Fix access denied error

2025-02-13 20:24:57 -05:00 · 2025-02-13 20:24:57 -05:00 · 6e15656276
commit 6e15656276
parent 2674a71f30
4 changed files with 12 additions and 5 deletions
--- a/pkg/rbac/rbac.go
+++ b/pkg/rbac/rbac.go
@ -12,13 +12,18 @@ import (

 var (
 	ErrBadSubject = errors.New("bad subject in token")
+	ErrAccessDenied = errors.New("access denied")
 )

-func ErrAccessDenied(err error) *restrict.AccessDeniedError {
+func IsErrAccessDenied(err error) error {
 	if accessErr, ok := err.(*restrict.AccessDeniedError); ok {
 		return accessErr
 	}

+	if err == ErrAccessDenied {
+		return err
+	}
+
 	return nil
 }

@ -115,5 +120,7 @@ func (r *rbac) Check(ctx context.Context, res restrict.Resource, opts ...CheckOp
 		Context:  o.context,
 	}

-	return sub, r.access.Authorize(req)
+	authRes := r.access.Authorize(req)
+
+	return sub, authRes
 }
--- a/pkg/rest/api.go
+++ b/pkg/rest/api.go
@ -179,7 +179,7 @@ func autoError(err error) render.Renderer {
 		}
 	}

-	if rbac.ErrAccessDenied(err) != nil {
+	if rbac.IsErrAccessDenied(err) != nil {
 		return forbiddenErrText(err)
 	}

--- a/pkg/shares/store.go
+++ b/pkg/shares/store.go
@ -123,7 +123,7 @@ func (s *postgresStore) Shares(ctx context.Context, p SharesParams) (shares []*S
 	case *entities.SystemServiceSubject:
 		owner = nil
 	default:
-		return nil, 0, rbac.ErrAccessDenied(rbac.ErrNotAuthorized)
+		return nil, 0, rbac.ErrAccessDenied
 	}

 	db := database.FromCtx(ctx)
--- a/pkg/sources/http.go
+++ b/pkg/sources/http.go
@ -134,7 +134,7 @@ func (h *RdioHTTP) routeCallUpload(w http.ResponseWriter, r *http.Request) {
 	}
 	err = h.ing.Ingest(entities.CtxWithSubject(ctx, submitterSub), call)
 	if err != nil {
-		if rbac.ErrAccessDenied(err) != nil {
+		if rbac.IsErrAccessDenied(err) != nil {
 			log.Error().Err(err).Msg("ingest failed")
 			http.Error(w, "Call ingest failed.", http.StatusForbidden)
 		}