Documentation ¶
Index ¶
- Variables
- func InitAccessControlGuardian(cfg *setting.Cfg, store db.DB, ac accesscontrol.AccessControl, ...)
- func InitLegacyGuardian(cfg *setting.Cfg, store db.DB, dashSvc dashboards.DashboardService, ...)
- func MockDashboardGuardian(mock *FakeDashboardGuardian)
- type DashboardGuardian
- func NewAccessControlDashboardGuardian(ctx context.Context, cfg *setting.Cfg, dashboardId int64, ...) (DashboardGuardian, error)
- func NewAccessControlDashboardGuardianByDashboard(ctx context.Context, cfg *setting.Cfg, dashboard *dashboards.Dashboard, ...) (DashboardGuardian, error)
- func NewAccessControlDashboardGuardianByUID(ctx context.Context, cfg *setting.Cfg, dashboardUID string, ...) (DashboardGuardian, error)
- func NewAccessControlFolderGuardian(ctx context.Context, cfg *setting.Cfg, f *folder.Folder, ...) (DashboardGuardian, error)
- type FakeDashboardGuardian
- func (g *FakeDashboardGuardian) CanAdmin() (bool, error)
- func (g *FakeDashboardGuardian) CanCreate(_ int64, _ bool) (bool, error)
- func (g *FakeDashboardGuardian) CanDelete() (bool, error)
- func (g *FakeDashboardGuardian) CanEdit() (bool, error)
- func (g *FakeDashboardGuardian) CanSave() (bool, error)
- func (g *FakeDashboardGuardian) CanView() (bool, error)
- func (g *FakeDashboardGuardian) CheckPermissionBeforeUpdate(permission dashboards.PermissionType, ...) (bool, error)
- func (g *FakeDashboardGuardian) GetACL() ([]*dashboards.DashboardACLInfoDTO, error)
- func (g *FakeDashboardGuardian) GetACLWithoutDuplicates() ([]*dashboards.DashboardACLInfoDTO, error)
- func (g *FakeDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*dashboards.DashboardACL, error)
- func (g *FakeDashboardGuardian) HasPermission(permission dashboards.PermissionType) (bool, error)
- type Provider
Constants ¶
This section is empty.
Variables ¶
var ( ErrGuardianPermissionExists = errors.New("permission already exists") ErrGuardianOverride = errors.New("you can only override a permission to be higher") ErrGuardianGetDashboardFailure = errutil.NewBase(errutil.StatusInternal, "guardian.getDashboardFailure", errutil.WithPublicMessage("Failed to get dashboard")) ErrGuardianGetFolderFailure = errutil.NewBase(errutil.StatusInternal, "guardian.getFolderFailure", errutil.WithPublicMessage("Failed to get folder")) ErrGuardianDashboardNotFound = errutil.NewBase(errutil.StatusNotFound, "guardian.dashboardNotFound") ErrGuardianFolderNotFound = errutil.NewBase(errutil.StatusNotFound, "guardian.folderNotFound") )
var New = func(ctx context.Context, dashId int64, orgId int64, user *user.SignedInUser) (DashboardGuardian, error) { panic("no guardian factory implementation provided") }
New factory for creating a new dashboard guardian instance When using access control this function is replaced on startup and the AccessControlDashboardGuardian is returned
var NewByDashboard = func(ctx context.Context, dash *dashboards.Dashboard, orgId int64, user *user.SignedInUser) (DashboardGuardian, error) { panic("no guardian factory implementation provided") }
NewByDashboard factory for creating a new dashboard guardian instance When using access control this function is replaced on startup and the AccessControlDashboardGuardian is returned
var NewByFolder = func(ctx context.Context, f *folder.Folder, orgId int64, user *user.SignedInUser) (DashboardGuardian, error) { panic("no guardian factory implementation provided") }
NewByFolder factory for creating a new folder guardian instance When using access control this function is replaced on startup and the AccessControlDashboardGuardian is returned
var NewByUID = func(ctx context.Context, dashUID string, orgId int64, user *user.SignedInUser) (DashboardGuardian, error) { panic("no guardian factory implementation provided") }
NewByUID factory for creating a new dashboard guardian instance When using access control this function is replaced on startup and the AccessControlDashboardGuardian is returned
Functions ¶
func InitAccessControlGuardian ¶
func InitAccessControlGuardian( cfg *setting.Cfg, store db.DB, ac accesscontrol.AccessControl, folderPermissionsService accesscontrol.FolderPermissionsService, dashboardPermissionsService accesscontrol.DashboardPermissionsService, dashboardService dashboards.DashboardService, )
func InitLegacyGuardian ¶
func InitLegacyGuardian(cfg *setting.Cfg, store db.DB, dashSvc dashboards.DashboardService, teamSvc team.Service)
Types ¶
type DashboardGuardian ¶
type DashboardGuardian interface { CanSave() (bool, error) CanEdit() (bool, error) CanView() (bool, error) CanAdmin() (bool, error) CanDelete() (bool, error) CanCreate(folderID int64, isFolder bool) (bool, error) CheckPermissionBeforeUpdate(permission dashboards.PermissionType, updatePermissions []*dashboards.DashboardACL) (bool, error) // GetACL returns ACL. GetACL() ([]*dashboards.DashboardACLInfoDTO, error) // GetACLWithoutDuplicates returns ACL and strips any permission // that already has an inherited permission with higher or equal // permission. GetACLWithoutDuplicates() ([]*dashboards.DashboardACLInfoDTO, error) GetHiddenACL(*setting.Cfg) ([]*dashboards.DashboardACL, error) }
DashboardGuardian to be used for guard against operations without access on dashboard and acl
func NewAccessControlDashboardGuardian ¶
func NewAccessControlDashboardGuardian( ctx context.Context, cfg *setting.Cfg, dashboardId int64, user *user.SignedInUser, store db.DB, ac accesscontrol.AccessControl, folderPermissionsService accesscontrol.FolderPermissionsService, dashboardPermissionsService accesscontrol.DashboardPermissionsService, dashboardService dashboards.DashboardService, ) (DashboardGuardian, error)
NewAccessControlDashboardGuardianByDashboard creates a dashboard guardian by the provided dashboardId.
