45 lines
1.2 KiB
Go
45 lines
1.2 KiB
Go
package acimpl
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
|
)
|
|
|
|
const (
|
|
ossBasicRoleSeedLockName = "oss-ac-basic-role-seeder"
|
|
ossBasicRoleSeedTimeout = 2 * time.Minute
|
|
)
|
|
|
|
// refreshBasicRolePermissionsInDB ensures basic role permissions are fully derived from in-memory registrations
|
|
func (s *Service) refreshBasicRolePermissionsInDB(ctx context.Context, rolesSnapshot map[string][]accesscontrol.Permission) error {
|
|
if s.sql == nil || s.seeder == nil {
|
|
return nil
|
|
}
|
|
|
|
run := func(ctx context.Context) error {
|
|
desired := map[accesscontrol.SeedPermission]struct{}{}
|
|
for role, permissions := range rolesSnapshot {
|
|
for _, permission := range permissions {
|
|
desired[accesscontrol.SeedPermission{BuiltInRole: role, Action: permission.Action, Scope: permission.Scope}] = struct{}{}
|
|
}
|
|
}
|
|
s.seeder.SetDesiredPermissions(desired)
|
|
return s.seeder.Seed(ctx)
|
|
}
|
|
|
|
if s.serverLock == nil {
|
|
return run(ctx)
|
|
}
|
|
|
|
var err error
|
|
errLock := s.serverLock.LockExecuteAndRelease(ctx, ossBasicRoleSeedLockName, ossBasicRoleSeedTimeout, func(ctx context.Context) {
|
|
err = run(ctx)
|
|
})
|
|
if errLock != nil {
|
|
return errLock
|
|
}
|
|
return err
|
|
}
|