IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-14 09:33:34 -06:00
Code Issues Packages Projects Releases Wiki Activity
003a1cdaa0
grafana/pkg/services/libraryelements/guard.go
idafurjes a14621fff6
Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343) 
* Chore: Add user service method SetUsingOrg

* Chore: Add user service method GetSignedInUserWithCacheCtx

* Use method GetSignedInUserWithCacheCtx from user service

* Fix lint after rebase

* Fix lint

* Fix lint error

* roll back some changes

* Roll back changes in api and middleware

* Add xorm tags to SignedInUser ID fields
2022-08-11 13:28:55 +02:00

77 lines
1.8 KiB
Go
Raw Blame History

package libraryelements
import (
"context"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/guardian"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/user"
)
func isGeneralFolder(folderID int64) bool {
return folderID == 0
}
func (l *LibraryElementService) requireSupportedElementKind(kindAsInt int64) error {
kind := models.LibraryElementKind(kindAsInt)
switch kind {
case models.PanelElement:
return nil
case models.VariableElement:
return nil
default:
return errLibraryElementUnSupportedElementKind
}
}
func (l *LibraryElementService) requireEditPermissionsOnFolder(ctx context.Context, user *user.SignedInUser, folderID int64) error {
if isGeneralFolder(folderID) && user.HasRole(org.RoleEditor) {
return nil
}
if isGeneralFolder(folderID) && user.HasRole(org.RoleViewer) {
return dashboards.ErrFolderAccessDenied
}
folder, err := l.folderService.GetFolderByID(ctx, user, folderID, user.OrgID)
if err != nil {
return err
}
g := guardian.New(ctx, folder.Id, user.OrgID, user)
canEdit, err := g.CanEdit()
if err != nil {
return err
}
if !canEdit {
return dashboards.ErrFolderAccessDenied
}
return nil
}
func (l *LibraryElementService) requireViewPermissionsOnFolder(ctx context.Context, user *user.SignedInUser, folderID int64) error {
if isGeneralFolder(folderID) && user.HasRole(org.RoleViewer) {
return nil
}
folder, err := l.folderService.GetFolderByID(ctx, user, folderID, user.OrgID)
if err != nil {
return err
}
g := guardian.New(ctx, folder.Id, user.OrgID, user)
canView, err := g.CanView()
if err != nil {
return err
}
if !canView {
return dashboards.ErrFolderAccessDenied
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink