Alexander Zobnin
8b843eb0a6
* Expose user permissions to the frontend * Do not include empty scope * Extend ContextSrv with hasPermission() method * Add access control types * Fix type error (make permissions optional) * Fallback if access control disabled * Move UserPermission to types * Simplify hasPermission()
38 lines
1.0 KiB
Go
38 lines
1.0 KiB
Go
package accesscontrol
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/grafana/grafana/pkg/models"
|
|
)
|
|
|
|
type AccessControl interface {
|
|
// Evaluate evaluates access to the given resource.
|
|
Evaluate(ctx context.Context, user *models.SignedInUser, permission string, scope ...string) (bool, error)
|
|
|
|
// GetUserPermissions returns user permissions.
|
|
GetUserPermissions(ctx context.Context, user *models.SignedInUser) ([]*Permission, error)
|
|
|
|
// Middleware checks if service disabled or not to switch to fallback authorization.
|
|
IsDisabled() bool
|
|
}
|
|
|
|
func BuildPermissionsMap(permissions []*Permission) map[string]map[string]string {
|
|
permissionsMap := make(map[string]map[string]string)
|
|
for _, p := range permissions {
|
|
if item, ok := permissionsMap[p.Action]; ok {
|
|
if _, ok := item[p.Scope]; !ok && p.Scope != "" {
|
|
permissionsMap[p.Action][p.Scope] = p.Scope
|
|
}
|
|
} else {
|
|
newItem := make(map[string]string)
|
|
if p.Scope != "" {
|
|
newItem[p.Scope] = p.Scope
|
|
}
|
|
permissionsMap[p.Action] = newItem
|
|
}
|
|
}
|
|
|
|
return permissionsMap
|
|
}
|