bosun.org@v0.0.0-20210513094433-e25bc3e69a1f/cmd/bosun/web/roles.go

bosun.org@v0.0.0-20210513094433-e25bc3e69a1f/cmd/bosun/web/roles.go (about)

     1  package web
     2  
     3  import (
     4  	"fmt"
     5  	"net/http"
     6  	"strings"
     7  
     8  	"github.com/MiniProfiler/go/miniprofiler"
     9  	"github.com/captncraig/easyauth"
    10  )
    11  
    12  const (
    13  	canViewDash easyauth.Role = 1 << iota
    14  	canViewConfig
    15  	canPutData
    16  	canPerformActions
    17  	canRunTests
    18  	canSaveConfig
    19  	canViewAnnotations
    20  	canCreateAnnotations
    21  	canSilence
    22  	canManageTokens
    23  	canOverwriteUsername
    24  )
    25  
    26  const (
    27  	fullyOpen  easyauth.Role = 0
    28  	roleReader               = canViewDash | canViewConfig | canViewAnnotations
    29  	roleAdmin                = 0xFFFFFFFF
    30  	roleWriter               = roleAdmin ^ canManageTokens ^ canOverwriteUsername
    31  )
    32  
    33  var roleDefs = &roleMetadata{
    34  	Permissions: []bitDesc{
    35  		{canViewDash, "View Dashboard", "Can view dashboard and alert state data, metrics, and graphs"},
    36  		{canViewConfig, "View Config", "Can view bosun configuration page"},
    37  		{canPutData, "Put Data", "Can put and index opentsdb data and metadata"},
    38  		{canPerformActions, "Actions", "Can acknowlege and close alerts"},
    39  		{canRunTests, "Run Tests", "Can execute expressions, graphs, and rule tests"},
    40  		{canSaveConfig, "Save Config", "Can alter and save bosun rule config"},
    41  		{canViewAnnotations, "View Annotations", "Can view annotations on graph page"},
    42  		{canCreateAnnotations, "Create Annotations", "Can add and manage annotations via api"},
    43  		{canSilence, "Silence", "Can add and manage silences"},
    44  		{canManageTokens, "Manage Tokens", "Can manage authorization tokens"},
    45  		{canOverwriteUsername, "Set Username", "Allows external services to set username in api requests"},
    46  	},
    47  	Roles: []bitDesc{
    48  		{roleReader, "Reader", "Read access to dashboard and alert data"},
    49  		{roleAdmin, "Admin", "Full access to all functionality"},
    50  		{roleWriter, "Writer", "Write access to alert data and actions"},
    51  	},
    52  }
    53  
    54  type bitDesc struct {
    55  	Bits easyauth.Role
    56  	Name string
    57  	Desc string
    58  }
    59  type roleMetadata struct {
    60  	Permissions []bitDesc
    61  	Roles       []bitDesc
    62  }
    63  
    64  func parseRole(s string) (easyauth.Role, error) {
    65  	parts := strings.Split(s, ",")
    66  	perms := fullyOpen
    67  	for _, part := range parts {
    68  		this := fullyOpen
    69  		for _, perm := range roleDefs.Permissions {
    70  			pname := strings.Replace(strings.ToLower(perm.Name), " ", "", -1)
    71  			if strings.ToLower(part) == pname {
    72  				this = perm.Bits
    73  				break
    74  			}
    75  		}
    76  		for _, perm := range roleDefs.Roles {
    77  			pname := strings.Replace(strings.ToLower(perm.Name), " ", "", -1)
    78  			if strings.ToLower(part) == pname {
    79  				this = perm.Bits
    80  				break
    81  			}
    82  		}
    83  		if this == fullyOpen {
    84  			return this, fmt.Errorf("Unknown permission level: '%s'", part)
    85  		}
    86  		perms |= this
    87  	}
    88  	return perms, nil
    89  }
    90  
    91  func getRoleDefinitions(_ miniprofiler.Timer, w http.ResponseWriter, r *http.Request) (interface{}, error) {
    92  	return roleDefs, nil
    93  }