Commit a5e450a0 by Torkel Ödegaard

Worked on anonymous access

parent 757b1853
...@@ -59,9 +59,9 @@ default_role = Editor ...@@ -59,9 +59,9 @@ default_role = Editor
; enable anonymous access ; enable anonymous access
enabled = false enabled = false
; specify account name that should be used for unauthenticated users ; specify account name that should be used for unauthenticated users
account = main account_name = main
; specify role for unauthenticated users ; specify role for unauthenticated users
role = Viewer account_role = Viewer
[auth.github] [auth.github]
enabled = false enabled = false
......
...@@ -6,7 +6,6 @@ import ( ...@@ -6,7 +6,6 @@ import (
"github.com/Unknwon/macaron" "github.com/Unknwon/macaron"
"github.com/torkelo/grafana-pro/pkg/log"
m "github.com/torkelo/grafana-pro/pkg/models" m "github.com/torkelo/grafana-pro/pkg/models"
"github.com/torkelo/grafana-pro/pkg/setting" "github.com/torkelo/grafana-pro/pkg/setting"
) )
...@@ -70,15 +69,13 @@ func RoleAuth(roles ...m.RoleType) macaron.Handler { ...@@ -70,15 +69,13 @@ func RoleAuth(roles ...m.RoleType) macaron.Handler {
func Auth(options *AuthOptions) macaron.Handler { func Auth(options *AuthOptions) macaron.Handler {
return func(c *Context) { return func(c *Context) {
if !c.IsGrafanaAdmin && options.ReqGrafanaAdmin {
if !c.IsSignedIn && options.ReqSignedIn {
log.Info("AppSubUrl: %v", setting.AppSubUrl)
c.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+c.Req.RequestURI), 0, setting.AppSubUrl+"/")
authDenied(c) authDenied(c)
return return
} }
if !c.IsGrafanaAdmin && options.ReqGrafanaAdmin { if !c.IsSignedIn && options.ReqSignedIn && !c.HasAnonymousAccess {
c.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+c.Req.RequestURI), 0, setting.AppSubUrl+"/")
authDenied(c) authDenied(c)
return return
} }
......
...@@ -20,14 +20,18 @@ type Context struct { ...@@ -20,14 +20,18 @@ type Context struct {
Session session.Store Session session.Store
IsSignedIn bool IsSignedIn bool
HasAnonymousAccess bool
} }
func GetContextHandler() macaron.Handler { func GetContextHandler() macaron.Handler {
return func(c *macaron.Context, sess session.Store) { return func(c *macaron.Context, sess session.Store) {
ctx := &Context{ ctx := &Context{
Context: c, Context: c,
Session: sess, Session: sess,
SignedInUser: &m.SignedInUser{},
IsSignedIn: false,
HasAnonymousAccess: false,
} }
// try get account id from request // try get account id from request
...@@ -36,8 +40,8 @@ func GetContextHandler() macaron.Handler { ...@@ -36,8 +40,8 @@ func GetContextHandler() macaron.Handler {
if err := bus.Dispatch(&query); err != nil { if err := bus.Dispatch(&query); err != nil {
log.Error(3, "Failed to get user by id, %v, %v", userId, err) log.Error(3, "Failed to get user by id, %v, %v", userId, err)
} else { } else {
ctx.IsSignedIn = true
ctx.SignedInUser = query.Result ctx.SignedInUser = query.Result
ctx.IsSignedIn = true
} }
} else if key := getApiKey(ctx); key != "" { } else if key := getApiKey(ctx); key != "" {
// Try API Key auth // Try API Key auth
...@@ -56,6 +60,19 @@ func GetContextHandler() macaron.Handler { ...@@ -56,6 +60,19 @@ func GetContextHandler() macaron.Handler {
ctx.ApiKeyId = keyInfo.Id ctx.ApiKeyId = keyInfo.Id
ctx.AccountId = keyInfo.AccountId ctx.AccountId = keyInfo.AccountId
} }
} else if setting.AnonymousEnabled {
accountQuery := m.GetAccountByNameQuery{Name: setting.AnonymousAccountName}
if err := bus.Dispatch(&accountQuery); err != nil {
if err == m.ErrAccountNotFound {
log.Error(3, "Anonymous access account name does not exist", nil)
}
} else {
ctx.IsSignedIn = false
ctx.HasAnonymousAccess = true
ctx.SignedInUser = &m.SignedInUser{}
ctx.AccountRole = m.RoleType(setting.AnonymousAccountRole)
ctx.AccountId = accountQuery.Result.Id
}
} }
c.Map(ctx) c.Map(ctx)
......
