IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-10 23:55:47 -06:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Remove redundant search endpoint (#81331)

Browse Source
This commit is contained in:
Gabriel MABILLE 2024-01-26 10:11:41 +01:00 committed by GitHub
parent 802012385d
commit 19194ea122
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
pkg/services/accesscontrol/api/api.go
View File

@ -11,7 +11,6 @@ import (
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
"github.com/grafana/grafana/pkg/services/featuremgmt"
"github.com/grafana/grafana/pkg/web"
)
func NewAccessControlAPI(router routing.RouteRegister, accesscontrol ac.AccessControl, service ac.Service,
@ -38,9 +37,7 @@ func (api *AccessControlAPI) RegisterAPIEndpoints() {
rr.Get("/user/actions", middleware.ReqSignedIn, routing.Wrap(api.getUserActions))
rr.Get("/user/permissions", middleware.ReqSignedIn, routing.Wrap(api.getUserPermissions))
if api.features.IsEnabledGlobally(featuremgmt.FlagAccessControlOnCall) {
userIDScope := ac.Scope("users", "id", ac.Parameter(":userID"))
rr.Get("/users/permissions/search", authorize(ac.EvalPermission(ac.ActionUsersPermissionsRead)), routing.Wrap(api.searchUsersPermissions))
rr.Get("/user/:userID/permissions/search", authorize(ac.EvalPermission(ac.ActionUsersPermissionsRead, userIDScope)), routing.Wrap(api.searchUserPermissions))
}
}, requestmeta.SetOwner(requestmeta.TeamAuth))
}
@ -51,7 +48,7 @@ func (api *AccessControlAPI) getUserActions(c *contextmodel.ReqContext) response
permissions, err := api.Service.GetUserPermissions(c.Req.Context(),
c.SignedInUser, ac.Options{ReloadCache: reloadCache})
if err != nil {
response.JSON(http.StatusInternalServerError, err)
return response.JSON(http.StatusInternalServerError, err)
}
return response.JSON(http.StatusOK, ac.BuildPermissionsMap(permissions))
@ -63,7 +60,7 @@ func (api *AccessControlAPI) getUserPermissions(c *contextmodel.ReqContext) resp
permissions, err := api.Service.GetUserPermissions(c.Req.Context(),
c.SignedInUser, ac.Options{ReloadCache: reloadCache})
if err != nil {
response.JSON(http.StatusInternalServerError, err)
return response.JSON(http.StatusInternalServerError, err)
}
return response.JSON(http.StatusOK, ac.GroupScopesByAction(permissions))
@ -109,31 +106,3 @@ func (api *AccessControlAPI) searchUsersPermissions(c *contextmodel.ReqContext)
return response.JSON(http.StatusOK, permsByAction)
}
// GET /api/access-control/user/:userID/permissions/search
func (api *AccessControlAPI) searchUserPermissions(c *contextmodel.ReqContext) response.Response {
userIDString := web.Params(c.Req)[":userID"]
userID, err := strconv.ParseInt(userIDString, 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "user ID is invalid", err)
}
searchOptions := ac.SearchOptions{
ActionPrefix: c.Query("actionPrefix"),
Action: c.Query("action"),
Scope: c.Query("scope"),
UserID: userID,
}
// Validate inputs
if (searchOptions.ActionPrefix != "") == (searchOptions.Action != "") {
return response.JSON(http.StatusBadRequest, "provide one of 'action' or 'actionPrefix'")
}
permissions, err := api.Service.SearchUserPermissions(c.Req.Context(),
c.SignedInUser.GetOrgID(), searchOptions)
if err != nil {
response.Error(http.StatusInternalServerError, "could not search user permissions", err)
}
return response.JSON(http.StatusOK, ac.Reduce(permissions))
}