Skip to content

backend: remove authz bypass and always use internal actors

Administrator requested to merge aharvey/lazarus-with-a-triple-bypass into main

Created by: LawnGnome

This came out of a Slack discussion, where it was agreed that we could unify the existing authz bypass and internal actor mechanisms. Therefore:

Internal actors (as provisioned by actor.WithInternalActor()) are now the only supported way of bypassing authorisation checks.

I've added documentation to that effect, along with a potted description of how to use our authorization primitives as they stand. There's a fairly obvious hole in that we have some great helpers in cmd/frontend/backend that would be more generally applicable if we could untangle the circular internal/database dependency that naïvely copying them to internal/actor would create, but I'm saving dealing with that for a future rainy day. (Or someone else's rainy day.)

Reviews have been broadly requested, as this touches code (well, mostly tests) from a bunch of different teams, but I don't think this is particularly spicy overall. (It would actually be a net reduction in lines if I hadn't written a bunch of Markdown.)

Merge request reports

Loading