IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Authn: Identity resolvers (#85930)

Browse Source 
* AuthN: Add NamespaceID struct. We should replace the usage of encoded namespaceID with this one

* AuthN: Add optional interface that clients can implement to be able to resolve identity for a namespace

* Authn: Implement IdentityResolverClient for api keys

* AuthN: use idenity resolvers

Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
This commit is contained in:
Karl Persson
2024-04-12 11:38:20 +02:00
committed by GitHub
parent c837d95677
commit 73fecc8d80
11 changed files with 409 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/services/accesscontrol/accesscontrol.go
View File

@@ -175,7 +175,9 @@ func HasGlobalAccess(ac AccessControl, authnService authn.Service, c *contextmod
var targetOrgID int64 = GlobalOrgID
orgUser, err := authnService.ResolveIdentity(c.Req.Context(), targetOrgID, c.SignedInUser.GetID())
if err != nil {
deny(c, nil, fmt.Errorf("failed to authenticate user in target org: %w", err))
// This will be an common error for entities that can't authenticate in global scope
c.Logger.Debug("Failed to authenticate user in global scope", "error", err)
return false
}
hasAccess, err := ac.Evaluate(c.Req.Context(), orgUser, evaluator)