Access control: Basic structure and functionality behind feature toggle (#31893)
Co-authored-by: Alexander Zobnin <alexander.zobnin@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Arve Knudsen <arve.knudsen@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@grafana.com>
This commit is contained in:
Alexander Zobnin
GitHub
@@ -0,0 +1,188 @@
|
||||
package accesscontrol
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"time"
|
||||
)
|
||||
|
||||
var (
|
||||
ErrRoleNotFound = errors.New("role not found")
|
||||
ErrTeamRoleAlreadyAdded = errors.New("role is already added to this team")
|
||||
ErrUserRoleAlreadyAdded = errors.New("role is already added to this user")
|
||||
ErrTeamRoleNotFound = errors.New("team role not found")
|
||||
ErrUserRoleNotFound = errors.New("user role not found")
|
||||
ErrTeamNotFound = errors.New("team not found")
|
||||
ErrPermissionNotFound = errors.New("permission not found")
|
||||
ErrRoleFailedGenerateUniqueUID = errors.New("failed to generate role definition UID")
|
||||
ErrVersionLE = errors.New("the provided role version is smaller than or equal to stored role")
|
||||
)
|
||||
|
||||
// Role is the model for Role in RBAC.
|
||||
type Role struct {
|
||||
ID int64 `json:"id" xorm:"pk autoincr 'id'"`
|
||||
OrgID int64 `json:"orgId" xorm:"org_id"`
|
||||
Version int64 `json:"version"`
|
||||
UID string `xorm:"uid" json:"uid"`
|
||||
Name string `json:"name"`
|
||||
Description string `json:"description"`
|
||||
|
||||
Updated time.Time `json:"updated"`
|
||||
Created time.Time `json:"created"`
|
||||
}
|
||||
|
||||
type RoleDTO struct {
|
||||
ID int64 `json:"id" xorm:"pk autoincr 'id'"`
|
||||
OrgID int64 `json:"orgId" xorm:"org_id"`
|
||||
Version int64 `json:"version"`
|
||||
UID string `xorm:"uid" json:"uid"`
|
||||
Name string `json:"name"`
|
||||
Description string `json:"description"`
|
||||
Permissions []Permission `json:"permissions,omitempty"`
|
||||
|
||||
Updated time.Time `json:"updated"`
|
||||
Created time.Time `json:"created"`
|
||||
}
|
||||
|
||||
// Permission is the model for Permission in RBAC.
|
||||
type Permission struct {
|
||||
ID int64 `json:"id" xorm:"pk autoincr 'id'"`
|
||||
RoleID int64 `json:"-" xorm:"role_id"`
|
||||
Permission string `json:"permission"`
|
||||
Scope string `json:"scope"`
|
||||
|
||||
Updated time.Time `json:"updated"`
|
||||
Created time.Time `json:"created"`
|
||||
}
|
||||
|
||||
type TeamRole struct {
|
||||
ID int64 `json:"id" xorm:"pk autoincr 'id'"`
|
||||
OrgID int64 `json:"orgId" xorm:"org_id"`
|
||||
RoleID int64 `json:"roleId" xorm:"role_id"`
|
||||
TeamID int64 `json:"teamId" xorm:"team_id"`
|
||||
|
||||
Created time.Time
|
||||
}
|
||||
|
||||
type UserRole struct {
|
||||
ID int64 `json:"id" xorm:"pk autoincr 'id'"`
|
||||
OrgID int64 `json:"orgId" xorm:"org_id"`
|
||||
RoleID int64 `json:"roleId" xorm:"role_id"`
|
||||
UserID int64 `json:"userId" xorm:"user_id"`
|
||||
|
||||
Created time.Time
|
||||
}
|
||||
|
||||
type BuiltinRole struct {
|
