Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #132 from databrickslabs/permissions-api
Add support for general permissions
- Loading branch information
Showing
33 changed files
with
1,868 additions
and
132 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
package model | ||
|
||
// ObjectACL is a structure to generically describe access control | ||
type ObjectACL struct { | ||
ObjectID string `json:"object_id,omitempty"` | ||
ObjectType string `json:"object_type,omitempty"` | ||
AccessControlList []*AccessControl `json:"access_control_list"` | ||
} | ||
|
||
// AccessControl is a structure to describe user/group permissions | ||
type AccessControl struct { | ||
UserName *string `json:"user_name,omitempty"` | ||
GroupName *string `json:"group_name,omitempty"` | ||
AllPermissions []*Permission `json:"all_permissions,omitempty"` | ||
} | ||
|
||
// Permission is a structure to describe permission level | ||
type Permission struct { | ||
PermissionLevel string `json:"permission_level"` | ||
Inherited bool `json:"inherited,omitempty"` | ||
InheritedFromObject []string `json:"inherited_from_object,omitempty"` | ||
} | ||
|
||
// AccessControlChangeList is wrapper around ACL changes for REST API | ||
type AccessControlChangeList struct { | ||
AccessControlList []*AccessControlChange `json:"access_control_list"` | ||
} | ||
|
||
// AccessControlChange is API wrapper for changing permissions | ||
type AccessControlChange struct { | ||
UserName *string `json:"user_name,omitempty"` | ||
GroupName *string `json:"group_name,omitempty"` | ||
ServicePrincipalName *string `json:"service_principal_name,omitempty"` | ||
PermissionLevel string `json:"permission_level"` | ||
} | ||
|
||
// ToAccessControlChangeList converts data formats | ||
func (oa *ObjectACL) ToAccessControlChangeList() *AccessControlChangeList { | ||
acl := new(AccessControlChangeList) | ||
for _, accessControl := range oa.AccessControlList { | ||
for _, permission := range accessControl.AllPermissions { | ||
if permission.Inherited { | ||
continue | ||
} | ||
item := new(AccessControlChange) | ||
acl.AccessControlList = append(acl.AccessControlList, item) | ||
item.PermissionLevel = permission.PermissionLevel | ||
if accessControl.UserName != nil { | ||
item.UserName = accessControl.UserName | ||
} else if accessControl.GroupName != nil { | ||
item.GroupName = accessControl.GroupName | ||
} | ||
} | ||
} | ||
return acl | ||
} | ||
|
||
// AccessControl exports data for TF | ||
func (acl *AccessControlChangeList) AccessControl(me string) []map[string]string { | ||
result := []map[string]string{} | ||
for _, control := range acl.AccessControlList { | ||
item := map[string]string{} | ||
if control.UserName != nil && *control.UserName != "" { | ||
if me == *control.UserName { | ||
continue | ||
} | ||
item["user_name"] = *control.UserName | ||
} else if control.GroupName != nil && *control.GroupName != "" { | ||
item["group_name"] = *control.GroupName | ||
} | ||
item["permission_level"] = control.PermissionLevel | ||
result = append(result, item) | ||
} | ||
return result | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.