IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
4926767737
grafana/pkg/services/libraryelements/guard.go
idafurjes 6afad51761
Move SignedInUser to user service and RoleType and Roles to org (#53445) 
* Move SignedInUser to user service and RoleType and Roles to org

* Use go naming convention for roles

* Fix some imports and leftovers

* Fix ldap debug test

* Fix lint

* Fix lint 2

* Fix lint 3

* Fix type and not needed conversion

* Clean up messages in api tests

* Clean up api tests 2
2022-08-10 11:56:48 +02:00

77 lines
1.8 KiB
Go
Raw Blame History

package libraryelements
import (
"context"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/guardian"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/user"
)
func isGeneralFolder(folderID int64) bool {
return folderID == 0
}
func (l *LibraryElementService) requireSupportedElementKind(kindAsInt int64) error {
kind := models.LibraryElementKind(kindAsInt)
switch kind {
case models.PanelElement:
return nil
case models.VariableElement:
return nil
default:
return errLibraryElementUnSupportedElementKind
}
}
func (l *LibraryElementService) requireEditPermissionsOnFolder(ctx context.Context, user *user.SignedInUser, folderID int64) error {
if isGeneralFolder(folderID) && user.HasRole(org.RoleEditor) {
return nil
}
if isGeneralFolder(folderID) && user.HasRole(org.RoleViewer) {
return dashboards.ErrFolderAccessDenied
}
folder, err := l.folderService.GetFolderByID(ctx, user, folderID, user.OrgId)
if err != nil {
return err
}
g := guardian.New(ctx, folder.Id, user.OrgId, user)
canEdit, err := g.CanEdit()
if err != nil {
return err
}
if !canEdit {
return dashboards.ErrFolderAccessDenied
}
return nil
}
func (l *LibraryElementService) requireViewPermissionsOnFolder(ctx context.Context, user *user.SignedInUser, folderID int64) error {
if isGeneralFolder(folderID) && user.HasRole(org.RoleViewer) {
return nil
}
folder, err := l.folderService.GetFolderByID(ctx, user, folderID, user.OrgId)
if err != nil {
return err
}
g := guardian.New(ctx, folder.Id, user.OrgId, user)
canView, err := g.CanView()
if err != nil {
return err
}
if !canView {
return dashboards.ErrFolderAccessDenied
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink