IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-16 18:34:52 -06:00
Code Issues Packages Projects Releases Wiki Activity
4f987a4a5d
grafana/public/app/core/services/context_srv.ts

289 lines
8.0 KiB
TypeScript
Raw Normal View History

Performance: Standardize lodash imports to use destructured members (#33040) * Performance: Standardize lodash imports to use destructured members Changes lodash imports of the form `import x from 'lodash/x'` to `import { x } from 'lodash'` to reduce bundle size. * Remove unnecessary _ import from Graph component * Enforce lodash import style * Fix remaining lodash imports
2021-04-21 02:38:00 -05:00
import { extend } from 'lodash';
Chore: ESlint import order (#44959) * Add and configure eslint-plugin-import * Fix the lint:ts npm command * Autofix + prettier all the files * Manually fix remaining files * Move jquery code in jest-setup to external file to safely reorder imports * Resolve issue caused by circular dependencies within Prometheus * Update .betterer.results * Fix missing // @ts-ignore * ignore iconBundle.ts * Fix missing // @ts-ignore
2022-04-22 08:33:13 -05:00
Chore: Pass signed `user_hash` to Intercom via Rudderstack (#63921) * move analytics identifiers to backend * implement hash function * grab secret from env * expose and retrieve intercom secret from config * concat email with appUrl to ensure uniqueness * revert to just using email * Revert "revert to just using email" This reverts commit 8f10f9b1bcb6da80c8002cd8e402217cf455634b. * add docstring
2023-03-03 08:39:53 -06:00
import { AnalyticsSettings, OrgRole, rangeUtil, WithAccessControlMetadata } from '@grafana/data';
AccessControl: Add endpoint to get user permissions (#45309) * AccessControl: Add endpoint to get user permissions Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com> * Fix SA tests * Linter is wrong :p * Wait I was wrong * Adding the route for teams:creator too Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
2022-02-11 10:40:43 -06:00
import { featureEnabled, getBackendSrv } from '@grafana/runtime';
Chore: ESlint import order (#44959) * Add and configure eslint-plugin-import * Fix the lint:ts npm command * Autofix + prettier all the files * Manually fix remaining files * Move jquery code in jest-setup to external file to safely reorder imports * Resolve issue caused by circular dependencies within Prometheus * Update .betterer.results * Fix missing // @ts-ignore * ignore iconBundle.ts * Fix missing // @ts-ignore
2022-04-22 08:33:13 -05:00
import { AccessControlAction, UserPermission } from 'app/types';
Chore: Add type info for grafana boot data (#45322) Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
2022-03-30 04:48:58 -05:00
import { CurrentUserInternal } from 'app/types/config';
Chore: ESlint import order (#44959) * Add and configure eslint-plugin-import * Fix the lint:ts npm command * Autofix + prettier all the files * Manually fix remaining files * Move jquery code in jest-setup to external file to safely reorder imports * Resolve issue caused by circular dependencies within Prometheus * Update .betterer.results * Fix missing // @ts-ignore * ignore iconBundle.ts * Fix missing // @ts-ignore
2022-04-22 08:33:13 -05:00
import config from '../../core/config';
feat(prefs): moved context srv to typescript
2016-04-03 07:27:35 -05:00
Preferences: Add theme preference to match system theme (#61986) * user essentials mob! :trident: lastFile:pkg/api/preferences.go * user essentials mob! :trident: * user essentials mob! :trident: lastFile:packages/grafana-data/src/types/config.ts * user essentials mob! :trident: lastFile:public/app/core/services/echo/utils.test.ts * user essentials mob! :trident: * user essentials mob! :trident: lastFile:public/views/index-template.html * user essentials mob! :trident: * Restore currentUser.lightTheme for backwards compat * fix types * Apply suggestions from code review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * cleanup * cleanup --------- Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com> Co-authored-by: Joao Silva <joao.silva@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2023-01-30 03:51:51 -06:00
export class User implements Omit<CurrentUserInternal, 'lightTheme'> {
Chore: Add type info for grafana boot data (#45322) Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
2022-03-30 04:48:58 -05:00
isSignedIn: boolean;
teams: remov permission select for non admin users
