guardian

package
v0.0.0-kmdagger1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 8, 2023 License: AGPL-3.0 Imports: 11 Imported by: 185

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrGuardianPermissionExists    = errors.New("permission already exists")
	ErrGuardianOverride            = errors.New("you can only override a permission to be higher")
	ErrGuardianGetDashboardFailure = errutil.NewBase(errutil.StatusInternal, "guardian.getDashboardFailure", errutil.WithPublicMessage("Failed to get dashboard"))
	ErrGuardianDashboardNotFound   = errutil.NewBase(errutil.StatusNotFound, "guardian.dashboardNotFound")
)
View Source 
var New = func(ctx context.Context, dashId int64, orgId int64, user *user.SignedInUser) (DashboardGuardian, error) {
	panic("no guardian factory implementation provided")
}

New factory for creating a new dashboard guardian instance When using access control this function is replaced on startup and the AccessControlDashboardGuardian is returned

View Source 
var NewByDashboard = func(ctx context.Context, dash *dashboards.Dashboard, orgId int64, user *user.SignedInUser) (DashboardGuardian, error) {
	panic("no guardian factory implementation provided")
}

NewByDashboard factory for creating a new dashboard guardian instance When using access control this function is replaced on startup and the AccessControlDashboardGuardian is returned

View Source 
var NewByUID = func(ctx context.Context, dashUID string, orgId int64, user *user.SignedInUser) (DashboardGuardian, error) {
	panic("no guardian factory implementation provided")
}

NewByUID factory for creating a new dashboard guardian instance When using access control this function is replaced on startup and the AccessControlDashboardGuardian is returned

Functions

func InitAccessControlGuardian 

func InitAccessControlGuardian(
	cfg *setting.Cfg, store db.DB, ac accesscontrol.AccessControl, folderPermissionsService accesscontrol.FolderPermissionsService,
	dashboardPermissionsService accesscontrol.DashboardPermissionsService, dashboardService dashboards.DashboardService,
)

func InitLegacyGuardian 

func InitLegacyGuardian(cfg *setting.Cfg, store db.DB, dashSvc dashboards.DashboardService, teamSvc team.Service)

func MockDashboardGuardian 

func MockDashboardGuardian(mock *FakeDashboardGuardian)

nolint:unused

Types

type AccessControlDashboardGuardian 

type AccessControlDashboardGuardian struct {
	// contains filtered or unexported fields
}

func NewAccessControlDashboardGuardian 

func NewAccessControlDashboardGuardian(
	ctx context.Context, cfg *setting.Cfg, dashboardId int64, user *user.SignedInUser,
	store db.DB, ac accesscontrol.AccessControl,
	folderPermissionsService accesscontrol.FolderPermissionsService,
	dashboardPermissionsService accesscontrol.DashboardPermissionsService,
	dashboardService dashboards.DashboardService,
) (*AccessControlDashboardGuardian, error)

NewAccessControlDashboardGuardianByDashboard creates a dashboard guardian by the provided dashboardId.

func NewAccessControlDashboardGuardianByDashboard 

func NewAccessControlDashboardGuardianByDashboard(
	ctx context.Context, cfg *setting.Cfg, dashboard *dashboards.Dashboard, user *user.SignedInUser,
	store db.DB, ac accesscontrol.AccessControl,
	folderPermissionsService accesscontrol.FolderPermissionsService,
	dashboardPermissionsService accesscontrol.DashboardPermissionsService,
	dashboardService dashboards.DashboardService,
) (*AccessControlDashboardGuardian, error)

NewAccessControlDashboardGuardianByDashboard creates a dashboard guardian by the provided dashboard. This constructor should be preferred over the other two if the dashboard in available since it avoids querying the database for fetching the dashboard.

func NewAccessControlDashboardGuardianByUID 

func NewAccessControlDashboardGuardianByUID(
	ctx context.Context, cfg *setting.Cfg, dashboardUID string, user *user.SignedInUser,
	store db.DB, ac accesscontrol.AccessControl,
	folderPermissionsService accesscontrol.FolderPermissionsService,
	dashboardPermissionsService accesscontrol.DashboardPermissionsService,
	dashboardService dashboards.DashboardService,
) (*AccessControlDashboardGuardian, error)

NewAccessControlDashboardGuardianByDashboard creates a dashboard guardian by the provided dashboardUID.

