Support for saved searches

The "search" type has been added to support granting permissions on saved searches. This should solve GitHub issue #1.
2021-05-11 13:44:45 +02:00 · 2021-05-11 13:44:45 +02:00 · ff27f05df9
commit ff27f05df9
parent 50723668e6
3 changed files with 11 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -11,8 +11,8 @@ Why?
 -----

 The community edition of [Graylog](https://graylog.org) had the ability to use
-LDAP group in order to control user access to the various objects (streams and
-dashboards).
+LDAP group in order to control user access to the various objects (searches,
+streams and dashboards).

 In a somewhat ethically questionable move this capability was removed in version
 4.0 and replaced with an enterprise-only feature called teams.
--- a/graylog-groups.yml.example
+++ b/graylog-groups.yml.example
@ -74,12 +74,12 @@ mapping:
    # Privileges on various Graylog objects. This is a list of records.
    privileges:

-      # Each privilege record includes a type of object (either "dashboard" or
-      # "stream"), an identifier (which is generated by Graylog, and must be
-      # extracted from the pages' URLs or from the API) and a level, which may
-      # be either "read" or "write", the latter implying the former. Should an
-      # user be a member of groups that grant both privilege levels, the highest
-      # level will be kept.
+      # Each privilege record includes a type of object ("dashboard", "search"
+      # or "stream"), an identifier (which is generated by Graylog, and must
+      # be extracted from the pages' URLs or from the API) and a level, which
+      # may be either "read" or "write", the latter implying the former. Should
+      # an user be a member of groups that grant both privilege levels, the
+      # highest level will be kept.
      - type: dashboard
        id: 12345
        level: read
--- a/graylog.go
+++ b/graylog.go
@ -46,6 +46,7 @@ var (
 	// Graylog items on which privileges may be set
 	graylogItems = map[string]bool{
 		"dashboard": true,
+		"search":    true,
 		"stream":    true,
 	}

@ -53,6 +54,8 @@ var (
 	graylogPriv = map[string][]string{
 		"dashboard:read":  {"dashboards:read:%s", "view:read:%s"},
 		"dashboard:write": {"dashboards:read:%s", "dashboards:edit:%s", "view:read:%s", "view:edit:%s"},
+		"search:read":     {"view:read:%s"},
+		"search:write":    {"view:read:%s", "view:edit:%s"},
 		"stream:read":     {"streams:read:%s"},
 		"stream:write":    {"streams:read:%s", "streams:edit:%s", "streams:changestate:%s"},
 	}