...@@ -43,6 +43,11 @@ type GetAccountByIdQuery struct { ...@@ -43,6 +43,11 @@ type GetAccountByIdQuery struct {
Result *Account Result *Account
} }
type GetAccountByNameQuery struct {
Name string
Result *Account
}
type AccountDTO struct { type AccountDTO struct {
Id int64 `json:"id"` Id int64 `json:"id"`
Name string `json:"name"` Name string `json:"name"`
......
...@@ -84,6 +84,9 @@ type SearchUsersQuery struct { ...@@ -84,6 +84,9 @@ type SearchUsersQuery struct {
// DTO & Projections // DTO & Projections
type SignedInUser struct { type SignedInUser struct {
IsSignedIn bool
IsAnonymous bool
UserId int64 UserId int64
AccountId int64 AccountId int64
AccountName string AccountName string
......
...@@ -10,13 +10,14 @@ import ( ...@@ -10,13 +10,14 @@ import (
) )
func init() { func init() {
bus.AddHandler("sql", GetAccount) bus.AddHandler("sql", GetAccountById)
bus.AddHandler("sql", CreateAccount) bus.AddHandler("sql", CreateAccount)
bus.AddHandler("sql", SetUsingAccount) bus.AddHandler("sql", SetUsingAccount)
bus.AddHandler("sql", UpdateAccount) bus.AddHandler("sql", UpdateAccount)
bus.AddHandler("sql", GetAccountByName)
} }
func GetAccount(query *m.GetAccountByIdQuery) error { func GetAccountById(query *m.GetAccountByIdQuery) error {
var account m.Account var account m.Account
exists, err := x.Id(query.Id).Get(&account) exists, err := x.Id(query.Id).Get(&account)
if err != nil { if err != nil {
...@@ -31,6 +32,21 @@ func GetAccount(query *m.GetAccountByIdQuery) error { ...@@ -31,6 +32,21 @@ func GetAccount(query *m.GetAccountByIdQuery) error {
return nil return nil
} }
func GetAccountByName(query *m.GetAccountByNameQuery) error {
var account m.Account
exists, err := x.Where("name=?", query.Name).Get(&account)
if err != nil {
return err
}
if !exists {
return m.ErrAccountNotFound
}
query.Result = &account
return nil
}
func CreateAccount(cmd *m.CreateAccountCommand) error { func CreateAccount(cmd *m.CreateAccountCommand) error {
return inTransaction(func(sess *xorm.Session) error { return inTransaction(func(sess *xorm.Session) error {
......
...@@ -70,10 +70,12 @@ var ( ...@@ -70,10 +70,12 @@ var (
DefaultAccountRole string DefaultAccountRole string
// Http auth // Http auth
AdminUser string AdminUser string
AdminPassword string AdminPassword string
Anonymous bool
AnonymousAccountId int64 AnonymousEnabled bool
AnonymousAccountName string
AnonymousAccountRole string
// Session settings. // Session settings.
SessionOptions session.Options SessionOptions session.Options
...@@ -195,17 +197,19 @@ func NewConfigContext() { ...@@ -195,17 +197,19 @@ func NewConfigContext() {
CookieUserName = security.Key("cookie_username").String() CookieUserName = security.Key("cookie_username").String()
CookieRememberName = security.Key("cookie_remember_name").String() CookieRememberName = security.Key("cookie_remember_name").String()
// admin
AdminUser = security.Key("admin_user").String()
AdminPassword = security.Key("admin_password").String()
// single account // single account
SingleAccountMode = Cfg.Section("account.single").Key("enabled").MustBool(false) SingleAccountMode = Cfg.Section("account.single").Key("enabled").MustBool(false)
DefaultAccountName = Cfg.Section("account.single").Key("account_name").MustString("main") DefaultAccountName = Cfg.Section("account.single").Key("account_name").MustString("main")
DefaultAccountRole = Cfg.Section("account.single").Key("default_role").In("Editor", []string{"Editor", "Admin", "Viewer"}) DefaultAccountRole = Cfg.Section("account.single").Key("default_role").In("Editor", []string{"Editor", "Admin", "Viewer"})
// admin // anonymous access
AdminUser = security.Key("admin_user").String() AnonymousEnabled = Cfg.Section("auth.anonymous").Key("enabled").MustBool(false)
AdminPassword = security.Key("admin_password").String() AnonymousAccountName = Cfg.Section("auth.anonymous").Key("account_name").String()
AnonymousAccountRole = Cfg.Section("auth.anonymous").Key("account_role").String()
// Anonymous = Cfg.MustBool("auth", "anonymous", false)
// AnonymousAccountId = Cfg.MustInt64("auth", "anonymous_account_id", 0)
// PhantomJS rendering // PhantomJS rendering
ImagesDir = "data/png" ImagesDir = "data/png"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment