MCPcopy
hub / github.com/dgraph-io/dgraph / AuthSuperAdmin

Function AuthSuperAdmin

edgraph/access.go:1122–1143  ·  view source on GitHub ↗

AuthSuperAdmin authorizes the operations for the users who belong to the guardians group in the galaxy namespace. This authorization is used for admin usages like creation and deletion of a namespace, resetting passwords across namespaces etc. NOTE: The caller should not wrap the error returned. If

(ctx context.Context)

Source from the content-addressed store, hash-verified

1120// deletion of a namespace, resetting passwords across namespaces etc.
1121// NOTE: The caller should not wrap the error returned. If needed, propagate the GRPC error code.
1122func AuthSuperAdmin(ctx context.Context) error {
1123 if !x.WorkerConfig.AclEnabled {
1124 return nil
1125 }
1126 ns, err := x.ExtractNamespaceFrom(ctx)
1127 if err != nil {
1128 return errors.Wrap(err, "Authorize guardian of the galaxy, extracting jwt token, error:")
1129 }
1130 if ns != 0 {
1131 return status.Error(
1132 codes.PermissionDenied, "Only superadmin is allowed to do this operation")
1133 }
1134 // AuthorizeGuardians will extract (user, []groups) from the JWT claims and will check if
1135 // any of the group to which the user belongs is "guardians" or not.
1136 if err := AuthorizeGuardians(ctx); err != nil {
1137 s := status.Convert(err)
1138 return status.Error(
1139 s.Code(), "AuthSuperAdmin: failed to authorize guardians. "+s.Message())
1140 }
1141 glog.V(3).Info("Successfully authorised guardian of the galaxy")
1142 return nil
1143}
1144
1145// AuthorizeGuardians authorizes the operation for users which belong to Guardians group.
1146// NOTE: The caller should not wrap the error returned. If needed, propagate the GRPC error code.

Callers 8

alterMethod · 0.85
doQueryMethod · 0.85
AllocateIDsMethod · 0.85
CreateNamespaceMethod · 0.85
DropNamespaceMethod · 0.85
ListNamespacesMethod · 0.85

Calls 5

ExtractNamespaceFromFunction · 0.92
AuthorizeGuardiansFunction · 0.85
CodeMethod · 0.80
InfoMethod · 0.80
ErrorMethod · 0.45

Tested by

no test coverage detected