IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-14 17:43:35 -06:00
Code Issues Packages Projects Releases Wiki Activity
080ea88af7
grafana/pkg/services/libraryelements/guard.go
idafurjes 080ea88af7
Nested Folders: Support getting of nested folder in folder service wh… (#58597) 
* Nested Folders: Support getting of nested folder in folder service when feature flag is set

* Fix lint

* Fix some tests

* Fix ngalert test

* ngalert fix

* Fix API tests

* Fix some tests and lint

* Fix lint 2

* Fix library elements and panels

* Add access control to get folder

* Cleanup and minor test change
2022-11-11 14:28:24 +01:00

83 lines
2.0 KiB
Go
Raw Blame History

package libraryelements
import (
"context"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/folder"
"github.com/grafana/grafana/pkg/services/guardian"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/user"
)
func isGeneralFolder(folderID int64) bool {
return folderID == 0
}
func isUIDGeneralFolder(folderUID string) bool {
return folderUID == accesscontrol.GeneralFolderUID
}
func (l *LibraryElementService) requireSupportedElementKind(kindAsInt int64) error {
kind := models.LibraryElementKind(kindAsInt)
switch kind {
case models.PanelElement:
return nil
case models.VariableElement:
return nil
default:
return errLibraryElementUnSupportedElementKind
}
}
func (l *LibraryElementService) requireEditPermissionsOnFolder(ctx context.Context, user *user.SignedInUser, folderID int64) error {
if isGeneralFolder(folderID) && user.HasRole(org.RoleEditor) {
return nil
}
if isGeneralFolder(folderID) && user.HasRole(org.RoleViewer) {
return dashboards.ErrFolderAccessDenied
}
folder, err := l.folderService.Get(ctx, &folder.GetFolderQuery{ID: &folderID, OrgID: user.OrgID})
if err != nil {
return err
}
g := guardian.New(ctx, folder.ID, user.OrgID, user)
canEdit, err := g.CanEdit()
if err != nil {
return err
}
if !canEdit {
return dashboards.ErrFolderAccessDenied
}
return nil
}
func (l *LibraryElementService) requireViewPermissionsOnFolder(ctx context.Context, user *user.SignedInUser, folderID int64) error {
if isGeneralFolder(folderID) && user.HasRole(org.RoleViewer) {
return nil
}
folder, err := l.folderService.Get(ctx, &folder.GetFolderQuery{ID: &folderID, OrgID: user.OrgID})
if err != nil {
return err
}
g := guardian.New(ctx, folder.ID, user.OrgID, user)
canView, err := g.CanView()
if err != nil {
return err
}
if !canView {
return dashboards.ErrFolderAccessDenied
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink