gitpod-io · roboquat · Oct 11, 2023 · Oct 10, 2023 · Oct 10, 2023 · Oct 10, 2023
@@ -24,9 +24,10 @@ import { APIStatsService } from "./stats";
 import { APITeamsService } from "./teams";
 import { APIUserService } from "./user";
 import { APIWorkspacesService } from "./workspaces";
-import { LogContextOptions, wrapAsyncGenerator, runWithContext } from "../util/log-context";
+import { LogContextOptions, runWithLogContext } from "../util/log-context";
 import { v4 } from "uuid";
 import { performance } from "perf_hooks";
+import { wrapAsyncGenerator } from "../util/request-context";
 
 function service<T extends ServiceType>(type: T, impl: ServiceImpl<T>): [T, ServiceImpl<T>] {
     return [type, impl];
@@ -114,7 +115,7 @@ export class API {
                         grpc_service,
                         grpc_method: prop as string,
                     };
-                    const withRequestContext = <T>(fn: () => T): T => runWithContext("public-api", logContext, fn);
+                    const withRequestContext = <T>(fn: () => T): T => runWithLogContext("public-api", logContext, fn);
 
                     const method = type.methods[prop as string];
                     if (!method) {

@@ -69,8 +69,7 @@ export class Authorizer {
             consistency,
         });
 
-        const result = await this.authorizer.check(req, { userId });
-        return result.permitted;
+        return await this.authorizer.check(req, { userId });
     }
 
     async checkPermissionOnInstallation(userId: string, permission: InstallationPermission): Promise<void> {
@@ -99,8 +98,7 @@ export class Authorizer {
             consistency,
         });
 
-        const result = await this.authorizer.check(req, { userId });
-        return result.permitted;
+        return await this.authorizer.check(req, { userId });
     }
 
     async checkPermissionOnOrganization(userId: string, permission: OrganizationPermission, orgId: string) {
@@ -130,8 +128,7 @@ export class Authorizer {
             consistency,
         });
 
-        const result = await this.authorizer.check(req, { userId });
-        return result.permitted;
+        return await this.authorizer.check(req, { userId });
     }
 
     async checkPermissionOnProject(userId: string, permission: ProjectPermission, projectId: string) {
@@ -161,8 +158,7 @@ export class Authorizer {
             consistency,
         });
 
-        const result = await this.authorizer.check(req, { userId });
-        return result.permitted;
+        return await this.authorizer.check(req, { userId });
     }
 
     async checkPermissionOnUser(userId: string, permission: UserPermission, resourceUserId: string) {
@@ -196,8 +192,7 @@ export class Authorizer {
             consistency,
         });
 
-        const result = await this.authorizer.check(req, { userId }, forceEnablement);
-        return result.permitted;
+        return await this.authorizer.check(req, { userId }, forceEnablement);
     }
 
     async checkPermissionOnWorkspace(userId: string, permission: WorkspacePermission, workspaceId: string) {

@@ -15,11 +15,10 @@ import { Authorizer, SYSTEM_USER } from "./authorizer";
 import { OrganizationService } from "../orgs/organization-service";
 import { WorkspaceService } from "../workspace/workspace-service";
 import { UserService } from "../user/user-service";
-import { RequestLocalZedTokenCache, ZedTokenCache } from "./caching-spicedb-authorizer";
-import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 import { ConfigProvider } from "../workspace/config-provider";
-import { runWithContext } from "../util/log-context";
 import { v1 } from "@authzed/authzed-node";
+import { runWithContext } from "../util/request-context";
+import { RequestLocalZedTokenCache } from "./spicedb-authorizer";
 
 const expect = chai.expect;
 
@@ -31,7 +30,6 @@ describe("CachingSpiceDBAuthorizer", async () => {
     let orgSvc: OrganizationService;
     let workspaceSvc: WorkspaceService;
     let authorizer: Authorizer;
-    let zedTokenCache: ZedTokenCache;
 
     beforeEach(async () => {
         container = createTestContainer();
@@ -50,7 +48,6 @@ describe("CachingSpiceDBAuthorizer", async () => {
         orgSvc = container.get<OrganizationService>(OrganizationService);
         workspaceSvc = container.get<WorkspaceService>(WorkspaceService);
         authorizer = container.get<Authorizer>(Authorizer);
-        zedTokenCache = container.get<ZedTokenCache>(ZedTokenCache);
     });
 
     afterEach(async () => {
@@ -115,23 +112,9 @@ describe("CachingSpiceDBAuthorizer", async () => {
             "userC should have read_info after removal of userB",
         ).to.be.true;
 
-        // INTERNALS
-        async function printTokens(): Promise<{ ws1Token: string | undefined; org1Token: string | undefined }> {
-            const ws1Token = await zedTokenCache.get({ objectType: "workspace", objectId: ws1.id });
-            log.info("ws1Token", ws1Token);
-            const org1Token = await zedTokenCache.get({ objectType: "organization", objectId: org1.id });
-            log.info("org1Token", org1Token);
-            return { ws1Token, org1Token };
-        }
-        const { org1Token: org1TokenT1 } = await printTokens();
-
         // userB is removed from the org
         await withCtx(orgSvc.removeOrganizationMember(SYSTEM_USER, org1.id, userB.id));
 
-        // INTERNALS
-        const { org1Token: org1TokenT2 } = await printTokens();
-        expect(org1TokenT1 === org1TokenT2 && org1TokenT1 !== undefined && org1TokenT2 !== undefined).to.be.false;
-
         expect(
             await withCtx(authorizer.hasPermissionOnWorkspace(userB.id, "read_info", ws1.id)),
             "userB should have read_info after removal",