47 lines
1.3 KiB
Go
47 lines
1.3 KiB
Go
package meta
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/influxdata/influxql"
|
|
)
|
|
|
|
// WriteAuthorizer determines whether a user is authorized to write to a given database.
|
|
type WriteAuthorizer struct {
|
|
Client *Client
|
|
}
|
|
|
|
// NewWriteAuthorizer returns a new instance of WriteAuthorizer.
|
|
func NewWriteAuthorizer(c *Client) *WriteAuthorizer {
|
|
return &WriteAuthorizer{Client: c}
|
|
}
|
|
|
|
// AuthorizeWrite returns nil if the user has permission to write to the database.
|
|
func (a WriteAuthorizer) AuthorizeWrite(username, database string) error {
|
|
u, err := a.Client.User(username)
|
|
if err != nil || u == nil {
|
|
return &ErrAuthorize{
|
|
Database: database,
|
|
Message: fmt.Sprintf("%s not authorized to write to %s", username, database),
|
|
}
|
|
}
|
|
// There is only one OSS implementation of the User interface, and the OSS WriteAuthorizer only works
|
|
// with the OSS UserInfo. There is a similar tight coupling between the Enterprise WriteAuthorizer and
|
|
// Enterprise UserInfo in closed-source code.
|
|
switch user := u.(type) {
|
|
case *UserInfo:
|
|
if !user.AuthorizeDatabase(influxql.WritePrivilege, database) {
|
|
return &ErrAuthorize{
|
|
Database: database,
|
|
Message: fmt.Sprintf("%s not authorized to write to %s", username, database),
|
|
}
|
|
}
|
|
default:
|
|
return &ErrAuthorize{
|
|
Database: database,
|
|
Message: fmt.Sprintf("Internal error - wrong type %T for oss user", u),
|
|
}
|
|
}
|
|
return nil
|
|
}
|