||||
ID *int64 `json:"id" xorm:"pk autoincr 'id'"`
|
||||
RoleID int64 `json:"roleId" xorm:"role_id"`
|
||||
Role string
|
||||
|
||||
Updated time.Time
|
||||
Created time.Time
|
||||
}
|
||||
|
||||
type GetTeamRolesQuery struct {
|
||||
OrgID int64 `json:"-"`
|
||||
TeamID int64 `json:"teamId"`
|
||||
}
|
||||
|
||||
type GetUserRolesQuery struct {
|
||||
OrgID int64 `json:"-"`
|
||||
UserID int64 `json:"userId"`
|
||||
Roles []string
|
||||
}
|
||||
|
||||
type GetUserPermissionsQuery struct {
|
||||
OrgID int64 `json:"-"`
|
||||
UserID int64 `json:"userId"`
|
||||
Roles []string
|
||||
}
|
||||
|
||||
type CreatePermissionCommand struct {
|
||||
RoleID int64 `json:"roleId"`
|
||||
Permission string
|
||||
Scope string
|
||||
}
|
||||
|
||||
type UpdatePermissionCommand struct {
|
||||
ID int64 `json:"id"`
|
||||
Permission string
|
||||
Scope string
|
||||
}
|
||||
|
||||
type DeletePermissionCommand struct {
|
||||
ID int64 `json:"id"`
|
||||
}
|
||||
|
||||
type CreateRoleCommand struct {
|
||||
OrgID int64 `json:"-"`
|
||||
UID string `json:"uid"`
|
||||
Version int64 `json:"version"`
|
||||
Name string `json:"name"`
|
||||
Description string `json:"description"`
|
||||
}
|
||||
|
||||
type CreateRoleWithPermissionsCommand struct {
|
||||
OrgID int64 `json:"orgId"`
|
||||
UID string `json:"uid"`
|
||||
Version int64 `json:"version"`
|
||||
Name string `json:"name"`
|
||||
Description string `json:"description"`
|
||||
Permissions []Permission `json:"permissions"`
|
||||
}
|
||||
|
||||
type UpdateRoleCommand struct {
|
||||
ID int64 `json:"id"`
|
||||
OrgID int64 `json:"orgId"`
|
||||
Version int64 `json:"version"`
|
||||
UID string `json:"uid"`
|
||||
Name string `json:"name"`
|
||||
Description string `json:"description"`
|
||||
Permissions []Permission `json:"permissions"`
|
||||
}
|
||||
|
||||
type DeleteRoleCommand struct {
|
||||
ID int64 `json:"id"`
|
||||
UID string `json:"uid"`
|
||||
OrgID int64 `json:"org_id"`
|
||||
}
|
||||
|
||||
type AddTeamRoleCommand struct {
|
||||
OrgID int64 `json:"org_id"`
|
||||
RoleID int64 `json:"role_id"`
|
||||
TeamID int64 `json:"team_id"`
|
||||
}
|
||||
|
||||
type RemoveTeamRoleCommand struct {
|
||||
OrgID int64 `json:"org_id"`
|
||||
RoleID int64 `json:"role_id"`
|
||||
TeamID int64 `json:"team_id"`
|
||||
}
|
||||
|
||||
type AddUserRoleCommand struct {
|
||||
OrgID int64 `json:"org_id"`
|
||||
RoleID int64 `json:"role_id"`
|
||||
UserID int64 `json:"user_id"`
|
||||
}
|
||||
|
||||
type RemoveUserRoleCommand struct {
|
||||
OrgID int64 `json:"org_id"`
|
||||
RoleID int64 `json:"role_id"`
|
||||
UserID int64 `json:"user_id"`
|
||||
}
|
||||
|
||||
type EvaluationResult struct {
|
||||
HasAccess bool
|
||||
Meta interface{}
|
||||
}
|
||||
|
||||
func (p RoleDTO) Role() Role {
|
||||
return Role{
|
||||
ID: p.ID,
|
||||
OrgID: p.OrgID,
|
||||
Name: p.Name,
|
||||
Description: p.Description,
|
||||
Updated: p.Updated,
|
||||
Created: p.Created,
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user