public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fe61a97c9d83cfbaf3712a987ab6553b42657a48
grafana/pkg/services/accesscontrol/ossaccesscontrol/accesscontrol.go
T
Karl Persson 55c7b8add2 RBAC: Split up service into several components (#54002) 
* RBAC: Rename interface to Store

* RBAC: Move ranme scopeInjector

* RBAC: Rename files to service

* RBAC: Rename to service

* RBAC: Split up accesscontrol into two components

* RBAC: Add DeclareFixedRoles to AccessControl interface

* Wire: Fix wire bindings

* RBAC: Move resolvers to root

* RBAC: Remove invalid test

* RBAC: Inject access control service

* RBAC: Implement the RoleRegistry interface in fake
2022-08-24 13:29:17 +02:00

67 lines
2.0 KiB
Go
Raw Blame History

package ossaccesscontrol
import (
"context"
"github.com/prometheus/client_golang/prometheus"
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/infra/metrics"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/setting"
)
var _ accesscontrol.AccessControl = new(AccessControl)
func ProvideAccessControl(cfg *setting.Cfg, service accesscontrol.Service) *AccessControl {
logger := log.New("accesscontrol")
return &AccessControl{
cfg, logger, accesscontrol.NewResolvers(logger), service,
}
}
type AccessControl struct {
cfg *setting.Cfg
log log.Logger
resolvers accesscontrol.Resolvers
service accesscontrol.Service
}
func (a *AccessControl) Evaluate(ctx context.Context, user *user.SignedInUser, evaluator accesscontrol.Evaluator) (bool, error) {
timer := prometheus.NewTimer(metrics.MAccessEvaluationsSummary)
defer timer.ObserveDuration()
metrics.MAccessEvaluationCount.Inc()
if user.Permissions == nil {
user.Permissions = map[int64]map[string][]string{}
}
if _, ok := user.Permissions[user.OrgID]; !ok {
permissions, err := a.service.GetUserPermissions(ctx, user, accesscontrol.Options{ReloadCache: true})
if err != nil {
return false, err
}
user.Permissions[user.OrgID] = accesscontrol.GroupScopesByAction(permissions)
}
resolvedEvaluator, err := evaluator.MutateScopes(ctx, a.resolvers.GetScopeAttributeMutator(user.OrgID))
if err != nil {
return false, err
}
return resolvedEvaluator.Evaluate(user.Permissions[user.OrgID]), nil
}
func (a *AccessControl) RegisterScopeAttributeResolver(prefix string, resolver accesscontrol.ScopeAttributeResolver) {
a.resolvers.AddScopeAttributeResolver(prefix, resolver)
}
func (a *AccessControl) DeclareFixedRoles(registrations ...accesscontrol.RoleRegistration) error {
// FIXME: Remove wrapped call
return a.service.DeclareFixedRoles(registrations...)
}
func (a *AccessControl) IsDisabled() bool {
return accesscontrol.IsDisabled(a.cfg)
}
Reference in New Issue View Git Blame Copy Permalink