authz: eagerly get compiled rules in FilePermissionsFunc (!41491) · Merge requests · Administrator / sourcegraph

Administrator requested to merge k/remove-cache into main Sep 08, 2022

Created by: keegancsmith

This is a slight change in the behaviour of FilePermissionsFunc (and Permissions). Previously we never tried to get the rules if you passed in an empty Path. Now we do, but keep the empty path means Read behaviour. So the real change in behaviour is if the rules are invalid in a repo, previously permission check would work on empty path. Now it will also error like every path in the repo.

Note: I have not audited all the call sites of permissions code to see if this has potential to cause issue. It seems like if the rules are broken in a repo, lots of things break anyways. So this behaviour is a reasonable change.

Test Plan: go test

authz: eagerly get compiled rules in FilePermissionsFunc

Merge request reports