apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

AccessControl: tidy scope resolution (#40677)

Browse Source 
* AccessControl: tidy scope resolution
pull/40694/head^2
Gabriel MABILLE 4 years ago committed by GitHub
parent 3718494b35
commit 6a3ce8bd38
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 38 additions and 43 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 38
      pkg/services/accesscontrol/scope.go
  2. 0
      pkg/services/accesscontrol/scope_test.go
  3. 43
      pkg/services/accesscontrol/scoperesolution.go

38
pkg/services/accesscontrol/scope.go
Unescape View File

@ -3,6 +3,8 @@ package accesscontrol
import (
"fmt"
"strings"
"github.com/grafana/grafana/pkg/models"
)
// Scope builds scope from parts
@ -29,3 +31,39 @@ func Parameter(key string) string {
func Field(key string) string {
return fmt.Sprintf(`{{ .%s }}`, key)
}
type KeywordScopeResolveFunc func(*models.SignedInUser) (string, error)
// ScopeResolver contains a map of functions to resolve scope keywords such as `self` or `current` into `id` based scopes
type ScopeResolver struct {
keywordResolvers map[string]KeywordScopeResolveFunc
}
func NewScopeResolver() ScopeResolver {
return ScopeResolver{
keywordResolvers: map[string]KeywordScopeResolveFunc{
"orgs:current": resolveCurrentOrg,
"users:self": resolveUserSelf,
},
}
}
func resolveCurrentOrg(u *models.SignedInUser) (string, error) {
return Scope("orgs", "id", fmt.Sprintf("%v", u.OrgId)), nil
}
func resolveUserSelf(u *models.SignedInUser) (string, error) {
return Scope("users", "id", fmt.Sprintf("%v", u.UserId)), nil
}
// ResolveKeyword resolves scope with keywords such as `self` or `current` into `id` based scopes
func (s *ScopeResolver) ResolveKeyword(user *models.SignedInUser, permission Permission) (*Permission, error) {
if fn, ok := s.keywordResolvers[permission.Scope]; ok {
resolvedScope, err := fn(user)
if err != nil {
return nil, fmt.Errorf("could not resolve %v: %v", permission.Scope, err)
}
permission.Scope = resolvedScope
}
return &permission, nil
}

0
pkg/services/accesscontrol/scoperesolution_test.go → pkg/services/accesscontrol/scope_test.go
Unescape View File

43
pkg/services/accesscontrol/scoperesolution.go
Unescape View File

@ -1,43 +0,0 @@
package accesscontrol
import (
"fmt"
"github.com/grafana/grafana/pkg/models"
)
type KeywordScopeResolveFunc func(*models.SignedInUser) (string, error)
// ScopeResolver contains a map of functions to resolve scope keywords such as `self` or `current` into `id` based scopes
type ScopeResolver struct {
keywordResolvers map[string]KeywordScopeResolveFunc
}
func NewScopeResolver() ScopeResolver {
return ScopeResolver{
keywordResolvers: map[string]KeywordScopeResolveFunc{
"orgs:current": resolveCurrentOrg,
"users:self": resolveUserSelf,
},
}
}
func resolveCurrentOrg(u *models.SignedInUser) (string, error) {
return Scope("orgs", "id", fmt.Sprintf("%v", u.OrgId)), nil
}
func resolveUserSelf(u *models.SignedInUser) (string, error) {
return Scope("users", "id", fmt.Sprintf("%v", u.UserId)), nil
}
// ResolveKeyword resolves scope with keywords such as `self` or `current` into `id` based scopes
func (s *ScopeResolver) ResolveKeyword(user *models.SignedInUser, permission Permission) (*Permission, error) {
if fn, ok := s.keywordResolvers[permission.Scope]; ok {
resolvedScope, err := fn(user)
if err != nil {
return nil, fmt.Errorf("could not resolve %v: %v", permission.Scope, err)
}
permission.Scope = resolvedScope
}
return &permission, nil
}
Write Preview
Loading…
Cancel
Save