func (*AccessControlDashboardGuardian) CanAdmin 

func (a *AccessControlDashboardGuardian) CanAdmin() (bool, error)

func (*AccessControlDashboardGuardian) CanCreate 

func (a *AccessControlDashboardGuardian) CanCreate(folderID int64, isFolder bool) (bool, error)

func (*AccessControlDashboardGuardian) CanDelete 

func (a *AccessControlDashboardGuardian) CanDelete() (bool, error)

func (*AccessControlDashboardGuardian) CanEdit 

func (a *AccessControlDashboardGuardian) CanEdit() (bool, error)

func (*AccessControlDashboardGuardian) CanSave 

func (a *AccessControlDashboardGuardian) CanSave() (bool, error)

func (*AccessControlDashboardGuardian) CanView 

func (a *AccessControlDashboardGuardian) CanView() (bool, error)

func (*AccessControlDashboardGuardian) CheckPermissionBeforeUpdate 

func (a *AccessControlDashboardGuardian) CheckPermissionBeforeUpdate(permission dashboards.PermissionType, updatePermissions []*dashboards.DashboardACL) (bool, error)

func (*AccessControlDashboardGuardian) GetACL 

func (a *AccessControlDashboardGuardian) GetACL() ([]*dashboards.DashboardACLInfoDTO, error)

GetACL translate access control permissions to dashboard acl info

func (*AccessControlDashboardGuardian) GetACLWithoutDuplicates 

func (a *AccessControlDashboardGuardian) GetACLWithoutDuplicates() ([]*dashboards.DashboardACLInfoDTO, error)

func (*AccessControlDashboardGuardian) GetHiddenACL 

func (a *AccessControlDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*dashboards.DashboardACL, error)

type DashboardGuardian 

type DashboardGuardian interface {
	CanSave() (bool, error)
	CanEdit() (bool, error)
	CanView() (bool, error)
	CanAdmin() (bool, error)
	CanDelete() (bool, error)
	CanCreate(folderID int64, isFolder bool) (bool, error)
	CheckPermissionBeforeUpdate(permission dashboards.PermissionType, updatePermissions []*dashboards.DashboardACL) (bool, error)

	// GetACL returns ACL.
	GetACL() ([]*dashboards.DashboardACLInfoDTO, error)

	// GetACLWithoutDuplicates returns ACL and strips any permission
	// that already has an inherited permission with higher or equal
	// permission.
	GetACLWithoutDuplicates() ([]*dashboards.DashboardACLInfoDTO, error)
	GetHiddenACL(*setting.Cfg) ([]*dashboards.DashboardACL, error)
}

DashboardGuardian to be used for guard against operations without access on dashboard and acl

type FakeDashboardGuardian 

type FakeDashboardGuardian struct {
	DashID                           int64
	DashUID                          string
	OrgID                            int64
	User                             *user.SignedInUser
	CanSaveValue                     bool
	CanEditValue                     bool
	CanViewValue                     bool
	CanAdminValue                    bool
	HasPermissionValue               bool
	CheckPermissionBeforeUpdateValue bool
	CheckPermissionBeforeUpdateError error
	GetACLValue                      []*dashboards.DashboardACLInfoDTO
	GetHiddenACLValue                []*dashboards.DashboardACL
}

nolint:unused

func (*FakeDashboardGuardian) CanAdmin 

func (g *FakeDashboardGuardian) CanAdmin() (bool, error)

func (*FakeDashboardGuardian) CanCreate 

func (g *FakeDashboardGuardian) CanCreate(_ int64, _ bool) (bool, error)

func (*FakeDashboardGuardian) CanDelete 

func (g *FakeDashboardGuardian) CanDelete() (bool, error)

func (*FakeDashboardGuardian) CanEdit 

func (g *FakeDashboardGuardian) CanEdit() (bool, error)

func (*FakeDashboardGuardian) CanSave 

func (g *FakeDashboardGuardian) CanSave() (bool, error)

func (*FakeDashboardGuardian) CanView 

func (g *FakeDashboardGuardian) CanView() (bool, error)

func (*FakeDashboardGuardian) CheckPermissionBeforeUpdate 

func (g *FakeDashboardGuardian) CheckPermissionBeforeUpdate(permission dashboards.PermissionType, updatePermissions []*dashboards.DashboardACL) (bool, error)

func (*FakeDashboardGuardian) GetACL 

func (g *FakeDashboardGuardian) GetACL() ([]*dashboards.DashboardACLInfoDTO, error)

func (*FakeDashboardGuardian) GetACLWithoutDuplicates 

func (g *FakeDashboardGuardian) GetACLWithoutDuplicates() ([]*dashboards.DashboardACLInfoDTO, error)

func (*FakeDashboardGuardian) GetHiddenACL 

func (g *FakeDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*dashboards.DashboardACL, error)

func (*FakeDashboardGuardian) HasPermission 

func (g *FakeDashboardGuardian) HasPermission(permission dashboards.PermissionType) (bool, error)

type Provider 

type Provider struct{}

func ProvideService 

func ProvideService(
	cfg *setting.Cfg, store db.DB, ac accesscontrol.AccessControl,
	folderPermissionsService accesscontrol.FolderPermissionsService, dashboardPermissionsService accesscontrol.DashboardPermissionsService,
	dashboardService dashboards.DashboardService, teamService team.Service,
) *Provider

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.