2019-03-12 07:46:52 -05:00
id: number;
Echo: mechanism for collecting custom events lazily (#20365) * Introduce Echo for collecting frontend metrics * Update public/app/core/services/echo/Echo.ts Co-Authored-By: Peter Holmberg <peterholmberg@users.noreply.github.com> * Custom meta when adding event * Rename consumer to backend * Remove buffer from Echo * Minor tweaks * Update package.json * Update public/app/app.ts * Update public/app/app.ts * Collect paint metrics when collecting tti. Remove echoBackendFactory * Update yarn.lock * Move Echo interfaces to runtime * progress on meta and echo * Collect meta analytics events * Move MetaanalyticsBackend to enterprise repo * Fixed unit tests * Removed unused type from test * Fixed issues with chunk loading (reverted index-template changes) * Restored changes * Fixed webpack prod
2019-12-05 01:30:39 -06:00
login: string;
Chore: Add type info for grafana boot data (#45322) Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
2022-03-30 04:48:58 -05:00
email: string;
name: string;
Analytics: Identify users to Rudderstack by externalUserId where available (#47325) * wip * tests * move util, fix test * fixes * Update public/app/core/services/echo/utils.ts Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com>
2022-04-05 10:41:22 -05:00
externalUserId: string;
Preferences: Add theme preference to match system theme (#61986) * user essentials mob! :trident: lastFile:pkg/api/preferences.go * user essentials mob! :trident: * user essentials mob! :trident: lastFile:packages/grafana-data/src/types/config.ts * user essentials mob! :trident: lastFile:public/app/core/services/echo/utils.test.ts * user essentials mob! :trident: * user essentials mob! :trident: lastFile:public/views/index-template.html * user essentials mob! :trident: * Restore currentUser.lightTheme for backwards compat * fix types * Apply suggestions from code review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * cleanup * cleanup --------- Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com> Co-authored-by: Joao Silva <joao.silva@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2023-01-30 03:51:51 -06:00
theme: string;
Reactify sidebar (#13091) * created react component and moved markdown * extracting components * Broke out parts into components * tests * Flattened file structure * Tests * made instances typed in test * typing * function instead of variable * updated user model with missing properties * added full set of properties to user mock * redone from variable to function * refactor: minor refactorings of #13091 * removed logging
2018-09-04 10:24:08 -05:00
orgCount: number;
Chore: Add type info for grafana boot data (#45322) Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
2022-03-30 04:48:58 -05:00
orgId: number;
orgName: string;
orgRole: OrgRole | '';
isGrafanaAdmin: boolean;
gravatarUrl: string;
feat(templating): progress on variable system refactoring, #6048
2016-09-19 04:34:08 -05:00
timezone: string;
Chore: Add type info for grafana boot data (#45322) Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
2022-03-30 04:48:58 -05:00
weekStart: string;
locale: string;
Internationalization: Change locale preference to language (#58359) * backend locale -> language * frontend locale -> language * sample.ini and tests * fix few last locale -> language * fix few last locale -> language
2022-11-22 06:18:34 -06:00
language: string;
ux(getting started): progress on getting started panel and persited help flag states, #6466
2016-11-09 03:41:39 -06:00
helpFlags1: number;
dashboard: show save as button if can edit and has edit permission to folders
2018-04-30 08:38:46 -05:00
hasEditPermissionInFolders: boolean;
Access control: expose permissions to the frontend (#32954) * Expose user permissions to the frontend * Do not include empty scope * Extend ContextSrv with hasPermission() method * Add access control types * Fix type error (make permissions optional) * Fallback if access control disabled * Move UserPermission to types * Simplify hasPermission()
2021-04-16 08:02:16 -05:00
permissions?: UserPermission;
Chore: Pass signed `user_hash` to Intercom via Rudderstack (#63921) * move analytics identifiers to backend * implement hash function * grab secret from env * expose and retrieve intercom secret from config * concat email with appUrl to ensure uniqueness * revert to just using email * Revert "revert to just using email" This reverts commit 8f10f9b1bcb6da80c8002cd8e402217cf455634b. * add docstring
