50 lines
1.7 KiB
Go
50 lines
1.7 KiB
Go
package tenant
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/influxdata/influxdb/v2"
|
|
"github.com/influxdata/influxdb/v2/authorizer"
|
|
)
|
|
|
|
var _ influxdb.OnboardingService = (*AuthedOnboardSvc)(nil)
|
|
|
|
// TODO (al): remove authorizer/org when the org service moves to tenant
|
|
|
|
// AuthedOnboardSvc wraps a influxdb.OnboardingService and authorizes actions
|
|
// against it appropriately.
|
|
type AuthedOnboardSvc struct {
|
|
s influxdb.OnboardingService
|
|
}
|
|
|
|
// NewAuthedOnboardSvc constructs an instance of an authorizing org service.
|
|
func NewAuthedOnboardSvc(s influxdb.OnboardingService) *AuthedOnboardSvc {
|
|
return &AuthedOnboardSvc{
|
|
s: s,
|
|
}
|
|
}
|
|
|
|
// IsOnboarding pass through. this is handled by the underlying service layer
|
|
func (s *AuthedOnboardSvc) IsOnboarding(ctx context.Context) (bool, error) {
|
|
return s.s.IsOnboarding(ctx)
|
|
}
|
|
|
|
// OnboardInitialUser pass through. this is handled by the underlying service layer
|
|
func (s *AuthedOnboardSvc) OnboardInitialUser(ctx context.Context, req *influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) {
|
|
return s.s.OnboardInitialUser(ctx, req)
|
|
}
|
|
|
|
// OnboardUser needs to confirm this user has access to do global create for multiple resources
|
|
func (s *AuthedOnboardSvc) OnboardUser(ctx context.Context, req *influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) {
|
|
if _, _, err := authorizer.AuthorizeWriteGlobal(ctx, influxdb.OrgsResourceType); err != nil {
|
|
return nil, err
|
|
}
|
|
if _, _, err := authorizer.AuthorizeWriteGlobal(ctx, influxdb.UsersResourceType); err != nil {
|
|
return nil, err
|
|
}
|
|
if _, _, err := authorizer.AuthorizeWriteGlobal(ctx, influxdb.BucketsResourceType); err != nil {
|
|
return nil, err
|
|
}
|
|
return s.s.OnboardUser(ctx, req)
|
|
}
|