IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
1e81ffccacbcfea0012e2d264f8e82acba22361b
grafana/pkg/services/authn/authnimpl/sync/permission_sync.go
Karl Persson fd2235b5ad AuthN: Implement requester interface for identity (#75618) 
* AuthN: Implement identity.Requester interface for authn.Identity

* AuthN: Replace OrgRole with GetOrgRole

* IDForwarding: skip converting to SignedInUser

* Pass identity directly in permission sync hook
2023-09-28 16:37:32 +02:00

45 lines
1.2 KiB
Go
Raw Blame History

package sync
import (
"context"
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/authn"
"github.com/grafana/grafana/pkg/util/errutil"
)
var (
errSyncPermissionsForbidden = errutil.Forbidden("permissions.sync.forbidden")
)
func ProvidePermissionsSync(acService accesscontrol.Service) *PermissionsSync {
return &PermissionsSync{
ac: acService,
log: log.New("permissions.sync"),
}
}
type PermissionsSync struct {
ac accesscontrol.Service
log log.Logger
}
func (s *PermissionsSync) SyncPermissionsHook(ctx context.Context, identity *authn.Identity, _ *authn.Request) error {
if !identity.ClientParams.SyncPermissions {
return nil
}
permissions, err := s.ac.GetUserPermissions(ctx, identity, accesscontrol.Options{ReloadCache: false})
if err != nil {
s.log.FromContext(ctx).Error("Failed to fetch permissions from db", "error", err, "user_id", identity.ID)
return errSyncPermissionsForbidden
}
if identity.Permissions == nil {
identity.Permissions = make(map[int64]map[string][]string)
}
identity.Permissions[identity.OrgID] = accesscontrol.GroupScopesByAction(permissions)
return nil
}
Reference in New Issue View Git Blame Copy Permalink