mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Remove unused error from evaluator Evaluate (#49305)
This commit is contained in:
parent
e5864f76b0
commit
4a61f4111f
@ -12,7 +12,7 @@ var logger = log.New("accesscontrol.evaluator")
|
||||
|
||||
type Evaluator interface {
|
||||
// Evaluate permissions that are grouped by action
|
||||
Evaluate(permissions map[string][]string) (bool, error)
|
||||
Evaluate(permissions map[string][]string) bool
|
||||
// MutateScopes executes a sequence of ScopeModifier functions on all embedded scopes of an evaluator and returns a new Evaluator
|
||||
MutateScopes(ctx context.Context, mutate ScopeAttributeMutator) (Evaluator, error)
|
||||
// String returns a string representation of permission required by the evaluator
|
||||
@ -32,25 +32,25 @@ type permissionEvaluator struct {
|
||||
Scopes []string
|
||||
}
|
||||
|
||||
func (p permissionEvaluator) Evaluate(permissions map[string][]string) (bool, error) {
|
||||
func (p permissionEvaluator) Evaluate(permissions map[string][]string) bool {
|
||||
userScopes, ok := permissions[p.Action]
|
||||
if !ok {
|
||||
return false, nil
|
||||
return false
|
||||
}
|
||||
|
||||
if len(p.Scopes) == 0 {
|
||||
return true, nil
|
||||
return true
|
||||
}
|
||||
|
||||
for _, target := range p.Scopes {
|
||||
for _, scope := range userScopes {
|
||||
if match(scope, target) {
|
||||
return true, nil
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false, nil
|
||||
return false
|
||||
}
|
||||
|
||||
func match(scope, target string) bool {
|
||||
@ -114,13 +114,13 @@ type allEvaluator struct {
|
||||
allOf []Evaluator
|
||||
}
|
||||
|
||||
func (a allEvaluator) Evaluate(permissions map[string][]string) (bool, error) {
|
||||
func (a allEvaluator) Evaluate(permissions map[string][]string) bool {
|
||||
for _, e := range a.allOf {
|
||||
if ok, err := e.Evaluate(permissions); !ok || err != nil {
|
||||
return false, err
|
||||
if !e.Evaluate(permissions) {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true, nil
|
||||
return true
|
||||
}
|
||||
|
||||
func (a allEvaluator) MutateScopes(ctx context.Context, mutate ScopeAttributeMutator) (Evaluator, error) {
|
||||
@ -164,17 +164,13 @@ type anyEvaluator struct {
|
||||
anyOf []Evaluator
|
||||
}
|
||||
|
||||
func (a anyEvaluator) Evaluate(permissions map[string][]string) (bool, error) {
|
||||
func (a anyEvaluator) Evaluate(permissions map[string][]string) bool {
|
||||
for _, e := range a.anyOf {
|
||||
ok, err := e.Evaluate(permissions)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
if ok {
|
||||
return true, nil
|
||||
if e.Evaluate(permissions) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false, nil
|
||||
return false
|
||||
}
|
||||
|
||||
func (a anyEvaluator) MutateScopes(ctx context.Context, mutate ScopeAttributeMutator) (Evaluator, error) {
|
||||
|
@ -52,8 +52,7 @@ func TestPermission_Evaluate(t *testing.T) {
|
||||
|
||||
for _, test := range tests {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
ok, err := test.evaluator.Evaluate(test.permissions)
|
||||
assert.NoError(t, err)
|
||||
ok := test.evaluator.Evaluate(test.permissions)
|
||||
assert.Equal(t, test.expected, ok)
|
||||
})
|
||||
}
|
||||
@ -123,8 +122,7 @@ func TestPermission_Inject(t *testing.T) {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
injected, err := test.evaluator.MutateScopes(context.TODO(), ScopeInjector(test.params))
|
||||
assert.NoError(t, err)
|
||||
ok, err := injected.Evaluate(test.permissions)
|
||||
assert.NoError(t, err)
|
||||
ok := injected.Evaluate(test.permissions)
|
||||
assert.Equal(t, test.expected, ok)
|
||||
})
|
||||
}
|
||||
@ -172,8 +170,7 @@ func TestAll_Evaluate(t *testing.T) {
|
||||
|
||||
for _, test := range tests {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
ok, err := test.evaluator.Evaluate(test.permissions)
|
||||
assert.NoError(t, err)
|
||||
ok := test.evaluator.Evaluate(test.permissions)
|
||||
assert.Equal(t, test.expected, ok)
|
||||
})
|
||||
}
|
||||
@ -236,7 +233,7 @@ func TestAll_Inject(t *testing.T) {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
injected, err := test.evaluator.MutateScopes(context.TODO(), ScopeInjector(test.params))
|
||||
assert.NoError(t, err)
|
||||
ok, err := injected.Evaluate(test.permissions)
|
||||
ok := injected.Evaluate(test.permissions)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, test.expected, ok)
|
||||
})
|
||||
@ -283,8 +280,7 @@ func TestAny_Evaluate(t *testing.T) {
|
||||
|
||||
for _, test := range tests {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
ok, err := test.evaluator.Evaluate(test.permissions)
|
||||
assert.NoError(t, err)
|
||||
ok := test.evaluator.Evaluate(test.permissions)
|
||||
assert.Equal(t, test.expected, ok)
|
||||
})
|
||||
}
|
||||
@ -347,7 +343,7 @@ func TestAny_Inject(t *testing.T) {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
injected, err := test.evaluator.MutateScopes(context.TODO(), ScopeInjector(test.params))
|
||||
assert.NoError(t, err)
|
||||
ok, err := injected.Evaluate(test.permissions)
|
||||
ok := injected.Evaluate(test.permissions)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, test.expected, ok)
|
||||
})
|
||||
@ -409,8 +405,7 @@ func TestEval(t *testing.T) {
|
||||
|
||||
for _, test := range tests {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
ok, err := test.evaluator.Evaluate(test.permissions)
|
||||
assert.NoError(t, err)
|
||||
ok := test.evaluator.Evaluate(test.permissions)
|
||||
assert.Equal(t, test.expected, ok)
|
||||
})
|
||||
}
|
||||
|
@ -103,7 +103,7 @@ func (m *Mock) Evaluate(ctx context.Context, user *models.SignedInUser, evaluato
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return resolvedEvaluator.Evaluate(accesscontrol.GroupScopesByAction(permissions))
|
||||
return resolvedEvaluator.Evaluate(accesscontrol.GroupScopesByAction(permissions)), nil
|
||||
}
|
||||
|
||||
// GetUserPermissions returns user permissions.
|
||||
|
@ -98,7 +98,7 @@ func (ac *OSSAccessControlService) Evaluate(ctx context.Context, user *models.Si
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return resolvedEvaluator.Evaluate(user.Permissions[user.OrgId])
|
||||
return resolvedEvaluator.Evaluate(user.Permissions[user.OrgId]), nil
|
||||
}
|
||||
|
||||
// GetUserRoles returns user permissions based on built-in roles
|
||||
|
@ -189,9 +189,8 @@ func TestAuthorizeRuleChanges(t *testing.T) {
|
||||
groupChanges := testCase.changes()
|
||||
|
||||
result, err := authorizeRuleChanges(groupChanges, func(evaluator ac.Evaluator) bool {
|
||||
response, err := evaluator.Evaluate(make(map[string][]string))
|
||||
response := evaluator.Evaluate(make(map[string][]string))
|
||||
require.False(t, response)
|
||||
require.NoError(t, err)
|
||||
executed = true
|
||||
return false
|
||||
})
|
||||
@ -202,9 +201,8 @@ func TestAuthorizeRuleChanges(t *testing.T) {
|
||||
permissions := testCase.permissions(groupChanges)
|
||||
executed = false
|
||||
result, err = authorizeRuleChanges(groupChanges, func(evaluator ac.Evaluator) bool {
|
||||
response, err := evaluator.Evaluate(permissions)
|
||||
response := evaluator.Evaluate(permissions)
|
||||
require.Truef(t, response, "provided permissions [%v] is not enough for requested permissions [%s]", testCase.permissions, evaluator.GoString())
|
||||
require.NoError(t, err)
|
||||
executed = true
|
||||
return true
|
||||
})
|
||||
@ -359,8 +357,7 @@ func TestAuthorizeRuleDelete(t *testing.T) {
|
||||
groupChanges := testCase.changes()
|
||||
permissions := testCase.permissions(groupChanges)
|
||||
result, err := authorizeRuleChanges(groupChanges, func(evaluator ac.Evaluator) bool {
|
||||
response, err := evaluator.Evaluate(permissions)
|
||||
require.NoError(t, err)
|
||||
response := evaluator.Evaluate(permissions)
|
||||
return response
|
||||
})
|
||||
|
||||
@ -401,9 +398,8 @@ func TestCheckDatasourcePermissionsForRule(t *testing.T) {
|
||||
executed := 0
|
||||
|
||||
eval := authorizeDatasourceAccessForRule(rule, func(evaluator ac.Evaluator) bool {
|
||||
response, err := evaluator.Evaluate(permissions)
|
||||
response := evaluator.Evaluate(permissions)
|
||||
require.Truef(t, response, "provided permissions [%v] is not enough for requested permissions [%s]", permissions, evaluator.GoString())
|
||||
require.NoError(t, err)
|
||||
executed++
|
||||
return true
|
||||
})
|
||||
|
Loading…
Reference in New Issue
Block a user