FilterWorkspaceIDs(
	ctx context.Context, curUser model.User, workspaceIDs []int32,
) (filteredWorkspaceIDs []int32, err error)

FilterWorkspaceIDs filters workspace IDs based on which ones the user has view permissions on.

func (*WorkspaceAuthZRBAC) FilterWorkspaceProjects 

func (r *WorkspaceAuthZRBAC) FilterWorkspaceProjects(
	ctx context.Context, curUser model.User, projects []*projectv1.Project,
) (filteredProjects []*projectv1.Project, err error)

FilterWorkspaceProjects filters a set of projects based on which workspaces a user has view permissions on.

func (*WorkspaceAuthZRBAC) FilterWorkspaces 

func (r *WorkspaceAuthZRBAC) FilterWorkspaces(
	ctx context.Context, curUser model.User, workspaces []*workspacev1.Workspace,
) (filteredWorkspaces []*workspacev1.Workspace, err error)

FilterWorkspaces filters workspaces based on which ones the user has view permissions on.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.