func NewAccessControlDashboardGuardianByDashboard ¶
func NewAccessControlDashboardGuardianByDashboard( ctx context.Context, cfg *setting.Cfg, dashboard *dashboards.Dashboard, user *user.SignedInUser, store db.DB, ac accesscontrol.AccessControl, folderPermissionsService accesscontrol.FolderPermissionsService, dashboardPermissionsService accesscontrol.DashboardPermissionsService, dashboardService dashboards.DashboardService, ) (DashboardGuardian, error)
NewAccessControlDashboardGuardianByDashboard creates a dashboard guardian by the provided dashboard. This constructor should be preferred over the other two if the dashboard in available since it avoids querying the database for fetching the dashboard.
func NewAccessControlDashboardGuardianByUID ¶
func NewAccessControlDashboardGuardianByUID( ctx context.Context, cfg *setting.Cfg, dashboardUID string, user *user.SignedInUser, store db.DB, ac accesscontrol.AccessControl, folderPermissionsService accesscontrol.FolderPermissionsService, dashboardPermissionsService accesscontrol.DashboardPermissionsService, dashboardService dashboards.DashboardService, ) (DashboardGuardian, error)
NewAccessControlDashboardGuardianByDashboard creates a dashboard guardian by the provided dashboardUID.
func NewAccessControlFolderGuardian ¶
func NewAccessControlFolderGuardian( ctx context.Context, cfg *setting.Cfg, f *folder.Folder, user *user.SignedInUser, store db.DB, ac accesscontrol.AccessControl, folderPermissionsService accesscontrol.FolderPermissionsService, dashboardPermissionsService accesscontrol.DashboardPermissionsService, dashboardService dashboards.DashboardService, ) (DashboardGuardian, error)
NewAccessControlFolderGuardian creates a folder guardian by the provided folder.
type FakeDashboardGuardian ¶
type FakeDashboardGuardian struct { DashID int64 DashUID string OrgID int64 User *user.SignedInUser CanSaveValue bool CanEditValue bool CanViewValue bool CanAdminValue bool HasPermissionValue bool CheckPermissionBeforeUpdateValue bool CheckPermissionBeforeUpdateError error GetACLValue []*dashboards.DashboardACLInfoDTO GetHiddenACLValue []*dashboards.DashboardACL }
nolint:unused
func (*FakeDashboardGuardian) CanAdmin ¶
func (g *FakeDashboardGuardian) CanAdmin() (bool, error)
func (*FakeDashboardGuardian) CanCreate ¶
func (g *FakeDashboardGuardian) CanCreate(_ int64, _ bool) (bool, error)
func (*FakeDashboardGuardian) CanDelete ¶
func (g *FakeDashboardGuardian) CanDelete() (bool, error)
func (*FakeDashboardGuardian) CanEdit ¶
func (g *FakeDashboardGuardian) CanEdit() (bool, error)
func (*FakeDashboardGuardian) CanSave ¶
func (g *FakeDashboardGuardian) CanSave() (bool, error)
func (*FakeDashboardGuardian) CanView ¶
func (g *FakeDashboardGuardian) CanView() (bool, error)
func (*FakeDashboardGuardian) CheckPermissionBeforeUpdate ¶
func (g *FakeDashboardGuardian) CheckPermissionBeforeUpdate(permission dashboards.PermissionType, updatePermissions []*dashboards.DashboardACL) (bool, error)
func (*FakeDashboardGuardian) GetACL ¶
func (g *FakeDashboardGuardian) GetACL() ([]*dashboards.DashboardACLInfoDTO, error)
func (*FakeDashboardGuardian) GetACLWithoutDuplicates ¶
func (g *FakeDashboardGuardian) GetACLWithoutDuplicates() ([]*dashboards.DashboardACLInfoDTO, error)
func (*FakeDashboardGuardian) GetHiddenACL ¶
func (g *FakeDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*dashboards.DashboardACL, error)
func (*FakeDashboardGuardian) HasPermission ¶
func (g *FakeDashboardGuardian) HasPermission(permission dashboards.PermissionType) (bool, error)
type Provider ¶
type Provider struct{}
func ProvideService ¶
func ProvideService( cfg *setting.Cfg, store db.DB, ac accesscontrol.AccessControl, folderPermissionsService accesscontrol.FolderPermissionsService, dashboardPermissionsService accesscontrol.DashboardPermissionsService, dashboardService dashboards.DashboardService, teamService team.Service, ) *Provider