projects/graylog-groups
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Support for saved searches

Browse source 
The "search" type has been added to support granting permissions on
saved searches. This should solve GitHub issue #1.
This commit is contained in:
Emmanuel BENOîT 2021-05-11 13:44:45 +02:00
parent 50723668e6
commit ff27f05df9
3 changed files with 11 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -11,8 +11,8 @@ Why?
----- -----
The community edition of [Graylog](https://graylog.org) had the ability to use The community edition of [Graylog](https://graylog.org) had the ability to use
LDAP group in order to control user access to the various objects (streams and LDAP group in order to control user access to the various objects (searches,
dashboards). streams and dashboards).
In a somewhat ethically questionable move this capability was removed in version In a somewhat ethically questionable move this capability was removed in version
4.0 and replaced with an enterprise-only feature called teams. 4.0 and replaced with an enterprise-only feature called teams.

12
graylog-groups.yml.example
View file

@ -74,12 +74,12 @@ mapping:
# Privileges on various Graylog objects. This is a list of records. # Privileges on various Graylog objects. This is a list of records.
privileges: privileges:
# Each privilege record includes a type of object (either "dashboard" or # Each privilege record includes a type of object ("dashboard", "search"
# "stream"), an identifier (which is generated by Graylog, and must be # or "stream"), an identifier (which is generated by Graylog, and must
# extracted from the pages' URLs or from the API) and a level, which may # be extracted from the pages' URLs or from the API) and a level, which
# be either "read" or "write", the latter implying the former. Should an # may be either "read" or "write", the latter implying the former. Should
# user be a member of groups that grant both privilege levels, the highest # an user be a member of groups that grant both privilege levels, the
# level will be kept. # highest level will be kept.
- type: dashboard - type: dashboard
id: 12345 id: 12345
level: read level: read

3
graylog.go
View file

@ -46,6 +46,7 @@ var (
// Graylog items on which privileges may be set // Graylog items on which privileges may be set
graylogItems = map[string]bool{ graylogItems = map[string]bool{
"dashboard": true, "dashboard": true,
"search": true,
"stream": true, "stream": true,
} }
@ -53,6 +54,8 @@ var (
graylogPriv = map[string][]string{ graylogPriv = map[string][]string{
"dashboard:read": {"dashboards:read:%s", "view:read:%s"}, "dashboard:read": {"dashboards:read:%s", "view:read:%s"},
"dashboard:write": {"dashboards:read:%s", "dashboards:edit:%s", "view:read:%s", "view:edit:%s"}, "dashboard:write": {"dashboards:read:%s", "dashboards:edit:%s", "view:read:%s", "view:edit:%s"},
"search:read": {"view:read:%s"},
"search:write": {"view:read:%s", "view:edit:%s"},
"stream:read": {"streams:read:%s"}, "stream:read": {"streams:read:%s"},
"stream:write": {"streams:read:%s", "streams:edit:%s", "streams:changestate:%s"}, "stream:write": {"streams:read:%s", "streams:edit:%s", "streams:changestate:%s"},
} }