mirror of
https://github.com/grafana/grafana.git
synced 2024-12-02 05:29:42 -06:00
52 lines
1.4 KiB
Go
52 lines
1.4 KiB
Go
package accesscontrol
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/grafana/grafana/pkg/models"
|
|
)
|
|
|
|
type AccessControl interface {
|
|
// Evaluate evaluates access to the given resource.
|
|
Evaluate(ctx context.Context, user *models.SignedInUser, permission string, scope ...string) (bool, error)
|
|
|
|
// GetUserPermissions returns user permissions.
|
|
GetUserPermissions(ctx context.Context, user *models.SignedInUser) ([]*Permission, error)
|
|
|
|
// Middleware checks if service disabled or not to switch to fallback authorization.
|
|
IsDisabled() bool
|
|
}
|
|
|
|
func HasAccess(ac AccessControl, c *models.ReqContext) func(fallback func(*models.ReqContext) bool, permission string, scopes ...string) bool {
|
|
return func(fallback func(*models.ReqContext) bool, permission string, scopes ...string) bool {
|
|
if ac.IsDisabled() {
|
|
return fallback(c)
|
|
}
|
|
|
|
hasAccess, err := ac.Evaluate(c.Req.Context(), c.SignedInUser, permission, scopes...)
|
|
if err != nil {
|
|
c.Logger.Error("Error from access control system", "error", err)
|
|
return false
|
|
}
|
|
|
|
return hasAccess
|
|
}
|
|
}
|
|
|
|
var ReqGrafanaAdmin = func(c *models.ReqContext) bool {
|
|
return c.IsGrafanaAdmin
|
|
}
|
|
|
|
var ReqOrgAdmin = func(c *models.ReqContext) bool {
|
|
return c.OrgRole == models.ROLE_ADMIN
|
|
}
|
|
|
|
func BuildPermissionsMap(permissions []*Permission) map[string]bool {
|
|
permissionsMap := make(map[string]bool)
|
|
for _, p := range permissions {
|
|
permissionsMap[p.Action] = true
|
|
}
|
|
|
|
return permissionsMap
|
|
}
|