2023-08-02 16:43:56 +08:00
|
|
|
package user
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/grafana/grafana/pkg/models/roletype"
|
2023-08-09 15:35:50 +08:00
|
|
|
"github.com/grafana/grafana/pkg/services/auth/identity"
|
2023-08-02 16:43:56 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type SignedInUser struct {
|
|
|
|
|
UserID int64 `xorm:"user_id"`
|
|
|
|
|
OrgID int64 `xorm:"org_id"`
|
|
|
|
|
OrgName string
|
|
|
|
|
OrgRole roletype.RoleType
|
|
|
|
|
Login string
|
|
|
|
|
Name string
|
|
|
|
|
Email string
|
|
|
|
|
AuthenticatedBy string
|
|
|
|
|
ApiKeyID int64 `xorm:"api_key_id"`
|
|
|
|
|
IsServiceAccount bool `xorm:"is_service_account"`
|
|
|
|
|
IsGrafanaAdmin bool
|
|
|
|
|
IsAnonymous bool
|
|
|
|
|
IsDisabled bool
|
|
|
|
|
HelpFlags1 HelpFlags1
|
|
|
|
|
LastSeenAt time.Time
|
|
|
|
|
Teams []int64
|
|
|
|
|
// Permissions grouped by orgID and actions
|
|
|
|
|
Permissions map[int64]map[string][]string `json:"-"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (u *SignedInUser) ShouldUpdateLastSeenAt() bool {
|
|
|
|
|
return u.UserID > 0 && time.Since(u.LastSeenAt) > time.Minute*5
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (u *SignedInUser) NameOrFallback() string {
|
|
|
|
|
if u.Name != "" {
|
|
|
|
|
return u.Name
|
|
|
|
|
}
|
|
|
|
|
if u.Login != "" {
|
|
|
|
|
return u.Login
|
|
|
|
|
}
|
|
|
|
|
return u.Email
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (u *SignedInUser) ToUserDisplayDTO() *UserDisplayDTO {
|
|
|
|
|
return &UserDisplayDTO{
|
|
|
|
|
ID: u.UserID,
|
|
|
|
|
Login: u.Login,
|
|
|
|
|
Name: u.Name,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (u *SignedInUser) HasRole(role roletype.RoleType) bool {
|
|
|
|
|
if u.IsGrafanaAdmin {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return u.OrgRole.Includes(role)
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-09 18:33:35 +08:00
|
|
|
// IsRealUser returns true if the entity is a real user and not a service account
|
2023-08-02 16:43:56 +08:00
|
|
|
func (u *SignedInUser) IsRealUser() bool {
|
|
|
|
|
// backwards compatibility
|
|
|
|
|
// checking if userId the user is a real user
|
|
|
|
|
// previously we used to check if the UserId was 0 or -1
|
|
|
|
|
// and not a service account
|
|
|
|
|
return u.UserID > 0 && !u.IsServiceAccountUser()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (u *SignedInUser) IsApiKeyUser() bool {
|
|
|
|
|
return u.ApiKeyID > 0
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-09 18:33:35 +08:00
|
|
|
// IsServiceAccountUser returns true if the entity is a service account
|
2023-08-02 16:43:56 +08:00
|
|
|
func (u *SignedInUser) IsServiceAccountUser() bool {
|
|
|
|
|
return u.IsServiceAccount
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-09 18:33:35 +08:00
|
|
|
// HasUniqueId returns true if the entity has a unique id
|
2023-08-02 16:43:56 +08:00
|
|
|
func (u *SignedInUser) HasUniqueId() bool {
|
|
|
|
|
return u.IsRealUser() || u.IsApiKeyUser() || u.IsServiceAccountUser()
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-09 18:33:35 +08:00
|
|
|
// GetCacheKey returns a unique key for the entity.
|
|
|
|
|
// Add an extra prefix to avoid collisions with other caches
|
2023-08-02 16:43:56 +08:00
|
|
|
func (u *SignedInUser) GetCacheKey() (string, error) {
|
|
|
|
|
if u.IsRealUser() {
|
|
|
|
|
return fmt.Sprintf("%d-user-%d", u.OrgID, u.UserID), nil
|
|
|
|
|
}
|
|
|
|
|
if u.IsApiKeyUser() {
|
|
|
|
|
return fmt.Sprintf("%d-apikey-%d", u.OrgID, u.ApiKeyID), nil
|
|
|
|
|
}
|
|
|
|
|
if u.IsServiceAccountUser() { // not considered a real user
|
|
|
|
|
return fmt.Sprintf("%d-service-%d", u.OrgID, u.UserID), nil
|
|
|
|
|
}
|
|
|
|
|
return "", ErrNoUniqueID
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-09 18:33:35 +08:00
|
|
|
// GetIsGrafanaAdmin returns true if the user is a server admin
|
2023-08-02 16:43:56 +08:00
|
|
|
func (u *SignedInUser) GetIsGrafanaAdmin() bool {
|
|
|
|
|
return u.IsGrafanaAdmin
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-09 18:33:35 +08:00
|
|
|
// GetLogin returns the login of the active entity
|
|
|
|
|
// Can be empty if the user is anonymous
|
2023-08-02 16:43:56 +08:00
|
|
|
func (u *SignedInUser) GetLogin() string {
|
|
|
|
|
return u.Login
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-09 18:33:35 +08:00
|
|
|
// GetOrgID returns the ID of the active organization
|
2023-08-02 16:43:56 +08:00
|
|
|
func (u *SignedInUser) GetOrgID() int64 {
|
|
|
|
|
return u.OrgID
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-09 18:33:35 +08:00
|
|
|
// DEPRECATED: GetOrgName returns the name of the active organization
|
|
|
|
|
// Retrieve the organization name from the organization service instead of using this method.
