IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Extract method from access control impl to a function in domain packge (#49947)

Browse Source 
* Remove GetUserBuiltInRoles and create it as a util function in
accesscontrol domain package
This commit is contained in:
Karl Persson 2022-06-02 16:10:41 +02:00 committed by GitHub
parent 0e991461b0
commit 896a101f48
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/services/accesscontrol/accesscontrol.go
View File

@ -259,3 +259,21 @@ func extractPrefixes(prefix string) (string, string, bool) {
func IsDisabled(cfg *setting.Cfg) bool {
return !cfg.RBACEnabled
}
// GetOrgRoles returns legacy org roles for a user
func GetOrgRoles(cfg *setting.Cfg, user *models.SignedInUser) []string {
roles := []string{string(user.OrgRole)}
// With built-in role simplifying, inheritance is performed upon role registration.
if cfg.RBACBuiltInRoleAssignmentEnabled {
for _, br := range user.OrgRole.Children() {
roles = append(roles, string(br))
}
}
if user.IsGrafanaAdmin {
roles = append(roles, RoleGrafanaAdmin)
}
return roles
}

21
pkg/services/accesscontrol/ossaccesscontrol/ossaccesscontrol.go
View File

@ -112,7 +112,7 @@ func (ac *OSSAccessControlService) GetUserPermissions(ctx context.Context, user
dbPermissions, err := ac.store.GetUserPermissions(ctx, accesscontrol.GetUserPermissionsQuery{
OrgID: user.OrgId,
UserID: user.UserId,
Roles: ac.GetUserBuiltInRoles(user),
Roles: accesscontrol.GetOrgRoles(ac.cfg, user),
Actions: append(TeamAdminActions, append(DashboardAdminActions, FolderAdminActions...)...),
})
if err != nil {
@ -137,7 +137,7 @@ func (ac *OSSAccessControlService) GetUserPermissions(ctx context.Context, user
func (ac *OSSAccessControlService) getFixedPermissions(ctx context.Context, user *models.SignedInUser) []*accesscontrol.Permission {
permissions := make([]*accesscontrol.Permission, 0)
for _, builtin := range ac.GetUserBuiltInRoles(user) {
for _, builtin := range accesscontrol.GetOrgRoles(ac.cfg, user) {
if basicRole, ok := ac.roles[builtin]; ok {
for i := range basicRole.Permissions {
permissions = append(permissions, &basicRole.Permissions[i])
@ -148,23 +148,6 @@ func (ac *OSSAccessControlService) getFixedPermissions(ctx context.Context, user
return permissions
}
func (ac *OSSAccessControlService) GetUserBuiltInRoles(user *models.SignedInUser) []string {
builtInRoles := []string{string(user.OrgRole)}
// With built-in role simplifying, inheritance is performed upon role registration.
if ac.cfg.RBACBuiltInRoleAssignmentEnabled {
for _, br := range user.OrgRole.Children() {
builtInRoles = append(builtInRoles, string(br))
}
}
if user.IsGrafanaAdmin {
builtInRoles = append(builtInRoles, accesscontrol.RoleGrafanaAdmin)
}
return builtInRoles
}
// RegisterFixedRoles registers all declared roles in RAM
func (ac *OSSAccessControlService) RegisterFixedRoles(ctx context.Context) error {
// If accesscontrol is disabled no need to register roles