guardian

package
v0.0.0-...-fb7f86c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 18, 2023 License: AGPL-3.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrGuardianPermissionExists    = errors.New("permission already exists")
	ErrGuardianOverride            = errors.New("you can only override a permission to be higher")
	ErrGuardianGetDashboardFailure = errutil.NewBase(errutil.StatusInternal, "guardian.getDashboardFailure", errutil.WithPublicMessage("Failed to get dashboard"))
	ErrGuardianGetFolderFailure    = errutil.NewBase(errutil.StatusInternal, "guardian.getFolderFailure", errutil.WithPublicMessage("Failed to get folder"))
	ErrGuardianDashboardNotFound   = errutil.NewBase(errutil.StatusNotFound, "guardian.dashboardNotFound")
	ErrGuardianFolderNotFound      = errutil.NewBase(errutil.StatusNotFound, "guardian.folderNotFound")
)
View Source
var New = func(ctx context.Context, dashId int64, orgId int64, user *user.SignedInUser) (DashboardGuardian, error) {
	panic("no guardian factory implementation provided")
}

New factory for creating a new dashboard guardian instance When using access control this function is replaced on startup and the AccessControlDashboardGuardian is returned

View Source
var NewByDashboard = func(ctx context.Context, dash *dashboards.Dashboard, orgId int64, user *user.SignedInUser) (DashboardGuardian, error) {
	panic("no guardian factory implementation provided")
}

NewByDashboard factory for creating a new dashboard guardian instance When using access control this function is replaced on startup and the AccessControlDashboardGuardian is returned

View Source
var NewByFolder = func(ctx context.Context, f *folder.Folder, orgId int64, user *user.SignedInUser) (DashboardGuardian, error) {
	panic("no guardian factory implementation provided")
}

NewByFolder factory for creating a new folder guardian instance When using access control this function is replaced on startup and the AccessControlDashboardGuardian is returned

View Source
var NewByUID = func(ctx context.Context, dashUID string, orgId int64, user *user.SignedInUser) (DashboardGuardian, error) {
	panic("no guardian factory implementation provided")
}

NewByUID factory for creating a new dashboard guardian instance When using access control this function is replaced on startup and the AccessControlDashboardGuardian is returned

Functions

func InitAccessControlGuardian

func InitAccessControlGuardian(
	cfg *setting.Cfg, store db.DB, ac accesscontrol.AccessControl, folderPermissionsService accesscontrol.FolderPermissionsService,
	dashboardPermissionsService accesscontrol.DashboardPermissionsService, dashboardService dashboards.DashboardService,
)

func InitLegacyGuardian

func InitLegacyGuardian(cfg *setting.Cfg, store db.DB, dashSvc dashboards.DashboardService, teamSvc team.Service)

func MockDashboardGuardian

func MockDashboardGuardian(mock *FakeDashboardGuardian)

nolint:unused

Types

type DashboardGuardian

type DashboardGuardian interface {
	CanSave() (bool, error)
	CanEdit() (bool, error)
	CanView() (bool, error)
	CanAdmin() (bool, error)
	CanDelete() (bool, error)
	CanCreate(folderID int64, isFolder bool) (bool, error)
	CheckPermissionBeforeUpdate(permission dashboards.PermissionType, updatePermissions []*dashboards.DashboardACL) (bool, error)

	// GetACL returns ACL.
	GetACL() ([]*dashboards.DashboardACLInfoDTO, error)

	// GetACLWithoutDuplicates returns ACL and strips any permission
	// that already has an inherited permission with higher or equal
	// permission.
	GetACLWithoutDuplicates() ([]*dashboards.DashboardACLInfoDTO, error)
	GetHiddenACL(*setting.Cfg) ([]*dashboards.DashboardACL, error)
}

DashboardGuardian to be used for guard against operations without access on dashboard and acl

func NewAccessControlDashboardGuardian

func NewAccessControlDashboardGuardian(
	ctx context.Context, cfg *setting.Cfg, dashboardId int64, user *user.SignedInUser,
	store db.DB, ac accesscontrol.AccessControl,
	folderPermissionsService accesscontrol.FolderPermissionsService,
	dashboardPermissionsService accesscontrol.DashboardPermissionsService,
	dashboardService dashboards.DashboardService,
) (DashboardGuardian, error)

NewAccessControlDashboardGuardianByDashboard creates a dashboard guardian by the provided dashboardId.