2023-03-03 08:39:53 -06:00
analytics: AnalyticsSettings;
Chore: Add type info for grafana boot data (#45322) Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
2022-03-30 04:48:58 -05:00
fiscalYearStartMonth: number;
feat(prefs): moved context srv to typescript
2016-04-03 07:27:35 -05:00
constructor() {
Chore: Reduces strict errors (#33012) * Chore: reduces strict error in OptionPicker tests * Chore: reduces strict errors in FormDropdownCtrl * Chore: reduces has no initializer and is not definitely assigned in the constructor errors * Chore: reduces has no initializer and is not definitely assigned in the constructor errors * Chore: lowers strict count limit * Tests: updates snapshots * Tests: updates snapshots * Chore: updates after PR comments * Refactor: removes throw and changes signature for DashboardSrv.getCurrent
2021-04-15 07:21:06 -05:00
this.id = 0;
this.isGrafanaAdmin = false;
this.isSignedIn = false;
this.orgRole = '';
this.orgId = 0;
this.orgName = '';
this.login = '';
Analytics: Identify users to Rudderstack by externalUserId where available (#47325) * wip * tests * move util, fix test * fixes * Update public/app/core/services/echo/utils.ts Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com>
2022-04-05 10:41:22 -05:00
this.externalUserId = '';
Chore: Reduces strict errors (#33012) * Chore: reduces strict error in OptionPicker tests * Chore: reduces strict errors in FormDropdownCtrl * Chore: reduces has no initializer and is not definitely assigned in the constructor errors * Chore: reduces has no initializer and is not definitely assigned in the constructor errors * Chore: lowers strict count limit * Tests: updates snapshots * Tests: updates snapshots * Chore: updates after PR comments * Refactor: removes throw and changes signature for DashboardSrv.getCurrent
2021-04-15 07:21:06 -05:00
this.orgCount = 0;
this.timezone = '';
Add fiscal years and search to time picker (#39073) * Add search to time picker * implement fiscal datemath Co-authored-by: Dominik Prokop <dominik.prokop@grafana.com>
2021-09-30 02:40:02 -05:00
this.fiscalYearStartMonth = 0;
Chore: Reduces strict errors (#33012) * Chore: reduces strict error in OptionPicker tests * Chore: reduces strict errors in FormDropdownCtrl * Chore: reduces has no initializer and is not definitely assigned in the constructor errors * Chore: reduces has no initializer and is not definitely assigned in the constructor errors * Chore: lowers strict count limit * Tests: updates snapshots * Tests: updates snapshots * Chore: updates after PR comments * Refactor: removes throw and changes signature for DashboardSrv.getCurrent
2021-04-15 07:21:06 -05:00
this.helpFlags1 = 0;
Preferences: Add theme preference to match system theme (#61986) * user essentials mob! :trident: lastFile:pkg/api/preferences.go * user essentials mob! :trident: * user essentials mob! :trident: lastFile:packages/grafana-data/src/types/config.ts * user essentials mob! :trident: lastFile:public/app/core/services/echo/utils.test.ts * user essentials mob! :trident: * user essentials mob! :trident: lastFile:public/views/index-template.html * user essentials mob! :trident: * Restore currentUser.lightTheme for backwards compat * fix types * Apply suggestions from code review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * cleanup * cleanup --------- Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com> Co-authored-by: Joao Silva <joao.silva@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2023-01-30 03:51:51 -06:00
this.theme = 'dark';
Chore: Reduces strict errors (#33012) * Chore: reduces strict error in OptionPicker tests * Chore: reduces strict errors in FormDropdownCtrl * Chore: reduces has no initializer and is not definitely assigned in the constructor errors * Chore: reduces has no initializer and is not definitely assigned in the constructor errors * Chore: lowers strict count limit * Tests: updates snapshots * Tests: updates snapshots * Chore: updates after PR comments * Refactor: removes throw and changes signature for DashboardSrv.getCurrent
2021-04-15 07:21:06 -05:00
this.hasEditPermissionInFolders = false;
Chore: Add type info for grafana boot data (#45322) Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
2022-03-30 04:48:58 -05:00
this.email = '';
this.name = '';
this.locale = '';
