ipn/ipnauth,util/syspolicy: improve comments

Updates #cleanup Updates #14823 Signed-off-by: Nick Khyl <nickk@tailscale.com>
2025-08-11 13:18:53 +00:00 · 2025-01-31 11:22:15 -06:00
parent 02ad21717f
commit 0a51bbc765
3 changed files with 8 additions and 3 deletions
--- a/ipn/ipnauth/access.go
+++ b/ipn/ipnauth/access.go
@@ -5,7 +5,10 @@ package ipnauth

 // ProfileAccess is a bitmask representing the requested, required, or granted
 // access rights to an [ipn.LoginProfile].
-type ProfileAccess uint32
+//
+// It is not to be written to disk or transmitted over the network in its integer form,
+// but rather serialized to a string or other format if ever needed.
+type ProfileAccess uint

 // Define access rights that might be granted or denied on a per-profile basis.
 const (
--- a/ipn/ipnauth/actor.go
+++ b/ipn/ipnauth/actor.go
@@ -27,8 +27,9 @@ type Actor interface {
 	// a connected LocalAPI client. Otherwise, it returns a zero value and false.
 	ClientID() (_ ClientID, ok bool)

-	// CheckProfileAccess checks whether the actor has the requested access rights
-	// to the specified Tailscale profile. It returns an error if the access is denied.
+	// CheckProfileAccess checks whether the actor has the necessary access rights
+	// to perform a given action on the specified Tailscale profile.
+	// It returns an error if access is denied.
 	CheckProfileAccess(profile ipn.LoginProfileView, requestedAccess ProfileAccess) error

 	// IsLocalSystem reports whether the actor is the Windows' Local System account.