grafana/pkg/services/accesscontrol/ssoutils/utils.go

package ssoutils

import (
	ac "github.com/grafana/grafana/pkg/services/accesscontrol"
	"github.com/grafana/grafana/pkg/setting"
)

func EvalAuthenticationSettings(cfg *setting.Cfg) ac.Evaluator {
	return ac.EvalAny(
		ac.EvalAll(
			ac.EvalPermission(ac.ActionSettingsWrite, ac.ScopeSettingsSAML),
			ac.EvalPermission(ac.ActionSettingsRead, ac.ScopeSettingsSAML),
		),
		ac.EvalPermission(ac.ActionLDAPStatusRead))
}

func OauthSettingsEvaluator(cfg *setting.Cfg) ac.Evaluator {
	result := make([]ac.Evaluator, 0, len(cfg.SSOSettingsConfigurableProviders))
	for provider := range cfg.SSOSettingsConfigurableProviders {
		result = append(result, ac.EvalPermission(ac.ActionSettingsRead, ac.ScopeSettingsOAuth(provider)))
		result = append(result, ac.EvalPermission(ac.ActionSettingsWrite, ac.ScopeSettingsOAuth(provider)))
	}
	return ac.EvalAny(result...)
}
Auth: Improve /admin/authentication permission checks and include new SSO pages (#81183) * Move evalAuthSettings to ssoutils * Improve permission check for auth page 2024-01-25 04:13:24 -06:00			`package ssoutils`

			`import (`
			`ac "github.com/grafana/grafana/pkg/services/accesscontrol"`
			`"github.com/grafana/grafana/pkg/setting"`
			`)`

			`func EvalAuthenticationSettings(cfg *setting.Cfg) ac.Evaluator {`
			`return ac.EvalAny(`
			`ac.EvalAll(`
			`ac.EvalPermission(ac.ActionSettingsWrite, ac.ScopeSettingsSAML),`
			`ac.EvalPermission(ac.ActionSettingsRead, ac.ScopeSettingsSAML),`
			`),`
			`ac.EvalPermission(ac.ActionLDAPStatusRead))`
			`}`

			`func OauthSettingsEvaluator(cfg *setting.Cfg) ac.Evaluator {`
			`result := make([]ac.Evaluator, 0, len(cfg.SSOSettingsConfigurableProviders))`
			`for provider := range cfg.SSOSettingsConfigurableProviders {`
			`result = append(result, ac.EvalPermission(ac.ActionSettingsRead, ac.ScopeSettingsOAuth(provider)))`
			`result = append(result, ac.EvalPermission(ac.ActionSettingsWrite, ac.ScopeSettingsOAuth(provider)))`
			`}`
			`return ac.EvalAny(result...)`
			`}`