Internationalization: Change locale preference to language (#58359) * backend locale -> language * frontend locale -> language * sample.ini and tests * fix few last locale -> language * fix few last locale -> language
2022-11-22 06:18:34 -06:00
this.language = '';
Chore: Add type info for grafana boot data (#45322) Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
2022-03-30 04:48:58 -05:00
this.weekStart = '';
this.gravatarUrl = '';
Chore: Pass signed `user_hash` to Intercom via Rudderstack (#63921) * move analytics identifiers to backend * implement hash function * grab secret from env * expose and retrieve intercom secret from config * concat email with appUrl to ensure uniqueness * revert to just using email * Revert "revert to just using email" This reverts commit 8f10f9b1bcb6da80c8002cd8e402217cf455634b. * add docstring
2023-03-03 08:39:53 -06:00
this.analytics = {
identifier: '',
};
Chore: Add type info for grafana boot data (#45322) Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
2022-03-30 04:48:58 -05:00
feat(prefs): moved context srv to typescript
2016-04-03 07:27:35 -05:00
if (config.bootData.user) {
Performance: Standardize lodash imports to use destructured members (#33040) * Performance: Standardize lodash imports to use destructured members Changes lodash imports of the form `import x from 'lodash/x'` to `import { x } from 'lodash'` to reduce bundle size. * Remove unnecessary _ import from Graph component * Enforce lodash import style * Fix remaining lodash imports
2021-04-21 02:38:00 -05:00
extend(this, config.bootData.user);
feat(prefs): moved context srv to typescript
2016-04-03 07:27:35 -05:00
}
}
}
export class ContextSrv {
pinned: any;
version: any;
user: User;
Chore: more any/type assertion improvements (#57450) * more friday any/type assertion improvements * Apply suggestions from code review Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com> * Update public/app/angular/promiseToDigest.test.ts Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com> Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com>
2022-10-25 04:04:35 -05:00
isSignedIn: boolean;
isGrafanaAdmin: boolean;
isEditor: boolean;
sidemenu: responsive sidemenu view for smallest breakpoint For the smallest breakpoint, expands the sidemenu to be width 100% and to be toggled on or off rather than visible all the time.
2017-12-04 05:37:00 -06:00
sidemenuSmallBreakpoint = false;
dashboard: show save as button if can edit and has edit permission to folders
2018-04-30 08:38:46 -05:00
hasEditPermissionInFolders: boolean;
Dashboard: Adds support for a global minimum dashboard refresh interval (#19416) This feature would provide a way for administrators to limit the minimum dashboard refresh interval globally. Filters out the refresh intervals available in the time picker that are lower than the set minimum refresh interval in the configuration .ini file Adds the minimum refresh interval as available in the time picker. If the user tries to enter a refresh interval that is lower than the minimum in the URL, defaults to the minimum interval. When trying to update the JSON via the API, rejects the update if the dashboard's refresh interval is lower than the minimum. When trying to update a dashboard via provisioning having a lower refresh interval than the minimum, defaults to the minimum interval and logs a warning. Fixes #3356 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-02-28 07:32:01 -06:00
minRefreshInterval: string;
feat(prefs): moved context srv to typescript
2016-04-03 07:27:35 -05:00
Auth: Add feature flag to move token rotation to client (#65060) * FeatureToggle: Add toggle to use a new way of rotating tokens * API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd * Auth: Aling not authorized handling between auth middleware and access control middleware * API: add utility function to get redirect for login * API: Handle token rotation redirect for login page * Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request * ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * Cookies: Add option NotHttpOnly * AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated * AuthN: Add function to delete session cookie and set expiry cookie Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-03-23 08:39:04 -05:00
private tokenRotationJobId = 0;
feat(prefs): moved context srv to typescript
2016-04-03 07:27:35 -05:00
constructor() {
fix(): fixed failing unit test
2016-04-03 09:12:43 -05:00
if (!config.bootData) {
