mirror of
https://github.com/grafana/grafana.git
synced 2025-02-12 08:35:43 -06:00
6188526e1d
* Storage: use static access rules * Storage: use static access rules * Storage: add tests
42 lines
1.2 KiB
Go
42 lines
1.2 KiB
Go
package store
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/grafana/grafana/pkg/infra/filestorage"
|
|
"github.com/grafana/grafana/pkg/infra/log"
|
|
"github.com/grafana/grafana/pkg/models"
|
|
)
|
|
|
|
type createPathFilterByAction func(ctx context.Context, user *models.SignedInUser, storageName string) map[string]filestorage.PathFilter
|
|
|
|
func newStaticStorageAuthService(createPathFilterByAction createPathFilterByAction) storageAuthService {
|
|
return &staticStorageAuth{
|
|
denyAllFileGuardian: &denyAllFileGuardian{},
|
|
createPathFilterByAction: createPathFilterByAction,
|
|
log: log.New("staticStorageAuthService"),
|
|
}
|
|
}
|
|
|
|
type staticStorageAuth struct {
|
|
log log.Logger
|
|
denyAllFileGuardian fileGuardian
|
|
createPathFilterByAction createPathFilterByAction
|
|
}
|
|
|
|
func (a *staticStorageAuth) newGuardian(ctx context.Context, user *models.SignedInUser, storageName string) fileGuardian {
|
|
pathFilter := a.createPathFilterByAction(ctx, user, storageName)
|
|
|
|
if pathFilter == nil {
|
|
return a.denyAllFileGuardian
|
|
}
|
|
|
|
return &pathFilterFileGuardian{
|
|
ctx: ctx,
|
|
user: user,
|
|
log: a.log,
|
|
prefix: storageName,
|
|
pathFilterByAction: pathFilter,
|
|
}
|
|
}
|