Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
bosun/cmd/bosun/web/roles.go
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
93 lines (85 sloc)
2.63 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package web | |
import ( | |
"fmt" | |
"net/http" | |
"strings" | |
"github.com/MiniProfiler/go/miniprofiler" | |
"github.com/captncraig/easyauth" | |
) | |
const ( | |
canViewDash easyauth.Role = 1 << iota | |
canViewConfig | |
canPutData | |
canPerformActions | |
canRunTests | |
canSaveConfig | |
canViewAnnotations | |
canCreateAnnotations | |
canSilence | |
canManageTokens | |
canOverwriteUsername | |
) | |
const ( | |
fullyOpen easyauth.Role = 0 | |
roleReader = canViewDash | canViewConfig | canViewAnnotations | |
roleAdmin = 0xFFFFFFFF | |
roleWriter = roleAdmin ^ canManageTokens ^ canOverwriteUsername | |
) | |
var roleDefs = &roleMetadata{ | |
Permissions: []bitDesc{ | |
{canViewDash, "View Dashboard", "Can view dashboard and alert state data, metrics, and graphs"}, | |
{canViewConfig, "View Config", "Can view bosun configuration page"}, | |
{canPutData, "Put Data", "Can put and index opentsdb data and metadata"}, | |
{canPerformActions, "Actions", "Can acknowlege and close alerts"}, | |
{canRunTests, "Run Tests", "Can execute expressions, graphs, and rule tests"}, | |
{canSaveConfig, "Save Config", "Can alter and save bosun rule config"}, | |
{canViewAnnotations, "View Annotations", "Can view annotations on graph page"}, | |
{canCreateAnnotations, "Create Annotations", "Can add and manage annotations via api"}, | |
{canSilence, "Silence", "Can add and manage silences"}, | |
{canManageTokens, "Manage Tokens", "Can manage authorization tokens"}, | |
{canOverwriteUsername, "Set Username", "Allows external services to set username in api requests"}, | |
}, | |
Roles: []bitDesc{ | |
{roleReader, "Reader", "Read access to dashboard and alert data"}, | |
{roleAdmin, "Admin", "Full access to all functionality"}, | |
{roleWriter, "Writer", "Write access to alert data and actions"}, | |
}, | |
} | |
type bitDesc struct { | |
Bits easyauth.Role | |
Name string | |
Desc string | |
} | |
type roleMetadata struct { | |
Permissions []bitDesc | |
Roles []bitDesc | |
} | |
func parseRole(s string) (easyauth.Role, error) { | |
parts := strings.Split(s, ",") | |
perms := fullyOpen | |
for _, part := range parts { | |
this := fullyOpen | |
for _, perm := range roleDefs.Permissions { | |
pname := strings.Replace(strings.ToLower(perm.Name), " ", "", -1) | |
if strings.ToLower(part) == pname { | |
this = perm.Bits | |
break | |
} | |
} | |
for _, perm := range roleDefs.Roles { | |
pname := strings.Replace(strings.ToLower(perm.Name), " ", "", -1) | |
if strings.ToLower(part) == pname { | |
this = perm.Bits | |
break | |
} | |
} | |
if this == fullyOpen { | |
return this, fmt.Errorf("Unknown permission level: '%s'", part) | |
} | |
perms |= this | |
} | |
return perms, nil | |
} | |
func getRoleDefinitions(_ miniprofiler.Timer, w http.ResponseWriter, r *http.Request) (interface{}, error) { | |
return roleDefs, nil | |
} |