IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Split up service into several components (#54002)

Browse Source 
* RBAC: Rename interface to Store

* RBAC: Move ranme scopeInjector

* RBAC: Rename files to service

* RBAC: Rename to service

* RBAC: Split up accesscontrol into two components

* RBAC: Add DeclareFixedRoles to AccessControl interface

* Wire: Fix wire bindings

* RBAC: Move resolvers to root

* RBAC: Remove invalid test

* RBAC: Inject access control service

* RBAC: Implement the RoleRegistry interface in fake
This commit is contained in:
Karl Persson
2022-08-24 13:29:17 +02:00
committed by GitHub
parent 211c9991c5
commit 55c7b8add2
37 changed files with 769 additions and 958 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
pkg/services/accesscontrol/accesscontrol.go
View File

@@ -12,33 +12,32 @@ import (
"github.com/grafana/grafana/pkg/setting"
)
type Options struct {
ReloadCache bool
}
type AccessControl interface {
registry.ProvidesUsageStats
// Evaluate evaluates access to the given resources.
Evaluate(ctx context.Context, user *user.SignedInUser, evaluator Evaluator) (bool, error)
// GetUserPermissions returns user permissions with only action and scope fields set.
GetUserPermissions(ctx context.Context, user *user.SignedInUser, options Options) ([]Permission, error)
//IsDisabled returns if access control is enabled or not
IsDisabled() bool
// DeclareFixedRoles allows the caller to declare, to the service, fixed roles and their
// assignments to organization roles ("Viewer", "Editor", "Admin") or "Grafana Admin"
DeclareFixedRoles(...RoleRegistration) error
// RegisterScopeAttributeResolver allows the caller to register a scope resolver for a
// specific scope prefix (ex: datasources:name:)
RegisterScopeAttributeResolver(scopePrefix string, resolver ScopeAttributeResolver)
RegisterScopeAttributeResolver(prefix string, resolver ScopeAttributeResolver)
// DeclareFixedRoles allows the caller to declare, to the service, fixed roles and their
// assignments to organization roles ("Viewer", "Editor", "Admin") or "Grafana Admin"
// FIXME: Remove from access control interface and inject service where this is needed
DeclareFixedRoles(registrations ...RoleRegistration) error
//IsDisabled returns if access control is enabled or not
IsDisabled() bool
}
type Service interface {
registry.ProvidesUsageStats
// GetUserPermissions returns user permissions with only action and scope fields set.
GetUserPermissions(ctx context.Context, user *user.SignedInUser, options Options) ([]Permission, error)
// DeleteUserPermissions removes all permissions user has in org and all permission to that user
// If orgID is set to 0 remove permissions from all orgs
DeleteUserPermissions(ctx context.Context, orgID, userID int64) error
// DeclareFixedRoles allows the caller to declare, to the service, fixed roles and their
// assignments to organization roles ("Viewer", "Editor", "Admin") or "Grafana Admin"
DeclareFixedRoles(registrations ...RoleRegistration) error
//IsDisabled returns if access control is enabled or not
IsDisabled() bool
}
type RoleRegistry interface {
@@ -46,7 +45,11 @@ type RoleRegistry interface {
RegisterFixedRoles(ctx context.Context) error
}
type PermissionsStore interface {
type Options struct {
ReloadCache bool
}
type Store interface {
// GetUserPermissions returns user permissions with only action and scope fields set.
GetUserPermissions(ctx context.Context, query GetUserPermissionsQuery) ([]Permission, error)
DeleteUserPermissions(ctx context.Context, orgID, userID int64) error