grafana/pkg/services/accesscontrol/resourcepermissions/options.go

package resourcepermissions

import (
	"context"
)

type ResourceValidator func(ctx context.Context, orgID int64, resourceID string) error

type Options struct {
	// Resource is the action and scope prefix that is generated
	Resource string
	// OnlyManaged will tell the service to return all permissions if set to false and only managed permissions if set to true
	OnlyManaged bool
	// ResourceValidator is a validator function that will be called before each assignment.
	// If set to nil the validator will be skipped
	ResourceValidator ResourceValidator
	// Assignments decides what we can assign permissions to (users/teams/builtInRoles)
	Assignments Assignments
	// PermissionsToAction is a map of friendly named permissions and what access control actions they should generate.
	// E.g. Edit permissions should generate dashboards:read, dashboards:write and dashboards:delete
	PermissionsToActions map[string][]string

	// ReaderRoleName is the display name for the generated fixed reader role
	ReaderRoleName string
	// WriterRoleName is the display name for the generated fixed writer role
	WriterRoleName string
	// RoleGroup is the group name for the generated fixed roles
	RoleGroup string
}
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> 2021-12-20 02:52:24 -06:00			`package resourcepermissions`

			`import (`
			`"context"`
			`)`

			`type ResourceValidator func(ctx context.Context, orgID int64, resourceID string) error`

			`type Options struct {`
			`// Resource is the action and scope prefix that is generated`
			`Resource string`
Access Control: Add option to filter only managed permissions (#43371) * Add option to filter only managed permissions 2021-12-21 07:22:54 -06:00			`// OnlyManaged will tell the service to return all permissions if set to false and only managed permissions if set to true`
			`OnlyManaged bool`
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> 2021-12-20 02:52:24 -06:00			`// ResourceValidator is a validator function that will be called before each assignment.`
			`// If set to nil the validator will be skipped`
			`ResourceValidator ResourceValidator`
			`// Assignments decides what we can assign permissions to (users/teams/builtInRoles)`
			`Assignments Assignments`
			`// PermissionsToAction is a map of friendly named permissions and what access control actions they should generate.`
			`// E.g. Edit permissions should generate dashboards:read, dashboards:write and dashboards:delete`
			`PermissionsToActions map[string][]string`

			`// ReaderRoleName is the display name for the generated fixed reader role`
			`ReaderRoleName string`
			`// WriterRoleName is the display name for the generated fixed writer role`
			`WriterRoleName string`
			`// RoleGroup is the group name for the generated fixed roles`
			`RoleGroup string`
			`}`