db/repos: remove explicit authz bypass logic (!8718) · Merge requests · Administrator / sourcegraph

Administrator requested to merge jc/remove-db-repos-authz-bypass into master Mar 02, 2020

Created by: unknwon

As a result of recent learning, if the ctx has an actor that is an admin, authzFilter bypass checks automatically. Therefore, there is no need to explicit bypass authorization again.

This PR then fixes the only exception method that did not go through authzFilter (i.e. db.Repos.GetByIDs).

We're back to the unified authz checking process!

db/repos: remove explicit authz bypass logic

Merge request reports