RBAC: Permission check performance improvements for the new search (#60729)

* Add checker and update the resource filter function for new search * Add tests for checker * small fixes * handle location for panels correctly * clean up checker code and extend the tests for it * more fixes, but tests don't quite work yet * a small change to return error * cleanup * more simplification * fix tests * correct wrong argument ordering & use constant * Apply suggestions from code review Co-authored-by: Artur Wierzbicki <artur.wierzbicki@grafana.com> * import * check general folder from permission checker function * handle root folder aka general folder properly * update tests * clean up * lint * add fix from main Co-authored-by: Karl Persson <kalle.persson@grafana.com> Co-authored-by: Artur Wierzbicki <artur.wierzbicki@grafana.com>
2023-01-27 12:12:30 +00:00
parent dab3fac01b
commit eb9ef34272
27 changed files with 289 additions and 119 deletions
@@ -0,0 +1,57 @@
+package accesscontrol
+
+import (
+	"github.com/grafana/grafana/pkg/services/user"
+)
+
+func Checker(user *user.SignedInUser, action string) func(scopes ...string) bool {
+	if user.Permissions == nil || user.Permissions[user.OrgID] == nil {
+		return func(scopes ...string) bool { return false }
+	}
+
+	userScopes, ok := user.Permissions[user.OrgID][action]
+	if !ok {
+		return func(scopes ...string) bool { return false }
+	}
+
+	lookup := make(map[string]bool, len(userScopes))
+	for i := range userScopes {
+		lookup[userScopes[i]] = true
+	}
+
+	var checkedWildcards bool
+	var hasWildcard bool
+
+	return func(scopes ...string) bool {
+		if !checkedWildcards {
+			wildcards := wildcardsFromScopes(scopes...)
+			for _, w := range wildcards {
+				if _, ok := lookup[w]; ok {
+					hasWildcard = true
+					break
+				}
+			}
+			checkedWildcards = true
+		}
+
+		if hasWildcard {
+			return true
+		}
+
+		for _, s := range scopes {
+			if lookup[s] {
+				return true
+			}
+		}
+		return false
+	}
+}
+
+func wildcardsFromScopes(scopes ...string) Wildcards {
+	prefixes := make([]string, len(scopes))
+	for _, scope := range scopes {
+		prefixes = append(prefixes, ScopePrefix(scope))
+	}
+
+	return WildcardsFromPrefixes(prefixes)
+}