Documentation ¶
Index ¶
- func PermissionMatchesSearchOptions(permission accesscontrol.Permission, searchOptions accesscontrol.SearchOptions) bool
- type AccessControl
- type Service
- func (s *Service) ClearUserPermissionCache(user *user.SignedInUser)
- func (s *Service) DeclareFixedRoles(registrations ...accesscontrol.RoleRegistration) error
- func (s *Service) DeclarePluginRoles(_ context.Context, ID, name string, regs []plugins.RoleRegistration) error
- func (s *Service) DeleteExternalServiceRole(ctx context.Context, externalServiceID string) error
- func (s *Service) DeleteUserPermissions(ctx context.Context, orgID int64, userID int64) error
- func (s *Service) GetUsageStats(_ context.Context) map[string]interface{}
- func (s *Service) GetUserPermissions(ctx context.Context, user *user.SignedInUser, options accesscontrol.Options) ([]accesscontrol.Permission, error)
- func (s *Service) IsDisabled() bool
- func (s *Service) RegisterFixedRoles(ctx context.Context) error
- func (s *Service) SaveExternalServiceRole(ctx context.Context, cmd accesscontrol.SaveExternalServiceRoleCommand) error
- func (s *Service) SearchUserPermissions(ctx context.Context, orgID int64, searchOptions accesscontrol.SearchOptions) ([]accesscontrol.Permission, error)
- func (s *Service) SearchUsersPermissions(ctx context.Context, user *user.SignedInUser, orgID int64, ...) (map[int64][]accesscontrol.Permission, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func PermissionMatchesSearchOptions ¶
func PermissionMatchesSearchOptions(permission accesscontrol.Permission, searchOptions accesscontrol.SearchOptions) bool
Types ¶
type AccessControl ¶
type AccessControl struct {
// contains filtered or unexported fields
}
func ProvideAccessControl ¶
func ProvideAccessControl(cfg *setting.Cfg) *AccessControl
func (*AccessControl) Evaluate ¶
func (a *AccessControl) Evaluate(ctx context.Context, user *user.SignedInUser, evaluator accesscontrol.Evaluator) (bool, error)
func (*AccessControl) IsDisabled ¶
func (a *AccessControl) IsDisabled() bool
func (*AccessControl) RegisterScopeAttributeResolver ¶
func (a *AccessControl) RegisterScopeAttributeResolver(prefix string, resolver accesscontrol.ScopeAttributeResolver)
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service is the service implementing role based access control.
func ProvideOSSService ¶
func ProvideOSSService(cfg *setting.Cfg, store store, cache *localcache.CacheService, features *featuremgmt.FeatureManager) *Service
func ProvideService ¶
func ProvideService(cfg *setting.Cfg, store db.DB, routeRegister routing.RouteRegister, cache *localcache.CacheService, accessControl accesscontrol.AccessControl, features *featuremgmt.FeatureManager) (*Service, error)
func (*Service) ClearUserPermissionCache ¶
func (s *Service) ClearUserPermissionCache(user *user.SignedInUser)
func (*Service) DeclareFixedRoles ¶
func (s *Service) DeclareFixedRoles(registrations ...accesscontrol.RoleRegistration) error
DeclareFixedRoles allow the caller to declare, to the service, fixed roles and their assignments to organization roles ("Viewer", "Editor", "Admin") or "Grafana Admin"
func (*Service) DeclarePluginRoles ¶
func (s *Service) DeclarePluginRoles(_ context.Context, ID, name string, regs []plugins.RoleRegistration) error
DeclarePluginRoles allow the caller to declare, to the service, plugin roles and their assignments to organization roles ("Viewer", "Editor", "Admin") or "Grafana Admin"
func (*Service) DeleteExternalServiceRole ¶
func (*Service) DeleteUserPermissions ¶
func (*Service) GetUsageStats ¶
func (*Service) GetUserPermissions ¶
func (s *Service) GetUserPermissions(ctx context.Context, user *user.SignedInUser, options accesscontrol.Options) ([]accesscontrol.Permission, error)
GetUserPermissions returns user permissions based on built-in roles
func (*Service) IsDisabled ¶
func (*Service) RegisterFixedRoles ¶
RegisterFixedRoles registers all declared roles in RAM
func (*Service) SaveExternalServiceRole ¶
func (s *Service) SaveExternalServiceRole(ctx context.Context, cmd accesscontrol.SaveExternalServiceRoleCommand) error
func (*Service) SearchUserPermissions ¶
func (s *Service) SearchUserPermissions(ctx context.Context, orgID int64, searchOptions accesscontrol.SearchOptions) ([]accesscontrol.Permission, error)
func (*Service) SearchUsersPermissions ¶
func (s *Service) SearchUsersPermissions(ctx context.Context, user *user.SignedInUser, orgID int64, options accesscontrol.SearchOptions) (map[int64][]accesscontrol.Permission, error)
SearchUsersPermissions returns all users' permissions filtered by action prefixes
Click to show internal directories.
Click to hide internal directories.