Navigation: share logic between `buildBreadcrumbs` and `usePageTitle` (#58819) * simplify usePageTitle logic a bit * use buildBreadcrumbs logic in usePageTitle * always add home item to navTree, fix some tests * fix remaining unit tests
2022-11-22 10:48:07 -06:00
config.bootData = { user: {}, settings: {}, navTree: [] } as any;
fix(): fixed failing unit test
2016-04-03 09:12:43 -05:00
}
feat(prefs): moved context srv to typescript
2016-04-03 07:27:35 -05:00
this.user = new User();
this.isSignedIn = this.user.isSignedIn;
this.isGrafanaAdmin = this.user.isGrafanaAdmin;
prettier: change to single quoting
2017-12-20 05:33:33 -06:00
this.isEditor = this.hasRole('Editor') || this.hasRole('Admin');
dashboard: show save as button if can edit and has edit permission to folders
2018-04-30 08:38:46 -05:00
this.hasEditPermissionInFolders = this.user.hasEditPermissionInFolders;
Dashboard: Adds support for a global minimum dashboard refresh interval (#19416) This feature would provide a way for administrators to limit the minimum dashboard refresh interval globally. Filters out the refresh intervals available in the time picker that are lower than the set minimum refresh interval in the configuration .ini file Adds the minimum refresh interval as available in the time picker. If the user tries to enter a refresh interval that is lower than the minimum in the URL, defaults to the minimum interval. When trying to update the JSON via the API, rejects the update if the dashboard's refresh interval is lower than the minimum. When trying to update a dashboard via provisioning having a lower refresh interval than the minimum, defaults to the minimum interval and logs a warning. Fixes #3356 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-02-28 07:32:01 -06:00
this.minRefreshInterval = config.minRefreshInterval;
Auth: Add feature flag to move token rotation to client (#65060) * FeatureToggle: Add toggle to use a new way of rotating tokens * API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd * Auth: Aling not authorized handling between auth middleware and access control middleware * API: add utility function to get redirect for login * API: Handle token rotation redirect for login page * Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request * ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * Cookies: Add option NotHttpOnly * AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated * AuthN: Add function to delete session cookie and set expiry cookie Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-03-23 08:39:04 -05:00
if (this.isSignedIn) {
this.scheduleTokenRotationJob();
}
feat(prefs): moved context srv to typescript
2016-04-03 07:27:35 -05:00
}
AccessControl: Add endpoint to get user permissions (#45309) * AccessControl: Add endpoint to get user permissions Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com> * Fix SA tests * Linter is wrong :p * Wait I was wrong * Adding the route for teams:creator too Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
2022-02-11 10:40:43 -06:00
async fetchUserPermissions() {
try {
if (this.accessControlEnabled()) {
RBAC: Allow listing user permissions with scope (#57538) * RBAC: Allow listing user permissions with scope * Add docs * Document the api endpoint * Update docs Co-authored-by: Garrett Guillotte <100453168+gguillotte-grafana@users.noreply.github.com> * Split endpoint in two * document reloadcache * Update docs/sources/developers/http_api/access_control.md * Fix test * Ieva's nit. * Simplify flag description Co-authored-by: Garrett Guillotte <100453168+gguillotte-grafana@users.noreply.github.com>
2022-11-02 04:48:11 -05:00
this.user.permissions = await getBackendSrv().get('/api/access-control/user/actions', {
AccessControl: Add endpoint to get user permissions (#45309) * AccessControl: Add endpoint to get user permissions Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com> * Fix SA tests * Linter is wrong :p * Wait I was wrong * Adding the route for teams:creator too Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
2022-02-11 10:40:43 -06:00
reloadcache: true,
});
}
} catch (e) {
console.error(e);
}
}
Dashboard: Ignore changes to dashboard when the user session expires (#30897) When the user session expires, and the 401 triggers a page reload to get the user to the login page, ChangeTracker will interfer. By setting the user as logged out in the context when the session is timed out, we can ignore the changes in ChangeTracker.
