Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
influxdb/authorizer/check.go

109 lines
3.8 KiB
Go
Raw Permalink Blame History

package authorizer
import (
"context"
"github.com/influxdata/influxdb/v2"
"github.com/influxdata/influxdb/v2/kit/platform"
"github.com/influxdata/influxdb/v2/task/taskmodel"
)
var _ influxdb.CheckService = (*CheckService)(nil)
// CheckService wraps a influxdb.CheckService and authorizes actions
// against it appropriately.
type CheckService struct {
s influxdb.CheckService
influxdb.UserResourceMappingService
influxdb.OrganizationService
taskmodel.TaskService
}
// NewCheckService constructs an instance of an authorizing check service.
func NewCheckService(s influxdb.CheckService, urm influxdb.UserResourceMappingService, org influxdb.OrganizationService) *CheckService {
return &CheckService{
s: s,
UserResourceMappingService: urm,
OrganizationService: org,
}
}
// FindCheckByID checks to see if the authorizer on context has read access to the id provided.
func (s *CheckService) FindCheckByID(ctx context.Context, id platform.ID) (influxdb.Check, error) {
chk, err := s.s.FindCheckByID(ctx, id)
if err != nil {
return nil, err
}
if _, _, err := AuthorizeRead(ctx, influxdb.ChecksResourceType, chk.GetID(), chk.GetOrgID()); err != nil {
return nil, err
}
return chk, nil
}
// FindChecks retrieves all checks that match the provided filter and then filters the list down to only the resources that are authorized.
func (s *CheckService) FindChecks(ctx context.Context, filter influxdb.CheckFilter, opt ...influxdb.FindOptions) ([]influxdb.Check, int, error) {
// TODO: we'll likely want to push this operation into the database eventually since fetching the whole list of data
// will likely be expensive.
chks, _, err := s.s.FindChecks(ctx, filter, opt...)
if err != nil {
return nil, 0, err
}
return AuthorizeFindChecks(ctx, chks)
}
// FindCheck will return the check.
func (s *CheckService) FindCheck(ctx context.Context, filter influxdb.CheckFilter) (influxdb.Check, error) {
chk, err := s.s.FindCheck(ctx, filter)
if err != nil {
return nil, err
}
if _, _, err := AuthorizeRead(ctx, influxdb.ChecksResourceType, chk.GetID(), chk.GetOrgID()); err != nil {
return nil, err
}
return chk, nil
}
// CreateCheck checks to see if the authorizer on context has write access to the global check resource.
func (s *CheckService) CreateCheck(ctx context.Context, chk influxdb.CheckCreate, userID platform.ID) error {
if _, _, err := AuthorizeCreate(ctx, influxdb.ChecksResourceType, chk.GetOrgID()); err != nil {
return err
}
return s.s.CreateCheck(ctx, chk, userID)
}
// UpdateCheck checks to see if the authorizer on context has write access to the check provided.
func (s *CheckService) UpdateCheck(ctx context.Context, id platform.ID, upd influxdb.CheckCreate) (influxdb.Check, error) {
chk, err := s.FindCheckByID(ctx, id)
if err != nil {
return nil, err
}
if _, _, err := AuthorizeWrite(ctx, influxdb.ChecksResourceType, chk.GetID(), chk.GetOrgID()); err != nil {
return nil, err
}
return s.s.UpdateCheck(ctx, id, upd)
}
// PatchCheck checks to see if the authorizer on context has write access to the check provided.
func (s *CheckService) PatchCheck(ctx context.Context, id platform.ID, upd influxdb.CheckUpdate) (influxdb.Check, error) {
chk, err := s.FindCheckByID(ctx, id)
if err != nil {
return nil, err
}
if _, _, err := AuthorizeWrite(ctx, influxdb.ChecksResourceType, chk.GetID(), chk.GetOrgID()); err != nil {
return nil, err
}
return s.s.PatchCheck(ctx, id, upd)
}
// DeleteCheck checks to see if the authorizer on context has write access to the check provided.
func (s *CheckService) DeleteCheck(ctx context.Context, id platform.ID) error {
chk, err := s.FindCheckByID(ctx, id)
if err != nil {
return err
}
if _, _, err := AuthorizeWrite(ctx, influxdb.ChecksResourceType, chk.GetID(), chk.GetOrgID()); err != nil {
return err
}
return s.s.DeleteCheck(ctx, id)
}
Reference in New Issue View Git Blame Copy Permalink