IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-25 18:30:41 -06:00
Code Issues Packages Projects Releases Wiki Activity
c62cc25513
grafana/pkg/services/ngalert/accesscontrol/accesscontrol.go
Yuri Tseretyan 509691b416
Alerting: Introduce authorization logic for operations on silences (#85418) 
* extract genericService from RuleService just to reuse it later
* implement silence service

---------

Co-authored-by: William Wernert <william.wernert@grafana.com>
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
2024-04-08 18:02:28 -04:00

29 lines
1.1 KiB
Go
Raw Blame History

package accesscontrol
import (
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/auth/identity"
"golang.org/x/net/context"
)
type genericService struct {
ac accesscontrol.AccessControl
}
// HasAccess returns true if the identity.Requester has all permissions specified by the evaluator. Returns error if access control backend could not evaluate permissions
func (r genericService) HasAccess(ctx context.Context, user identity.Requester, evaluator accesscontrol.Evaluator) (bool, error) {
return r.ac.Evaluate(ctx, user, evaluator)
}
// HasAccessOrError returns nil if the identity.Requester has enough permissions to pass the accesscontrol.Evaluator. Otherwise, returns authorization error that contains action that was performed
func (r genericService) HasAccessOrError(ctx context.Context, user identity.Requester, evaluator accesscontrol.Evaluator, action func() string) error {
has, err := r.HasAccess(ctx, user, evaluator)
if err != nil {
return err
}
if !has {
return NewAuthorizationErrorWithPermissions(action(), evaluator)
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink