grafana/pkg/services/accesscontrol/resourcepermissions/options.go

package resourcepermissions

import (
	"context"

	"github.com/grafana/grafana/pkg/services/accesscontrol"
	"github.com/grafana/grafana/pkg/services/sqlstore"
)

type ResourceValidator func(ctx context.Context, orgID int64, resourceID string) error

type Options struct {
	// Resource is the action and scope prefix that is generated
	Resource string
	// OnlyManaged will tell the service to return all permissions if set to false and only managed permissions if set to true
	OnlyManaged bool
	// ResourceValidator is a validator function that will be called before each assignment.
	// If set to nil the validator will be skipped
	ResourceValidator ResourceValidator
	// Assignments decides what we can assign permissions to (users/teams/builtInRoles)
	Assignments Assignments
	// PermissionsToAction is a map of friendly named permissions and what access control actions they should generate.
	// E.g. Edit permissions should generate dashboards:read, dashboards:write and dashboards:delete
	PermissionsToActions map[string][]string
	// ReaderRoleName is the display name for the generated fixed reader role
	ReaderRoleName string
	// WriterRoleName is the display name for the generated fixed writer role
	WriterRoleName string
	// RoleGroup is the group name for the generated fixed roles
	RoleGroup string
	// OnSetUser if configured will be called each time a permission is set for a user
	OnSetUser func(session *sqlstore.DBSession, orgID int64, user accesscontrol.User, resourceID, permission string) error
	// OnSetTeam if configured will be called each time a permission is set for a team
	OnSetTeam func(session *sqlstore.DBSession, orgID, teamID int64, resourceID, permission string) error
	// OnSetBuiltInRole if configured will be called each time a permission is set for a built-in role
	OnSetBuiltInRole func(session *sqlstore.DBSession, orgID int64, builtInRole, resourceID, permission string) error
	// UidSolver if configured will be used in a middleware to translate an uid to id for each request
	UidSolver uidSolver
}
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> 2021-12-20 02:52:24 -06:00			`package resourcepermissions`

			`import (`
			`"context"`
Access Control: Pass db session to hooks (#44428) * Move hook calls to database and pass session 2022-01-25 10:12:00 -06:00
Access control: FGAC for team sync endpoints (#44673) * add actions for team group sync * extend the hook to allow specifying whether the user is external * move user struct to type package * interface for permission service to allow mocking it * reuse existing permissions * test fix * refactor * linting 2022-02-03 09:27:05 -06:00			`"github.com/grafana/grafana/pkg/services/accesscontrol"`
Access Control: Pass db session to hooks (#44428) * Move hook calls to database and pass session 2022-01-25 10:12:00 -06:00			`"github.com/grafana/grafana/pkg/services/sqlstore"`
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> 2021-12-20 02:52:24 -06:00			`)`

			`type ResourceValidator func(ctx context.Context, orgID int64, resourceID string) error`

			`type Options struct {`
			`// Resource is the action and scope prefix that is generated`
			`Resource string`
Access Control: Add option to filter only managed permissions (#43371) * Add option to filter only managed permissions 2021-12-21 07:22:54 -06:00			`// OnlyManaged will tell the service to return all permissions if set to false and only managed permissions if set to true`
			`OnlyManaged bool`
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> 2021-12-20 02:52:24 -06:00			`// ResourceValidator is a validator function that will be called before each assignment.`
			`// If set to nil the validator will be skipped`
			`ResourceValidator ResourceValidator`
			`// Assignments decides what we can assign permissions to (users/teams/builtInRoles)`
			`Assignments Assignments`
			`// PermissionsToAction is a map of friendly named permissions and what access control actions they should generate.`
			`// E.g. Edit permissions should generate dashboards:read, dashboards:write and dashboards:delete`
			`PermissionsToActions map[string][]string`
			`// ReaderRoleName is the display name for the generated fixed reader role`
			`ReaderRoleName string`
			`// WriterRoleName is the display name for the generated fixed writer role`
			`WriterRoleName string`
			`// RoleGroup is the group name for the generated fixed roles`
			`RoleGroup string`
Access control: Add optional hooks (#43372) * Add optional OnSet hooks 2021-12-23 03:10:06 -06:00			`// OnSetUser if configured will be called each time a permission is set for a user`
Access control: FGAC for team sync endpoints (#44673) * add actions for team group sync * extend the hook to allow specifying whether the user is external * move user struct to type package * interface for permission service to allow mocking it * reuse existing permissions * test fix * refactor * linting 2022-02-03 09:27:05 -06:00			`OnSetUser func(session *sqlstore.DBSession, orgID int64, user accesscontrol.User, resourceID, permission string) error`
Access control: Add optional hooks (#43372) * Add optional OnSet hooks 2021-12-23 03:10:06 -06:00			`// OnSetTeam if configured will be called each time a permission is set for a team`
Access Control: Pass db session to hooks (#44428) * Move hook calls to database and pass session 2022-01-25 10:12:00 -06:00			`OnSetTeam func(session *sqlstore.DBSession, orgID, teamID int64, resourceID, permission string) error`
Access control: Add optional hooks (#43372) * Add optional OnSet hooks 2021-12-23 03:10:06 -06:00			`// OnSetBuiltInRole if configured will be called each time a permission is set for a built-in role`
Access Control: Pass db session to hooks (#44428) * Move hook calls to database and pass session 2022-01-25 10:12:00 -06:00			`OnSetBuiltInRole func(session *sqlstore.DBSession, orgID int64, builtInRole, resourceID, permission string) error`
Access control: Support uids for resource permissions (#45226) * add middleware to solve uid -> id for requests 2022-02-10 10:47:48 -06:00			`// UidSolver if configured will be used in a middleware to translate an uid to id for each request`
			`UidSolver uidSolver`
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> 2021-12-20 02:52:24 -06:00			`}`