mirror of
https://github.com/grafana/grafana.git
synced 2024-11-26 02:40:26 -06:00
53 lines
2.0 KiB
Go
53 lines
2.0 KiB
Go
package searchV2
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/grafana/grafana/pkg/infra/db"
|
|
"github.com/grafana/grafana/pkg/infra/log"
|
|
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
|
"github.com/grafana/grafana/pkg/services/dashboards"
|
|
"github.com/grafana/grafana/pkg/services/folder"
|
|
"github.com/grafana/grafana/pkg/services/user"
|
|
)
|
|
|
|
// ResourceFilter checks if a given a uid (resource identifier) check if we have the requested permission
|
|
type ResourceFilter func(kind entityKind, uid, parentUID string) bool
|
|
|
|
// FutureAuthService eventually implemented by the security service
|
|
type FutureAuthService interface {
|
|
GetDashboardReadFilter(ctx context.Context, orgID int64, user *user.SignedInUser) (ResourceFilter, error)
|
|
}
|
|
|
|
var _ FutureAuthService = (*simpleAuthService)(nil)
|
|
|
|
type simpleAuthService struct {
|
|
sql db.DB
|
|
ac accesscontrol.Service
|
|
folderService folder.Service
|
|
logger log.Logger
|
|
}
|
|
|
|
func (a *simpleAuthService) GetDashboardReadFilter(ctx context.Context, orgID int64, user *user.SignedInUser) (ResourceFilter, error) {
|
|
canReadDashboard, canReadFolder := accesscontrol.Checker(user, dashboards.ActionDashboardsRead), accesscontrol.Checker(user, dashboards.ActionFoldersRead)
|
|
return func(kind entityKind, uid, parent string) bool {
|
|
if kind == entityKindFolder {
|
|
scopes, err := dashboards.GetInheritedScopes(ctx, orgID, uid, a.folderService)
|
|
if err != nil {
|
|
a.logger.Debug("Could not retrieve inherited folder scopes:", "err", err)
|
|
}
|
|
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(uid))
|
|
return canReadFolder(scopes...)
|
|
} else if kind == entityKindDashboard {
|
|
scopes, err := dashboards.GetInheritedScopes(ctx, orgID, parent, a.folderService)
|
|
if err != nil {
|
|
a.logger.Debug("Could not retrieve inherited folder scopes:", "err", err)
|
|
}
|
|
scopes = append(scopes, dashboards.ScopeDashboardsProvider.GetResourceScopeUID(uid))
|
|
scopes = append(scopes, dashboards.ScopeFoldersProvider.GetResourceScopeUID(parent))
|
|
return canReadDashboard(scopes...)
|
|
}
|
|
return false
|
|
}, nil
|
|
}
|