Home Explore Help
Register Sign In
oscarleiva
/
energylink
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 93bc588dae
Branches Tags
energylink
/
pkg
/
services
/
guardian
/
guardian.go

guardian.go 2.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 
  1. package guardian
    2. 

  2. 

  3. import (
    4. 

  4. 	"github.com/grafana/grafana/pkg/bus"
    5. 

  5. 	"github.com/grafana/grafana/pkg/log"
    6. 

  6. 	m "github.com/grafana/grafana/pkg/models"
    7. 

  7. )
    8. 

  8. 

  9. type DashboardGuardian struct {
    10. 

  10. 	user   *m.SignedInUser
    11. 

  11. 	dashId int64
    12. 

  12. 	orgId  int64
    13. 

  13. 	acl    []*m.DashboardAcl
    14. 

  14. 	groups []*m.UserGroup
    15. 

  15. 	log    log.Logger
    16. 

  16. }
    17. 

  17. 

  18. func NewDashboardGuardian(dashId int64, orgId int64, user *m.SignedInUser) *DashboardGuardian {
    19. 

  19. 	return &DashboardGuardian{
    20. 

  20. 		user:   user,
    21. 

  21. 		dashId: dashId,
    22. 

  22. 		orgId:  orgId,
    23. 

  23. 		log:    log.New("guardians.dashboard"),
    24. 

  24. 	}
    25. 

  25. }
    26. 

  26. 

  27. func (g *DashboardGuardian) CanSave() (bool, error) {
    28. 

  28. 	return g.HasPermission(m.PERMISSION_EDIT, m.ROLE_EDITOR)
    29. 

  29. }
    30. 

  30. 

  31. func (g *DashboardGuardian) CanEdit() (bool, error) {
    32. 

  32. 	return g.HasPermission(m.PERMISSION_READ_ONLY_EDIT, m.ROLE_READ_ONLY_EDITOR)
    33. 

  33. }
    34. 

  34. 

  35. func (g *DashboardGuardian) CanView() (bool, error) {
    36. 

  36. 	return g.HasPermission(m.PERMISSION_VIEW, m.ROLE_VIEWER)
    37. 

  37. }
    38. 

  38. 

  39. func (g *DashboardGuardian) HasPermission(permission m.PermissionType, fallbackRole m.RoleType) (bool, error) {
    40. 

  40. 	if g.user.OrgRole == m.ROLE_ADMIN {
    41. 

  41. 		return true, nil
    42. 

  42. 	}
    43. 

  43. 

  44. 	acl, err := g.getAcl()
    45. 

  45. 	if err != nil {
    46. 

  46. 		return false, err
    47. 

  47. 	}
    48. 

  48. 

  49. 	// if no acl use org role to determine permission
    50. 

  50. 	if len(acl) == 0 {
    51. 

  51. 		return g.user.HasRole(fallbackRole), nil
    52. 

  52. 	}
    53. 

  53. 

  54. 	userGroups, err := g.getUserGroups()
    55. 

  55. 	if err != nil {
    56. 

  56. 		return false, err
    57. 

  57. 	}
    58. 

  58. 

  59. 	for _, p := range acl {
    60. 

  60. 		if p.UserId == g.user.UserId && p.Permissions >= permission {
    61. 

  61. 			return true, nil
    62. 

  62. 		}
    63. 

  63. 

  64. 		for _, ug := range userGroups {
    65. 

  65. 			if ug.Id == p.UserGroupId && p.Permissions >= permission {
    66. 

  66. 				return true, nil
    67. 

  67. 			}
    68. 

  68. 		}
    69. 

  69. 	}
    70. 

  70. 

  71. 	return false, nil
    72. 

  72. }
    73. 

  73. 

  74. // Returns dashboard acl
    75. 

  75. func (g *DashboardGuardian) getAcl() ([]*m.DashboardAcl, error) {
    76. 

  76. 	if g.acl != nil {
    77. 

  77. 		return g.acl, nil
    78. 

  78. 	}
    79. 

  79. 

  80. 	query := m.GetInheritedDashboardAclQuery{DashboardId: g.dashId, OrgId: g.orgId}
    81. 

  81. 	if err := bus.Dispatch(&query); err != nil {
    82. 

  82. 		return nil, err
    83. 

  83. 	}
    84. 

  84. 

  85. 	g.acl = query.Result
    86. 

  86. 	return g.acl, nil
    87. 

  87. }
    88. 

  88. 

  89. func (g *DashboardGuardian) getUserGroups() ([]*m.UserGroup, error) {
    90. 

  90. 	if g.groups != nil {
    91. 

  91. 		return g.groups, nil
    92. 

  92. 	}
    93. 

  93. 

  94. 	query := m.GetUserGroupsByUserQuery{UserId: g.user.UserId}
    95. 

  95. 	err := bus.Dispatch(&query)
    96. 

  96. 

  97. 	g.groups = query.Result
    98. 

  98. 	return query.Result, err
    99. 

  99. }
    100.