grafana/pkg/services/dashboards/accesscontrol.go

package dashboards

import (
	"context"
	"strconv"
	"strings"

	ac "github.com/grafana/grafana/pkg/services/accesscontrol"
)

const (
	ActionFoldersCreate           = "folders:create"
	ActionFoldersRead             = "folders:read"
	ActionFoldersWrite            = "folders:write"
	ActionFoldersDelete           = "folders:delete"
	ActionFoldersPermissionsRead  = "folders.permissions:read"
	ActionFoldersPermissionsWrite = "folders.permissions:write"

	ScopeFoldersRoot = "folders"
)

var (
	ScopeFoldersAll      = ac.GetResourceAllScope(ScopeFoldersRoot)
	ScopeFoldersProvider = ac.NewScopeProvider(ScopeFoldersRoot)
)

// NewNameScopeResolver provides an AttributeScopeResolver that is able to convert a scope prefixed with "folders:name:" into an id based scope.
func NewNameScopeResolver(db Store) (string, ac.AttributeScopeResolveFunc) {
	prefix := ScopeFoldersProvider.GetResourceScopeName("")
	resolver := func(ctx context.Context, orgID int64, scope string) (string, error) {
		if !strings.HasPrefix(scope, prefix) {
			return "", ac.ErrInvalidScope
		}
		nsName := scope[len(prefix):]
		if len(nsName) == 0 {
			return "", ac.ErrInvalidScope
		}
		folder, err := db.GetFolderByTitle(ctx, orgID, nsName)
		if err != nil {
			return "", err
		}
		return ScopeFoldersProvider.GetResourceScope(strconv.FormatInt(folder.Id, 10)), nil
	}
	return prefix, resolver
}

// NewUidScopeResolver provides an AttributeScopeResolver that is able to convert a scope prefixed with "folders:uid:" into an id based scope.
func NewUidScopeResolver(db Store) (string, ac.AttributeScopeResolveFunc) {
	prefix := ScopeFoldersProvider.GetResourceScopeUID("")
	resolver := func(ctx context.Context, orgID int64, scope string) (string, error) {
		if !strings.HasPrefix(scope, prefix) {
			return "", ac.ErrInvalidScope
		}
		uid := scope[len(prefix):]
		if len(uid) == 0 {
			return "", ac.ErrInvalidScope
		}
		folder, err := db.GetFolderByUID(ctx, orgID, uid)
		if err != nil {
			return "", err
		}
		return ScopeFoldersProvider.GetResourceScope(strconv.FormatInt(folder.Id, 10)), nil
	}
	return prefix, resolver
}
Move datasource scopes and actions to access control package (#46334) * create scope provider * move datasource actions and scopes to datasource package + add provider * change usages to use datasource scopes and update data source name resolver to use provider * move folder permissions to dashboard package and update usages 2022-03-09 10:57:50 -06:00			`package dashboards`

Folder name scope resolver (#46380) * move dashboard store mock to parent package to avoid cycle of dependencies * add scope resolver for folders that resolves names to id 2022-03-10 11:19:50 -06:00			`import (`
			`"context"`
			`"strconv"`
			`"strings"`

			`ac "github.com/grafana/grafana/pkg/services/accesscontrol"`
			`)`
Move datasource scopes and actions to access control package (#46334) * create scope provider * move datasource actions and scopes to datasource package + add provider * change usages to use datasource scopes and update data source name resolver to use provider * move folder permissions to dashboard package and update usages 2022-03-09 10:57:50 -06:00
			`const (`
			`ActionFoldersCreate = "folders:create"`
			`ActionFoldersRead = "folders:read"`
			`ActionFoldersWrite = "folders:write"`
			`ActionFoldersDelete = "folders:delete"`
			`ActionFoldersPermissionsRead = "folders.permissions:read"`
			`ActionFoldersPermissionsWrite = "folders.permissions:write"`

			`ScopeFoldersRoot = "folders"`
			`)`

			`var (`
Folder name scope resolver (#46380) * move dashboard store mock to parent package to avoid cycle of dependencies * add scope resolver for folders that resolves names to id 2022-03-10 11:19:50 -06:00			`ScopeFoldersAll = ac.GetResourceAllScope(ScopeFoldersRoot)`
			`ScopeFoldersProvider = ac.NewScopeProvider(ScopeFoldersRoot)`
Move datasource scopes and actions to access control package (#46334) * create scope provider * move datasource actions and scopes to datasource package + add provider * change usages to use datasource scopes and update data source name resolver to use provider * move folder permissions to dashboard package and update usages 2022-03-09 10:57:50 -06:00			`)`
Folder name scope resolver (#46380) * move dashboard store mock to parent package to avoid cycle of dependencies * add scope resolver for folders that resolves names to id 2022-03-10 11:19:50 -06:00
			`// NewNameScopeResolver provides an AttributeScopeResolver that is able to convert a scope prefixed with "folders:name:" into an id based scope.`
			`func NewNameScopeResolver(db Store) (string, ac.AttributeScopeResolveFunc) {`
			`prefix := ScopeFoldersProvider.GetResourceScopeName("")`
			`resolver := func(ctx context.Context, orgID int64, scope string) (string, error) {`
			`if !strings.HasPrefix(scope, prefix) {`
			`return "", ac.ErrInvalidScope`
			`}`
			`nsName := scope[len(prefix):]`
			`if len(nsName) == 0 {`
			`return "", ac.ErrInvalidScope`
			`}`
Folder store (#46431) * create FolderStore * update usages to provide context * implement methods to get folder by ID and UID * update folder service to use store methods 2022-03-14 10:21:42 -05:00			`folder, err := db.GetFolderByTitle(ctx, orgID, nsName)`
Folder name scope resolver (#46380) * move dashboard store mock to parent package to avoid cycle of dependencies * add scope resolver for folders that resolves names to id 2022-03-10 11:19:50 -06:00			`if err != nil {`
			`return "", err`
			`}`
			`return ScopeFoldersProvider.GetResourceScope(strconv.FormatInt(folder.Id, 10)), nil`
			`}`
			`return prefix, resolver`
			`}`
Folder UID scope resolver (#46426) 2022-03-15 09:37:16 -05:00
			`// NewUidScopeResolver provides an AttributeScopeResolver that is able to convert a scope prefixed with "folders:uid:" into an id based scope.`
			`func NewUidScopeResolver(db Store) (string, ac.AttributeScopeResolveFunc) {`
			`prefix := ScopeFoldersProvider.GetResourceScopeUID("")`
			`resolver := func(ctx context.Context, orgID int64, scope string) (string, error) {`
			`if !strings.HasPrefix(scope, prefix) {`
			`return "", ac.ErrInvalidScope`
			`}`
			`uid := scope[len(prefix):]`
			`if len(uid) == 0 {`
			`return "", ac.ErrInvalidScope`
			`}`
			`folder, err := db.GetFolderByUID(ctx, orgID, uid)`
			`if err != nil {`
			`return "", err`
			`}`
			`return ScopeFoldersProvider.GetResourceScope(strconv.FormatInt(folder.Id, 10)), nil`
			`}`
			`return prefix, resolver`
			`}`