apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29459 Commits
2179 Branches
608 Tags
1.9 GiB
Tag: Branch: Tree: 25d42dbedb
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '25d42dbedb'
${ noResults }
grafana/pkg/services/accesscontrol/ossaccesscontrol/ossaccesscontrol.go

73 lines
2.0 KiB
Raw Normal View History Unescape

Access Control: move features to Enterprise (#32640) * Move db package WIP * Implement OSS access control * Register OSS access control * Fix linter error in tests * Fix linter error in evaluator * Simplify OSS tests * Optimize builtin roles * Chore: add comments to the exported functions * Remove init from ossaccesscontrol package (moved to ext) * Add access control as a dependency for http server * Modify middleware to receive fallback function * Middleware: refactor fallback function call * Move unused models to enterprise * Simplify AccessControl type * Chore: use bool IsDisabled() method instead of CanBeDisabled interface
4 years ago
package ossaccesscontrol
import (
"context"
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/accesscontrol/evaluator"
"github.com/grafana/grafana/pkg/setting"
)
// OSSAccessControlService is the service implementing role based access control.
type OSSAccessControlService struct {
Cfg *setting.Cfg `inject:""`
Log log.Logger
}
// Init initializes the OSSAccessControlService.
func (ac *OSSAccessControlService) Init() error {
ac.Log = log.New("accesscontrol")
return nil
}
func (ac *OSSAccessControlService) IsDisabled() bool {
if ac.Cfg == nil {
return true
}
_, exists := ac.Cfg.FeatureToggles["accesscontrol"]
return !exists
}
// Evaluate evaluates access to the given resource
func (ac *OSSAccessControlService) Evaluate(ctx context.Context, user *models.SignedInUser, permission string, scope ...string) (bool, error) {
return evaluator.Evaluate(ctx, ac, user, permission, scope...)
}
// GetUserPermissions returns user permissions based on built-in roles
Access Control: Move database-related models to enterprise (#32907) * Move database-related models to enterprise * Chore: use GetUserBuiltInRoles() method * Rename permission to action
4 years ago
func (ac *OSSAccessControlService) GetUserPermissions(ctx context.Context, user *models.SignedInUser) ([]*accesscontrol.Permission, error) {
Access control: Add access control based permissions to admins/users (#32409) Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
4 years ago
builtinRoles := ac.GetUserBuiltInRoles(user)
Access Control: move features to Enterprise (#32640) * Move db package WIP * Implement OSS access control * Register OSS access control * Fix linter error in tests * Fix linter error in evaluator * Simplify OSS tests * Optimize builtin roles * Chore: add comments to the exported functions * Remove init from ossaccesscontrol package (moved to ext) * Add access control as a dependency for http server * Modify middleware to receive fallback function * Middleware: refactor fallback function call * Move unused models to enterprise * Simplify AccessControl type * Chore: use bool IsDisabled() method instead of CanBeDisabled interface
4 years ago
permissions := make([]*accesscontrol.Permission, 0)
Access control: Add access control based permissions to admins/users (#32409) Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
4 years ago
for _, builtin := range builtinRoles {
if roleNames, ok := accesscontrol.PredefinedRoleGrants[builtin]; ok {
for _, name := range roleNames {
r, exists := accesscontrol.PredefinedRoles[name]
if !exists {
Access Control: move features to Enterprise (#32640) * Move db package WIP * Implement OSS access control * Register OSS access control * Fix linter error in tests * Fix linter error in evaluator * Simplify OSS tests * Optimize builtin roles * Chore: add comments to the exported functions * Remove init from ossaccesscontrol package (moved to ext) * Add access control as a dependency for http server * Modify middleware to receive fallback function * Middleware: refactor fallback function call * Move unused models to enterprise * Simplify AccessControl type * Chore: use bool IsDisabled() method instead of CanBeDisabled interface
4 years ago
continue
}
Access control: Add access control based permissions to admins/users (#32409) Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
4 years ago
for _, p := range r.Permissions {
Access Control: move features to Enterprise (#32640) * Move db package WIP * Implement OSS access control * Register OSS access control * Fix linter error in tests * Fix linter error in evaluator * Simplify OSS tests * Optimize builtin roles * Chore: add comments to the exported functions * Remove init from ossaccesscontrol package (moved to ext) * Add access control as a dependency for http server * Modify middleware to receive fallback function * Middleware: refactor fallback function call * Move unused models to enterprise * Simplify AccessControl type * Chore: use bool IsDisabled() method instead of CanBeDisabled interface
4 years ago
permission := p
permissions = append(permissions, &permission)
}
}
}
}
return permissions, nil
}
Access Control: Move database-related models to enterprise (#32907) * Move database-related models to enterprise * Chore: use GetUserBuiltInRoles() method * Rename permission to action
4 years ago
func (ac *OSSAccessControlService) GetUserBuiltInRoles(user *models.SignedInUser) []string {
roles := []string{string(user.OrgRole)}
for _, role := range user.OrgRole.Children() {
roles = append(roles, string(role))
}
if user.IsGrafanaAdmin {
Access control: Add access control based permissions to admins/users (#32409) Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
4 years ago
roles = append(roles, accesscontrol.RoleGrafanaAdmin)
Access Control: Move database-related models to enterprise (#32907) * Move database-related models to enterprise * Chore: use GetUserBuiltInRoles() method * Rename permission to action
4 years ago
}
return roles
}