IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-14 01:23:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

add an endpoint for updating several managed permissions with one call (#57893)

Browse Source
This commit is contained in:
Ieva 2022-10-31 11:46:58 +00:00 committed by GitHub
parent fd5c147574
commit 2546437e20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/services/accesscontrol/models.go
View File

@ -262,10 +262,10 @@ func (p *ResourcePermission) Contains(targetActions []string) bool {
}
type SetResourcePermissionCommand struct {
UserID int64
TeamID int64
BuiltinRole string
Permission string
UserID int64 `json:"userID"`
TeamID int64 `json:"teamID"`
BuiltinRole string `json:"builtinRole"`
Permission string `json:"permission"`
}
const (

21
pkg/services/accesscontrol/resourcepermissions/api.go
View File

@ -40,6 +40,7 @@ func (a *api) registerEndpoints() {
scope := accesscontrol.Scope(a.service.options.Resource, a.service.options.ResourceAttribute, accesscontrol.Parameter(":resourceID"))
r.Get("/description", auth(disable, accesscontrol.EvalPermission(actionRead)), routing.Wrap(a.getDescription))
r.Get("/:resourceID", auth(disable, accesscontrol.EvalPermission(actionRead, scope)), routing.Wrap(a.getPermissions))
r.Post("/:resourceID", auth(disable, accesscontrol.EvalPermission(actionWrite, scope)), routing.Wrap(a.setPermissions))
if a.service.options.Assignments.Users {
r.Post("/:resourceID/users/:userID", auth(disable, accesscontrol.EvalPermission(actionWrite, scope)), routing.Wrap(a.setUserPermission))
}
@ -135,6 +136,10 @@ type setPermissionCommand struct {
Permission string `json:"permission"`
}
type setPermissionsCommand struct {
Permissions []accesscontrol.SetResourcePermissionCommand `json:"permissions"`
}
func (a *api) setUserPermission(c *models.ReqContext) response.Response {
userID, err := strconv.ParseInt(web.Params(c.Req)[":userID"], 10, 64)
if err != nil {
@ -192,6 +197,22 @@ func (a *api) setBuiltinRolePermission(c *models.ReqContext) response.Response {
return permissionSetResponse(cmd)
}
func (a *api) setPermissions(c *models.ReqContext) response.Response {
resourceID := web.Params(c.Req)[":resourceID"]
cmd := setPermissionsCommand{}
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
_, err := a.service.SetPermissions(c.Req.Context(), c.OrgID, resourceID, cmd.Permissions...)
if err != nil {
return response.Error(http.StatusBadRequest, "failed to set permissions", err)
}
return response.Success("Permissions updated")
}
func permissionSetResponse(cmd setPermissionCommand) response.Response {
message := "Permission updated"
if cmd.Permission == "" {