2025-02-14 00:25:03 -05:00
4 changed files with 12 additions and 5 deletions
--- a/pkg/rbac/rbac.go
+++ b/pkg/rbac/rbac.go
@ -12,13 +12,18 @@ import (
 var (
 	ErrBadSubject = errors.New("bad subject in token")
 	ErrAccessDenied = errors.New("access denied")
 )
-func ErrAccessDenied(err error) *restrict.AccessDeniedError {
+func IsErrAccessDenied(err error) error {
 	if accessErr, ok := err.(*restrict.AccessDeniedError); ok {
 		return accessErr
 	}
 	if err == ErrAccessDenied {
 		return err
 	}
 	return nil
 }
@ -115,5 +120,7 @@ func (r *rbac) Check(ctx context.Context, res restrict.Resource, opts ...CheckOp
 		Context:  o.context,
 	}
-	return sub, r.access.Authorize(req)
+	authRes := r.access.Authorize(req)
 	return sub, authRes
 }
--- a/pkg/rest/api.go
+++ b/pkg/rest/api.go
@ -179,7 +179,7 @@ func autoError(err error) render.Renderer {
 		}
 	}
-	if rbac.ErrAccessDenied(err) != nil {
+	if rbac.IsErrAccessDenied(err) != nil {
 		return forbiddenErrText(err)
 	}
--- a/pkg/shares/store.go
+++ b/pkg/shares/store.go
@ -123,7 +123,7 @@ func (s *postgresStore) Shares(ctx context.Context, p SharesParams) (shares []*S
 	case *entities.SystemServiceSubject:
 		owner = nil
 	default:
-		return nil, 0, rbac.ErrAccessDenied(rbac.ErrNotAuthorized)
+		return nil, 0, rbac.ErrAccessDenied
 	}
 	db := database.FromCtx(ctx)
--- a/pkg/sources/http.go
+++ b/pkg/sources/http.go
@ -134,7 +134,7 @@ func (h *RdioHTTP) routeCallUpload(w http.ResponseWriter, r *http.Request) {
 	}
 	err = h.ing.Ingest(entities.CtxWithSubject(ctx, submitterSub), call)
 	if err != nil {
-		if rbac.ErrAccessDenied(err) != nil {
+		if rbac.IsErrAccessDenied(err) != nil {
 			log.Error().Err(err).Msg("ingest failed")
 			http.Error(w, "Call ingest failed.", http.StatusForbidden)
 		}