Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix updating of OSS user permissions

pull/10616/head
Chris Goller 2017-03-10 14:53:30 -06:00
parent e8da54a6c3
commit 6158502e45
5 changed files with 89 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
influx/permissions.go
View File

@ -8,8 +8,10 @@ import (
)
var (
// AllowAll means a user gets both read and write permissions
AllowAll = chronograf.Allowances{"WRITE", "READ"}
// AllowAllDB means a user gets both read and write permissions for a db
AllowAllDB = chronograf.Allowances{"WRITE", "READ"}
// AllowAllAdmin means a user gets both read and write permissions for an admin
AllowAllAdmin = chronograf.Allowances{"ALL"}
// AllowRead means a user is only able to read the database.
AllowRead = chronograf.Allowances{"READ"}
// AllowWrite means a user is able to only write to the database
@ -31,11 +33,11 @@ func (c *Client) Permissions(context.Context) chronograf.Permissions {
return chronograf.Permissions{
{
Scope: chronograf.AllScope,
Allowed: AllowAll,
Allowed: AllowAllAdmin,
},
{
Scope: chronograf.DBScope,
Allowed: AllowAll,
Allowed: AllowAllDB,
},
}
}
@ -90,7 +92,7 @@ func (r *showResults) Permissions() chronograf.Permissions {
}
switch priv {
case AllPrivileges, All:
c.Allowed = AllowAll
c.Allowed = AllowAllDB
case Read:
c.Allowed = AllowRead
case Write:
@ -111,7 +113,7 @@ func adminPerms() chronograf.Permissions {
return []chronograf.Permission{
{
Scope: chronograf.AllScope,
Allowed: AllowAll,
Allowed: AllowAllAdmin,
},
}
}

2
influx/permissions_test.go
View File

@ -318,7 +318,7 @@ func Test_showResults_Users(t *testing.T) {
Permissions: chronograf.Permissions{
{
Scope: chronograf.AllScope,
Allowed: chronograf.Allowances{"WRITE", "READ"},
Allowed: chronograf.Allowances{"ALL"},
},
},
},

6
influx/users.go
View File

@ -16,7 +16,11 @@ func (c *Client) Add(ctx context.Context, u *chronograf.User) (*chronograf.User,
if err != nil {
return nil, err
}
for _, p := range u.Permissions {
if err := c.grantPermission(ctx, u.Name, p); err != nil {
return nil, err
}
}
return c.Get(ctx, u.Name)
}

77
influx/users_test.go
View File

@ -125,8 +125,43 @@ func TestClient_Add(t *testing.T) {
chronograf.Permission{
Scope: chronograf.AllScope,
Allowed: chronograf.Allowances{
"WRITE",
"READ",
"ALL",
},
},
},
},
},
{
name: "Create User with permissions",
status: http.StatusOK,
args: args{
ctx: context.Background(),
u: &chronograf.User{
Name: "docbrown",
Passwd: "Dont Need Roads",
Permissions: chronograf.Permissions{
chronograf.Permission{
Scope: chronograf.AllScope,
Allowed: chronograf.Allowances{
"ALL",
},
},
},
},
},
wantQueries: []string{
`CREATE USER "docbrown" WITH PASSWORD 'Dont Need Roads'`,
`GRANT ALL PRIVILEGES TO "docbrown"`,
`SHOW USERS`,
`SHOW GRANTS FOR "docbrown"`,
},
want: &chronograf.User{
Name: "docbrown",
Permissions: chronograf.Permissions{
chronograf.Permission{
Scope: chronograf.AllScope,
Allowed: chronograf.Allowances{
"ALL",
},
},
},
@ -294,7 +329,7 @@ func TestClient_Get(t *testing.T) {
Permissions: chronograf.Permissions{
chronograf.Permission{
Scope: "all",
Allowed: []string{"WRITE", "READ"},
Allowed: []string{"ALL"},
},
chronograf.Permission{
Scope: "database",
@ -567,7 +602,7 @@ func TestClient_All(t *testing.T) {
Permissions: chronograf.Permissions{
chronograf.Permission{
Scope: "all",
Allowed: []string{"WRITE", "READ"},
Allowed: []string{"ALL"},
},
chronograf.Permission{
Scope: "database",
@ -581,7 +616,7 @@ func TestClient_All(t *testing.T) {
Permissions: chronograf.Permissions{
chronograf.Permission{
Scope: "all",
Allowed: []string{"WRITE", "READ"},
Allowed: []string{"ALL"},
},
chronograf.Permission{
Scope: "database",
@ -707,7 +742,7 @@ func TestClient_Update(t *testing.T) {
Permissions: chronograf.Permissions{
{
Scope: "all",
Allowed: []string{"WRITE", "READ"},
Allowed: []string{"all"},
},
{
Scope: "database",
@ -762,7 +797,7 @@ func TestClient_Update(t *testing.T) {
Permissions: chronograf.Permissions{
{
Scope: "all",
Allowed: []string{"WRITE", "READ"},
Allowed: []string{"all"},
},
{
Scope: "database",
@ -819,6 +854,34 @@ func TestClient_Update(t *testing.T) {
`REVOKE ALL PRIVILEGES FROM "docbrown"`,
},
},
{
name: "Revoke some",
statusUsers: http.StatusOK,
showUsers: []byte(`{"results":[{"series":[{"columns":["user","admin"],"values":[["admin",true],["docbrown",false],["reader",false]]}]}]}`),
statusGrants: http.StatusOK,
showGrants: []byte(`{"results":[]}`),
statusRevoke: http.StatusOK,
revoke: []byte(`{"results":[]}`),
statusGrant: http.StatusOK,
grant: []byte(`{"results":[]}`),
args: args{
ctx: context.Background(),
u: &chronograf.User{
Name: "docbrown",
Permissions: chronograf.Permissions{
{
Scope: "all",
Allowed: []string{"ALL"},
},
},
},
},
want: []string{
`SHOW USERS`,
`SHOW GRANTS FOR "docbrown"`,
`GRANT ALL PRIVILEGES TO "docbrown"`,
},
},
{
name: "Fail users",
statusUsers: http.StatusBadRequest,

7
server/users.go
View File

@ -32,8 +32,10 @@ func (h *Service) NewSourceUser(w http.ResponseWriter, r *http.Request) {
store := ts.Users(ctx)
user := &chronograf.User{
Name: req.Username,
Passwd: req.Password,
Name: req.Username,
Passwd: req.Password,
Permissions: req.Permissions,
Roles: req.Roles,
}
res, err := store.Add(ctx, user)
@ -224,6 +226,7 @@ type userRequest struct {
Username string `json:"name,omitempty"` // Username for new account
Password string `json:"password,omitempty"` // Password for new account
Permissions chronograf.Permissions `json:"permissions,omitempty"` // Optional permissions
Roles []chronograf.Role `json:"roles,omitempty"` // Optional roles
}
func (r *userRequest) ValidCreate() error {