mirror of
https://github.com/SigNoz/signoz.git
synced 2026-02-03 08:33:26 +00:00
1c815b130c
* feat(authz): initial commit for migrating rbac to openfga * feat(authz): make the role updates idempotant * feat(authz): split role module into role and grant * feat(authz): some naming changes * feat(authz): integrate the grant module * feat(authz): add support for migrating existing user role * feat(authz): add support for migrating existing user role * feat(authz): figure out the * selector * feat(authz): merge main * feat(authz): merge main * feat(authz): address couple of todos * feat(authz): address couple of todos * feat(authz): fix tests and revert public dashboard change * feat(authz): fix tests and revert public dashboard change * feat(authz): add open api spec * feat(authz): add open api spec * feat(authz): add api key changes and missing migration * feat(authz): split role into getter and setter * feat(authz): add integration tests for authz register * feat(authz): add more tests for user invite and delete * feat(authz): update user tests * feat(authz): rename grant to granter * feat(authz): address review comments * feat(authz): address review comments * feat(authz): address review comments * feat(authz): add the migration for existing roles * feat(authz): go mod tidy * feat(authz): fix integration tests * feat(authz): handle community changes * feat(authz): handle community changes * feat(authz): role selectors for open claims * feat(authz): role selectors for open claims * feat(authz): prevent duplicate entries for changelog * feat(authz): scafolding for rbac migration * feat(authz): scafolding for rbac migration * feat(authz): scafolding for rbac migration * feat(authz): scafolding for rbac migration * feat(authz): scafolding for rbac migration
100 lines
3.6 KiB
Go
100 lines
3.6 KiB
Go
package signozapiserver
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/SigNoz/signoz/pkg/http/handler"
|
|
"github.com/SigNoz/signoz/pkg/types"
|
|
"github.com/SigNoz/signoz/pkg/types/roletypes"
|
|
"github.com/gorilla/mux"
|
|
)
|
|
|
|
func (provider *provider) addRoleRoutes(router *mux.Router) error {
|
|
if err := router.Handle("/api/v1/roles", handler.New(provider.authZ.AdminAccess(provider.roleHandler.Create), handler.OpenAPIDef{
|
|
ID: "CreateRole",
|
|
Tags: []string{"role"},
|
|
Summary: "Create role",
|
|
Description: "This endpoint creates a role",
|
|
Request: nil,
|
|
RequestContentType: "",
|
|
Response: new(types.Identifiable),
|
|
ResponseContentType: "application/json",
|
|
SuccessStatusCode: http.StatusCreated,
|
|
ErrorStatusCodes: []int{},
|
|
Deprecated: false,
|
|
SecuritySchemes: newSecuritySchemes(types.RoleAdmin),
|
|
})).Methods(http.MethodPost).GetError(); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := router.Handle("/api/v1/roles", handler.New(provider.authZ.AdminAccess(provider.roleHandler.List), handler.OpenAPIDef{
|
|
ID: "ListRoles",
|
|
Tags: []string{"role"},
|
|
Summary: "List roles",
|
|
Description: "This endpoint lists all roles",
|
|
Request: nil,
|
|
RequestContentType: "",
|
|
Response: make([]*roletypes.Role, 0),
|
|
ResponseContentType: "application/json",
|
|
SuccessStatusCode: http.StatusOK,
|
|
ErrorStatusCodes: []int{},
|
|
Deprecated: false,
|
|
SecuritySchemes: newSecuritySchemes(types.RoleAdmin),
|
|
})).Methods(http.MethodGet).GetError(); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authZ.AdminAccess(provider.roleHandler.Get), handler.OpenAPIDef{
|
|
ID: "GetRole",
|
|
Tags: []string{"role"},
|
|
Summary: "Get role",
|
|
Description: "This endpoint gets a role",
|
|
Request: nil,
|
|
RequestContentType: "",
|
|
Response: new(roletypes.Role),
|
|
ResponseContentType: "application/json",
|
|
SuccessStatusCode: http.StatusOK,
|
|
ErrorStatusCodes: []int{},
|
|
Deprecated: false,
|
|
SecuritySchemes: newSecuritySchemes(types.RoleAdmin),
|
|
})).Methods(http.MethodGet).GetError(); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authZ.AdminAccess(provider.roleHandler.Patch), handler.OpenAPIDef{
|
|
ID: "PatchRole",
|
|
Tags: []string{"role"},
|
|
Summary: "Patch role",
|
|
Description: "This endpoint patches a role",
|
|
Request: nil,
|
|
RequestContentType: "",
|
|
Response: nil,
|
|
ResponseContentType: "application/json",
|
|
SuccessStatusCode: http.StatusNoContent,
|
|
ErrorStatusCodes: []int{},
|
|
Deprecated: false,
|
|
SecuritySchemes: newSecuritySchemes(types.RoleAdmin),
|
|
})).Methods(http.MethodPatch).GetError(); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authZ.AdminAccess(provider.roleHandler.Delete), handler.OpenAPIDef{
|
|
ID: "DeleteRole",
|
|
Tags: []string{"role"},
|
|
Summary: "Delete role",
|
|
Description: "This endpoint deletes a role",
|
|
Request: nil,
|
|
RequestContentType: "",
|
|
Response: nil,
|
|
ResponseContentType: "application/json",
|
|
SuccessStatusCode: http.StatusNoContent,
|
|
ErrorStatusCodes: []int{},
|
|
Deprecated: false,
|
|
SecuritySchemes: newSecuritySchemes(types.RoleAdmin),
|
|
})).Methods(http.MethodDelete).GetError(); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|