func NewAccessControlDashboardGuardianByDashboard

func NewAccessControlDashboardGuardianByDashboard(
	ctx context.Context, cfg *setting.Cfg, dashboard *dashboards.Dashboard, user *user.SignedInUser,
	store db.DB, ac accesscontrol.AccessControl,
	folderPermissionsService accesscontrol.FolderPermissionsService,
	dashboardPermissionsService accesscontrol.DashboardPermissionsService,
	dashboardService dashboards.DashboardService,
) (DashboardGuardian, error)

NewAccessControlDashboardGuardianByDashboard creates a dashboard guardian by the provided dashboard. This constructor should be preferred over the other two if the dashboard in available since it avoids querying the database for fetching the dashboard.

func NewAccessControlDashboardGuardianByUID

func NewAccessControlDashboardGuardianByUID(
	ctx context.Context, cfg *setting.Cfg, dashboardUID string, user *user.SignedInUser,
	store db.DB, ac accesscontrol.AccessControl,
	folderPermissionsService accesscontrol.FolderPermissionsService,
	dashboardPermissionsService accesscontrol.DashboardPermissionsService,
	dashboardService dashboards.DashboardService,
) (DashboardGuardian, error)

NewAccessControlDashboardGuardianByDashboard creates a dashboard guardian by the provided dashboardUID.

func NewAccessControlFolderGuardian

func NewAccessControlFolderGuardian(
	ctx context.Context, cfg *setting.Cfg, f *folder.Folder, user *user.SignedInUser,
	store db.DB, ac accesscontrol.AccessControl,
	folderPermissionsService accesscontrol.FolderPermissionsService,
	dashboardPermissionsService accesscontrol.DashboardPermissionsService,
	dashboardService dashboards.DashboardService,
) (DashboardGuardian, error)

NewAccessControlFolderGuardian creates a folder guardian by the provided folder.

type FakeDashboardGuardian

type FakeDashboardGuardian struct {
	DashID                           int64
	DashUID                          string
	OrgID                            int64
	User                             *user.SignedInUser
	CanSaveValue                     bool
	CanEditValue                     bool
	CanViewValue                     bool
	CanAdminValue                    bool
	HasPermissionValue               bool
	CheckPermissionBeforeUpdateValue bool
	CheckPermissionBeforeUpdateError error
	GetACLValue                      []*dashboards.DashboardACLInfoDTO
	GetHiddenACLValue                []*dashboards.DashboardACL
}

nolint:unused

func (*FakeDashboardGuardian) CanAdmin

func (g *FakeDashboardGuardian) CanAdmin() (bool, error)

func (*FakeDashboardGuardian) CanCreate

func (g *FakeDashboardGuardian) CanCreate(_ int64, _ bool) (bool, error)

func (*FakeDashboardGuardian) CanDelete

func (g *FakeDashboardGuardian) CanDelete() (bool, error)

func (*FakeDashboardGuardian) CanEdit

func (g *FakeDashboardGuardian) CanEdit() (bool, error)

func (*FakeDashboardGuardian) CanSave

func (g *FakeDashboardGuardian) CanSave() (bool, error)

func (*FakeDashboardGuardian) CanView

func (g *FakeDashboardGuardian) CanView() (bool, error)

func (*FakeDashboardGuardian) CheckPermissionBeforeUpdate

func (g *FakeDashboardGuardian) CheckPermissionBeforeUpdate(permission dashboards.PermissionType, updatePermissions []*dashboards.DashboardACL) (bool, error)

func (*FakeDashboardGuardian) GetACL

func (*FakeDashboardGuardian) GetACLWithoutDuplicates

func (g *FakeDashboardGuardian) GetACLWithoutDuplicates() ([]*dashboards.DashboardACLInfoDTO, error)

func (*FakeDashboardGuardian) GetHiddenACL

func (g *FakeDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*dashboards.DashboardACL, error)

func (*FakeDashboardGuardian) HasPermission

func (g *FakeDashboardGuardian) HasPermission(permission dashboards.PermissionType) (bool, error)

type Provider

type Provider struct{}

func ProvideService

func ProvideService(
	cfg *setting.Cfg, store db.DB, ac accesscontrol.AccessControl,
	folderPermissionsService accesscontrol.FolderPermissionsService, dashboardPermissionsService accesscontrol.DashboardPermissionsService,
	dashboardService dashboards.DashboardService, teamService team.Service,
) *Provider

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL