84 lines
2.8 KiB
Go
84 lines
2.8 KiB
Go
package authorizer
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/influxdata/influxdb/v2"
|
|
"github.com/influxdata/influxdb/v2/kit/platform"
|
|
)
|
|
|
|
var _ influxdb.NotebookService = (*NotebookService)(nil)
|
|
|
|
// NotebookService wraps an influxdb.NotebookService and authorizes actions
|
|
// against it appropriately.
|
|
type NotebookService struct {
|
|
s influxdb.NotebookService
|
|
}
|
|
|
|
// NewNotebookService constructs an instance of an authorizing check service.
|
|
func NewNotebookService(s influxdb.NotebookService) *NotebookService {
|
|
return &NotebookService{
|
|
s: s,
|
|
}
|
|
}
|
|
|
|
// GetNotebook checks to see if the authorizer on context has read access to the id provided.
|
|
func (s *NotebookService) GetNotebook(ctx context.Context, id platform.ID) (*influxdb.Notebook, error) {
|
|
nb, err := s.s.GetNotebook(ctx, id)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if _, _, err := AuthorizeRead(ctx, influxdb.NotebooksResourceType, id, nb.OrgID); err != nil {
|
|
return nil, err
|
|
}
|
|
return nb, nil
|
|
}
|
|
|
|
// CreateNotebook checks to see if the authorizer on context has write access for notebooks for organization id provided in the notebook body.
|
|
func (s *NotebookService) CreateNotebook(ctx context.Context, create *influxdb.NotebookReqBody) (*influxdb.Notebook, error) {
|
|
if _, _, err := AuthorizeCreate(ctx, influxdb.NotebooksResourceType, create.OrgID); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return s.s.CreateNotebook(ctx, create)
|
|
}
|
|
|
|
// UpdateNotebook checks to see if the authorizer on context has write access to the notebook provided.
|
|
func (s *NotebookService) UpdateNotebook(ctx context.Context, id platform.ID, update *influxdb.NotebookReqBody) (*influxdb.Notebook, error) {
|
|
nb, err := s.s.GetNotebook(ctx, id)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if _, _, err := AuthorizeWrite(ctx, influxdb.NotebooksResourceType, id, nb.OrgID); err != nil {
|
|
return nil, err
|
|
}
|
|
return s.s.UpdateNotebook(ctx, id, update)
|
|
}
|
|
|
|
// DeleteNotebook checks to see if the authorizer on context has write access to the notebook provided.
|
|
func (s *NotebookService) DeleteNotebook(ctx context.Context, id platform.ID) error {
|
|
nb, err := s.s.GetNotebook(ctx, id)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if _, _, err := AuthorizeWrite(ctx, influxdb.NotebooksResourceType, id, nb.OrgID); err != nil {
|
|
return err
|
|
}
|
|
return s.s.DeleteNotebook(ctx, id)
|
|
}
|
|
|
|
// ListNotebooks checks to see if the requesting user has read access to the provided org and returns a list of notebooks for that org if so.
|
|
func (s *NotebookService) ListNotebooks(ctx context.Context, filter influxdb.NotebookListFilter) ([]*influxdb.Notebook, error) {
|
|
if _, _, err := AuthorizeOrgReadResource(ctx, influxdb.NotebooksResourceType, filter.OrgID); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
ns, err := s.s.ListNotebooks(ctx, filter)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
ns, _, err = AuthorizeFindNotebooks(ctx, ns)
|
|
return ns, err
|
|
}
|