IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AccessControl: tidy scope resolution (#40677)

Browse Source 
* AccessControl: tidy scope resolution
This commit is contained in:
Gabriel MABILLE 2021-10-20 17:11:22 +02:00 committed by GitHub
parent 3718494b35
commit 6a3ce8bd38
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 38 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
pkg/services/accesscontrol/scope.go
View File

@ -3,6 +3,8 @@ package accesscontrol
import ( import (
"fmt" "fmt"
"strings" "strings"
"github.com/grafana/grafana/pkg/models"
) )
// Scope builds scope from parts // Scope builds scope from parts
@ -29,3 +31,39 @@ func Parameter(key string) string {
func Field(key string) string { func Field(key string) string {
return fmt.Sprintf(`{{ .%s }}`, key) return fmt.Sprintf(`{{ .%s }}`, key)
} }
type KeywordScopeResolveFunc func(*models.SignedInUser) (string, error)
// ScopeResolver contains a map of functions to resolve scope keywords such as `self` or `current` into `id` based scopes
type ScopeResolver struct {
keywordResolvers map[string]KeywordScopeResolveFunc
}
func NewScopeResolver() ScopeResolver {
return ScopeResolver{
keywordResolvers: map[string]KeywordScopeResolveFunc{
"orgs:current": resolveCurrentOrg,
"users:self": resolveUserSelf,
},
}
}
func resolveCurrentOrg(u *models.SignedInUser) (string, error) {
return Scope("orgs", "id", fmt.Sprintf("%v", u.OrgId)), nil
}
func resolveUserSelf(u *models.SignedInUser) (string, error) {
return Scope("users", "id", fmt.Sprintf("%v", u.UserId)), nil
}
// ResolveKeyword resolves scope with keywords such as `self` or `current` into `id` based scopes
func (s *ScopeResolver) ResolveKeyword(user *models.SignedInUser, permission Permission) (*Permission, error) {
if fn, ok := s.keywordResolvers[permission.Scope]; ok {
resolvedScope, err := fn(user)
if err != nil {
return nil, fmt.Errorf("could not resolve %v: %v", permission.Scope, err)
}
permission.Scope = resolvedScope
}
return &permission, nil
}

0
pkg/services/accesscontrol/scoperesolution_test.go → pkg/services/accesscontrol/scope_test.go
View File

43
pkg/services/accesscontrol/scoperesolution.go
View File

@ -1,43 +0,0 @@
package accesscontrol
import (
"fmt"
"github.com/grafana/grafana/pkg/models"
)
type KeywordScopeResolveFunc func(*models.SignedInUser) (string, error)
// ScopeResolver contains a map of functions to resolve scope keywords such as `self` or `current` into `id` based scopes
type ScopeResolver struct {
keywordResolvers map[string]KeywordScopeResolveFunc
}
func NewScopeResolver() ScopeResolver {
return ScopeResolver{
keywordResolvers: map[string]KeywordScopeResolveFunc{
"orgs:current": resolveCurrentOrg,
"users:self": resolveUserSelf,
},
}
}
func resolveCurrentOrg(u *models.SignedInUser) (string, error) {
return Scope("orgs", "id", fmt.Sprintf("%v", u.OrgId)), nil
}
func resolveUserSelf(u *models.SignedInUser) (string, error) {
return Scope("users", "id", fmt.Sprintf("%v", u.UserId)), nil
}
// ResolveKeyword resolves scope with keywords such as `self` or `current` into `id` based scopes
func (s *ScopeResolver) ResolveKeyword(user *models.SignedInUser, permission Permission) (*Permission, error) {
if fn, ok := s.keywordResolvers[permission.Scope]; ok {
resolvedScope, err := fn(user)
if err != nil {
return nil, fmt.Errorf("could not resolve %v: %v", permission.Scope, err)
}
permission.Scope = resolvedScope
}
return &permission, nil
}