Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
influxdb/authorizer/notification_endpoint.go

108 lines
4.6 KiB
Go
Raw Permalink Blame History

package authorizer
import (
"context"
"github.com/influxdata/influxdb/v2"
"github.com/influxdata/influxdb/v2/kit/platform"
"github.com/influxdata/influxdb/v2/kit/platform/errors"
)
var _ influxdb.NotificationEndpointService = (*NotificationEndpointService)(nil)
// NotificationEndpointService wraps a influxdb.NotificationEndpointService and authorizes actions
// against it appropriately.
type NotificationEndpointService struct {
s influxdb.NotificationEndpointService
influxdb.UserResourceMappingService
influxdb.OrganizationService
}
// NewNotificationEndpointService constructs an instance of an authorizing notification endpoint service.
func NewNotificationEndpointService(
s influxdb.NotificationEndpointService,
urm influxdb.UserResourceMappingService,
org influxdb.OrganizationService,
) *NotificationEndpointService {
return &NotificationEndpointService{
s: s,
UserResourceMappingService: urm,
OrganizationService: org,
}
}
// FindNotificationEndpointByID checks to see if the authorizer on context has read access to the id provided.
func (s *NotificationEndpointService) FindNotificationEndpointByID(ctx context.Context, id platform.ID) (influxdb.NotificationEndpoint, error) {
edp, err := s.s.FindNotificationEndpointByID(ctx, id)
if err != nil {
return nil, err
}
if _, _, err := AuthorizeRead(ctx, influxdb.NotificationEndpointResourceType, edp.GetID(), edp.GetOrgID()); err != nil {
return nil, err
}
return edp, nil
}
// FindNotificationEndpoints retrieves all notification endpoints that match the provided filter and then filters the list down to only the resources that are authorized.
func (s *NotificationEndpointService) FindNotificationEndpoints(ctx context.Context, filter influxdb.NotificationEndpointFilter, opt ...influxdb.FindOptions) ([]influxdb.NotificationEndpoint, int, error) {
// TODO: This is a temporary fix as to not fetch the entire collection when no filter is provided.
if !filter.UserID.Valid() && filter.OrgID == nil {
return nil, 0, &errors.Error{
Code: errors.EUnauthorized,
Msg: "cannot process a request without a org or user filter",
}
}
// TODO: we'll likely want to push this operation into the database eventually since fetching the whole list of data
// will likely be expensive.
edps, _, err := s.s.FindNotificationEndpoints(ctx, filter, opt...)
if err != nil {
return nil, 0, err
}
return AuthorizeFindNotificationEndpoints(ctx, edps)
}
// CreateNotificationEndpoint checks to see if the authorizer on context has write access to the global notification endpoint resource.
func (s *NotificationEndpointService) CreateNotificationEndpoint(ctx context.Context, edp influxdb.NotificationEndpoint, userID platform.ID) error {
if _, _, err := AuthorizeCreate(ctx, influxdb.NotificationEndpointResourceType, edp.GetOrgID()); err != nil {
return err
}
return s.s.CreateNotificationEndpoint(ctx, edp, userID)
}
// UpdateNotificationEndpoint checks to see if the authorizer on context has write access to the notification endpoint provided.
func (s *NotificationEndpointService) UpdateNotificationEndpoint(ctx context.Context, id platform.ID, upd influxdb.NotificationEndpoint, userID platform.ID) (influxdb.NotificationEndpoint, error) {
edp, err := s.FindNotificationEndpointByID(ctx, id)
if err != nil {
return nil, err
}
if _, _, err := AuthorizeWrite(ctx, influxdb.NotificationEndpointResourceType, edp.GetID(), edp.GetOrgID()); err != nil {
return nil, err
}
return s.s.UpdateNotificationEndpoint(ctx, id, upd, userID)
}
// PatchNotificationEndpoint checks to see if the authorizer on context has write access to the notification endpoint provided.
func (s *NotificationEndpointService) PatchNotificationEndpoint(ctx context.Context, id platform.ID, upd influxdb.NotificationEndpointUpdate) (influxdb.NotificationEndpoint, error) {
edp, err := s.FindNotificationEndpointByID(ctx, id)
if err != nil {
return nil, err
}
if _, _, err := AuthorizeWrite(ctx, influxdb.NotificationEndpointResourceType, edp.GetID(), edp.GetOrgID()); err != nil {
return nil, err
}
return s.s.PatchNotificationEndpoint(ctx, id, upd)
}
// DeleteNotificationEndpoint checks to see if the authorizer on context has write access to the notification endpoint provided.
func (s *NotificationEndpointService) DeleteNotificationEndpoint(ctx context.Context, id platform.ID) ([]influxdb.SecretField, platform.ID, error) {
edp, err := s.FindNotificationEndpointByID(ctx, id)
if err != nil {
return nil, 0, err
}
if _, _, err := AuthorizeWrite(ctx, influxdb.NotificationEndpointResourceType, edp.GetID(), edp.GetOrgID()); err != nil {
return nil, 0, err
}
return s.s.DeleteNotificationEndpoint(ctx, id)
}
Reference in New Issue View Git Blame Copy Permalink