|
|
|
|
|
func (u *SignedInUser) GetOrgName() string {
|
|
|
|
|
return u.OrgName
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetPermissions returns the permissions of the active entity
|
2023-08-09 15:35:50 +08:00
|
|
|
func (u *SignedInUser) GetPermissions() map[string][]string {
|
2023-08-02 16:43:56 +08:00
|
|
|
if u.Permissions == nil {
|
|
|
|
|
return make(map[string][]string)
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-09 15:35:50 +08:00
|
|
|
if u.Permissions[u.GetOrgID()] == nil {
|
|
|
|
|
return make(map[string][]string)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return u.Permissions[u.GetOrgID()]
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-09 18:33:35 +08:00
|
|
|
// DEPRECATED: GetTeams returns the teams the entity is a member of
|
|
|
|
|
// Retrieve the teams from the team service instead of using this method.
|
2023-08-09 15:35:50 +08:00
|
|
|
func (u *SignedInUser) GetTeams() []int64 {
|
|
|
|
|
return u.Teams
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-09 18:33:35 +08:00
|
|
|
// GetOrgRole returns the role of the active entity in the active organization
|
2023-08-09 15:35:50 +08:00
|
|
|
func (u *SignedInUser) GetOrgRole() roletype.RoleType {
|
|
|
|
|
return u.OrgRole
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-09 18:33:35 +08:00
|
|
|
// GetNamespacedID returns the namespace and ID of the active entity
|
|
|
|
|
// The namespace is one of the constants defined in pkg/services/auth/identity
|
2023-08-09 15:35:50 +08:00
|
|
|
func (u *SignedInUser) GetNamespacedID() (string, string) {
|
|
|
|
|
switch {
|
|
|
|
|
case u.ApiKeyID != 0:
|
|
|
|
|
return identity.NamespaceAPIKey, fmt.Sprintf("%d", u.ApiKeyID)
|
|
|
|
|
case u.IsServiceAccount:
|
|
|
|
|
return identity.NamespaceServiceAccount, fmt.Sprintf("%d", u.UserID)
|
2023-08-09 18:33:35 +08:00
|
|
|
case u.UserID > 0:
|
2023-08-09 15:35:50 +08:00
|
|
|
return identity.NamespaceUser, fmt.Sprintf("%d", u.UserID)
|
|
|
|
|
case u.IsAnonymous:
|
|
|
|
|
return identity.NamespaceAnonymous, ""
|
|
|
|
|
case u.AuthenticatedBy == "render": //import cycle render
|
2023-08-29 17:55:58 +08:00
|
|
|
if u.UserID == 0 {
|
|
|
|
|
return identity.NamespaceRenderService, fmt.Sprintf("%d", u.UserID)
|
|
|
|
|
} else { // this should never happen as u.UserID > 0 already catches this
|
|
|
|
|
return identity.NamespaceUser, fmt.Sprintf("%d", u.UserID)
|
|
|
|
|
}
|
2023-08-09 15:35:50 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// backwards compatibility
|
|
|
|
|
return identity.NamespaceUser, fmt.Sprintf("%d", u.UserID)
|
2023-08-02 16:43:56 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// FIXME: remove this method once all services are using an interface
|
|
|
|
|
func (u *SignedInUser) IsNil() bool {
|
|
|
|
|
return u == nil
|
|
|
|
|
}
|
2023-08-09 18:33:35 +08:00
|
|
|
|
|
|
|
|
// GetEmail returns the email of the active entity
|
|
|
|
|
// Can be empty.
|
|
|
|
|
func (u *SignedInUser) GetEmail() string {
|
|
|
|
|
return u.Email
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetDisplayName returns the display name of the active entity
|
|
|
|
|
// The display name is the name if it is set, otherwise the login or email
|
|
|
|
|
func (u *SignedInUser) GetDisplayName() string {
|
|
|
|
|
return u.NameOrFallback()
|
|
|
|
|
}
|
