Team LBAC: Limit access to data source (#78376)

* Team LBAC: Limit access to data source * Fix tests
2025-02-25 18:55:37 -06:00 · 2023-12-05 12:45:40 +01:00
parent d099292d99
commit 043096d652
4 changed files with 76 additions and 56 deletions
--- a/pkg/services/datasources/models.go
+++ b/pkg/services/datasources/models.go
@@ -71,7 +71,12 @@ type TeamHTTPHeadersJSONData struct {
 	TeamHTTPHeaders TeamHTTPHeaders `json:"teamHttpHeaders"`
 }

-type TeamHTTPHeaders map[string][]TeamHTTPHeader
+type TeamHTTPHeaders struct {
+	Headers        TeamHeaders `json:"headers"`
+	RestrictAccess bool        `json:"restrictAccess"`
+}
+
+type TeamHeaders map[string][]TeamHTTPHeader

 type TeamHTTPHeader struct {
 	Header string `json:"header"`
@@ -80,38 +85,43 @@ type TeamHTTPHeader struct {

 const DefaultTeamHTTPHeader = "default"

-func (ds DataSource) TeamHTTPHeaders() (TeamHTTPHeaders, error) {
+func (ds DataSource) TeamHTTPHeaders() (*TeamHTTPHeaders, error) {
 	return GetTeamHTTPHeaders(ds.JsonData)
 }

-func GetTeamHTTPHeaders(jsonData *simplejson.Json) (TeamHTTPHeaders, error) {
-	teamHTTPHeadersJSON := TeamHTTPHeaders{}
-	if jsonData != nil && jsonData.Get("teamHttpHeaders") != nil {
-		jsonData, err := jsonData.Get("teamHttpHeaders").MarshalJSON()
-		if err != nil {
-			return nil, err
-		}
-		err = json.Unmarshal(jsonData, &teamHTTPHeadersJSON)
-		if err != nil {
-			return nil, err
-		}
-		for teamID, headers := range teamHTTPHeadersJSON {
-			if teamID == "" {
-				return nil, errors.New("teamID is missing or empty in teamHttpHeaders")
-			}
+func GetTeamHTTPHeaders(jsonData *simplejson.Json) (*TeamHTTPHeaders, error) {
+	teamHTTPHeaders := &TeamHTTPHeaders{}
+	if jsonData == nil {
+		return nil, nil
+	}
+	if _, ok := jsonData.CheckGet("teamHttpHeaders"); !ok {
+		return nil, nil
+	}

-			for _, header := range headers {
-				if header.Header == "" {
-					return nil, errors.New("header name is missing or empty")
-				}
-				if header.Value == "" {
-					return nil, errors.New("header value is missing or empty")
-				}
+	teamHTTPHeadersJSON, err := jsonData.Get("teamHttpHeaders").MarshalJSON()
+	if err != nil {
+		return nil, err
+	}
+	err = json.Unmarshal(teamHTTPHeadersJSON, teamHTTPHeaders)
+	if err != nil {
+		return nil, err
+	}
+	for teamID, headers := range teamHTTPHeaders.Headers {
+		if teamID == "" {
+			return nil, errors.New("teamID is missing or empty in teamHttpHeaders")
+		}
+
+		for _, header := range headers {
+			if header.Header == "" {
+				return nil, errors.New("header name is missing or empty")
+			}
+			if header.Value == "" {
+				return nil, errors.New("header value is missing or empty")
 			}
 		}
 	}

-	return teamHTTPHeadersJSON, nil
+	return teamHTTPHeaders, nil
 }

 // AllowedCookies parses the jsondata.keepCookies and returns a list of