ipn/ipnauth,util/syspolicy: improve comments

Updates #cleanup
Updates #14823

Signed-off-by: Nick Khyl <nickk@tailscale.com>
This commit is contained in:
Nick Khyl 2025-01-31 11:22:15 -06:00 committed by Nick Khyl
parent 02ad21717f
commit 0a51bbc765
3 changed files with 8 additions and 3 deletions

View File

@ -5,7 +5,10 @@ package ipnauth
// ProfileAccess is a bitmask representing the requested, required, or granted
// access rights to an [ipn.LoginProfile].
type ProfileAccess uint32
//
// It is not to be written to disk or transmitted over the network in its integer form,
// but rather serialized to a string or other format if ever needed.
type ProfileAccess uint
// Define access rights that might be granted or denied on a per-profile basis.
const (

View File

@ -27,8 +27,9 @@ type Actor interface {
// a connected LocalAPI client. Otherwise, it returns a zero value and false.
ClientID() (_ ClientID, ok bool)
// CheckProfileAccess checks whether the actor has the requested access rights
// to the specified Tailscale profile. It returns an error if the access is denied.
// CheckProfileAccess checks whether the actor has the necessary access rights
// to perform a given action on the specified Tailscale profile.
// It returns an error if access is denied.
CheckProfileAccess(profile ipn.LoginProfileView, requestedAccess ProfileAccess) error
// IsLocalSystem reports whether the actor is the Windows' Local System account.

View File

@ -33,6 +33,7 @@ const (
//
// Warning: This policy setting is experimental and may change or be removed in the future.
// It may also not be fully supported by all Tailscale clients until it is out of experimental status.
// See tailscale/corp#26247, tailscale/corp#26248 and tailscale/corp#26249 for more information.
AlwaysOn Key = "AlwaysOn"
// ExitNodeID is the exit node's node id. default ""; if blank, no exit node is forced.