82 lines
2.1 KiB
Go
82 lines
2.1 KiB
Go
package rbac
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/grafana/grafana/pkg/apimachinery/utils"
|
|
)
|
|
|
|
type translation struct {
|
|
resource string
|
|
attribute string
|
|
verbMapping map[string]string
|
|
folderSupport bool
|
|
}
|
|
|
|
func (t translation) action(verb string) (string, bool) {
|
|
action, ok := t.verbMapping[verb]
|
|
return action, ok
|
|
}
|
|
|
|
func (t translation) scope(name string) string {
|
|
return t.resource + ":" + t.attribute + ":" + name
|
|
}
|
|
|
|
func (t translation) prefix() string {
|
|
return t.resource + ":" + t.attribute + ":"
|
|
}
|
|
|
|
func newResourceTranslation(resource string, attribute string, folderSupport bool) translation {
|
|
defaultMapping := func(r string) map[string]string {
|
|
return map[string]string{
|
|
utils.VerbGet: fmt.Sprintf("%s:read", r),
|
|
utils.VerbList: fmt.Sprintf("%s:read", r),
|
|
utils.VerbWatch: fmt.Sprintf("%s:read", r),
|
|
utils.VerbCreate: fmt.Sprintf("%s:create", r),
|
|
utils.VerbUpdate: fmt.Sprintf("%s:write", r),
|
|
utils.VerbPatch: fmt.Sprintf("%s:write", r),
|
|
utils.VerbDelete: fmt.Sprintf("%s:delete", r),
|
|
utils.VerbDeleteCollection: fmt.Sprintf("%s:delete", r),
|
|
utils.VerbGetPermissions: fmt.Sprintf("%s.permissions:read", r),
|
|
utils.VerbSetPermissions: fmt.Sprintf("%s.permissions:write", r),
|
|
}
|
|
}
|
|
|
|
return translation{
|
|
resource: resource,
|
|
attribute: attribute,
|
|
verbMapping: defaultMapping(resource),
|
|
folderSupport: folderSupport,
|
|
}
|
|
}
|
|
|
|
type mapper map[string]map[string]translation
|
|
|
|
func newMapper() mapper {
|
|
return map[string]map[string]translation{
|
|
"dashboard.grafana.app": {
|
|
"dashboards": newResourceTranslation("dashboards", "uid", true),
|
|
},
|
|
"folder.grafana.app": {
|
|
"folders": newResourceTranslation("folders", "uid", true),
|
|
},
|
|
"iam.grafana.app": {
|
|
"teams": newResourceTranslation("teams", "id", false),
|
|
},
|
|
}
|
|
}
|
|
|
|
func (m mapper) translation(group, resource string) (translation, bool) {
|
|
resources, ok := m[group]
|
|
if !ok {
|
|
return translation{}, false
|
|
}
|
|
|
|
t, ok := resources[resource]
|
|
if !ok {
|
|
return translation{}, false
|
|
}
|
|
|
|
return t, true
|
|
}
|