2021-02-04 08:29:38 -06:00
/**
* Indicate the user has been logged out
*/
setLoggedOut() {
Auth: Add feature flag to move token rotation to client (#65060) * FeatureToggle: Add toggle to use a new way of rotating tokens * API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd * Auth: Aling not authorized handling between auth middleware and access control middleware * API: add utility function to get redirect for login * API: Handle token rotation redirect for login page * Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request * ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * Cookies: Add option NotHttpOnly * AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated * AuthN: Add function to delete session cookie and set expiry cookie Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-03-23 08:39:04 -05:00
this.cancelTokenRotationJob();
Dashboard: Ignore changes to dashboard when the user session expires (#30897) When the user session expires, and the 401 triggers a page reload to get the user to the login page, ChangeTracker will interfer. By setting the user as logged out in the context when the session is timed out, we can ignore the changes in ChangeTracker.
2021-02-04 08:29:38 -06:00
this.user.isSignedIn = false;
this.isSignedIn = false;
Auth: Add feature flag to move token rotation to client (#65060) * FeatureToggle: Add toggle to use a new way of rotating tokens * API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd * Auth: Aling not authorized handling between auth middleware and access control middleware * API: add utility function to get redirect for login * API: Handle token rotation redirect for login page * Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request * ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * Cookies: Add option NotHttpOnly * AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated * AuthN: Add function to delete session cookie and set expiry cookie Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-03-23 08:39:04 -05:00
window.location.reload();
Dashboard: Ignore changes to dashboard when the user session expires (#30897) When the user session expires, and the 401 triggers a page reload to get the user to the login page, ChangeTracker will interfer. By setting the user as logged out in the context when the session is timed out, we can ignore the changes in ChangeTracker.
2021-02-04 08:29:38 -06:00
}
Chore: Fixed no implicit any Typescript errors (#16799)
2019-04-28 02:58:12 -05:00
hasRole(role: string) {
Allow non-FGAC fallback to server admin role (#42175)
2021-11-30 17:26:05 -06:00
if (role === 'ServerAdmin') {
return this.isGrafanaAdmin;
} else {
return this.user.orgRole === role;
}
feat(prefs): moved context srv to typescript
2016-04-03 07:27:35 -05:00
}
Add new role picker to admin/users page (#40631) * Very simple role picker * Style radio button * Separate component for the built-in roles selector * Custom component instead of Select * refactor * Custom input for role picker * Refactor * Able to select built-in role * Add checkboxes for role selector * Filter out fixed and internal roles * Add action buttons * Implement role search * Fix selecting roles * Pass custom roles to update * User role picker * Some UX work on role picker * Clear search query on close * Blur input when closed * Add roles counter * Refactor * Add disabled state for picker * Adjust disabled styles * Replace ChangeOrgButton with role picker on admin/users page * Remove unused code * Apply suggestions from code review Suggestions from the @Clarity-89 Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Refactor: fix some errors after applying review suggestions * Show fixed roles in the picker * Show applied fixed roles * Fix role counter * Fix checkbox selection * Use specific Role type for menu options * Fix menu when roles list is empty * Fix radio button name * Make fixed roles from built-in role disabled * Make whole menu scrollable * Add BuiltInRole type * Simplify appliedRoles * Simplify options and props * Do not select and disable inherited fixed roles * Enable selecting fixed role * Add description tooltip * Fix role param name * Export common input styles from grafana/ui * Add ValueContainer * Use value container * Refactor appliedRoles logic * Optimise role rendering * Display selected roles * Fix tooltip position * Use OrgRole type * Optimise role rendering * Use radio button from grafana UI * Submenu WIP * Role picker submenu WIP * Hide role description * Tweak styles * Implement submenu selection * Disable role selection if it's inherited * Show new role picker only in Enterprise * Fix types * Use orgid when fetching/updating roles * Use orgId in all access control requests * Styles for partially checked checkbox * Tweak group option styles * Role picker menu: refactor * Reorganize roles in menu * Fix input behaviour * Hide groups on search * Remove unused components * Refactor * Fix group selection * Remove icons from role tags * Add spacing for menu sections * Rename clear all to clear in submenu * Tweak menu width * Show changes in the input when selecting roles * Exclude inherited roles from selection * Increase menu height * Change built-in role in input on select * Include inherited roles to the built-in role selection * refcator import * Refactor role picker to be able to pass roles and builtin roles getters * Add role picker to the org users page * Show inherited builtin roles in the popup * Filter out managed roles * Fix displaying initial builtin roles * Show tooltip only for non-builtin roles * Set min width for focused input * Do not disable inherited roles (by design) * Only show picker if access control enabled * Fix tests * Only close menu on click outside or on indicator click * Open submenu on hover * Don't search on empty query * Do not open/close menu on click * Refactor * Apply suggestions from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Fix formatting * Apply suggestions * Add more space for close menu sign * Tune tooltip styles * Move tooltip to the right side of option * Use info sign instead of question Co-authored-by: Clarity-89 <homes89@ukr.net> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
2021-11-17 09:22:40 -06:00
accessControlEnabled(): boolean {
AccessControl: Enable RBAC by default (#48813) * Add RBAC section to settings * Default to RBAC enabled settings to true * Update tests to respect RBAC Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2022-05-16 05:45:41 -05:00
return config.rbacEnabled;
AccessControl: introduce a different accesscontrol check (licensed or not) (#44777) Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
2022-02-03 09:27:53 -06:00
}
licensedAccessControlEnabled(): boolean {
AccessControl: Enable RBAC by default (#48813) * Add RBAC section to settings * Default to RBAC enabled settings to true * Update tests to respect RBAC Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2022-05-16 05:45:41 -05:00
return featureEnabled('accesscontrol') && config.rbacEnabled;
Add new role picker to admin/users page (#40631) * Very simple role picker * Style radio button * Separate component for the built-in roles selector * Custom component instead of Select * refactor * Custom input for role picker * Refactor * Able to select built-in role * Add checkboxes for role selector * Filter out fixed and internal roles * Add action buttons * Implement role search * Fix selecting roles * Pass custom roles to update * User role picker * Some UX work on role picker * Clear search query on close * Blur input when closed * Add roles counter * Refactor * Add disabled state for picker * Adjust disabled styles * Replace ChangeOrgButton with role picker on admin/users page * Remove unused code * Apply suggestions from code review Suggestions from the @Clarity-89 Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Refactor: fix some errors after applying review suggestions * Show fixed roles in the picker * Show applied fixed roles * Fix role counter * Fix checkbox selection * Use specific Role type for menu options * Fix menu when roles list is empty * Fix radio button name * Make fixed roles from built-in role disabled * Make whole menu scrollable * Add BuiltInRole type * Simplify appliedRoles * Simplify options and props * Do not select and disable inherited fixed roles * Enable selecting fixed role * Add description tooltip * Fix role param name * Export common input styles from grafana/ui * Add ValueContainer * Use value container * Refactor appliedRoles logic * Optimise role rendering * Display selected roles * Fix tooltip position * Use OrgRole type * Optimise role rendering * Use radio button from grafana UI * Submenu WIP * Role picker submenu WIP * Hide role description * Tweak styles * Implement submenu selection * Disable role selection if it's inherited * Show new role picker only in Enterprise * Fix types * Use orgid when fetching/updating roles * Use orgId in all access control requests * Styles for partially checked checkbox * Tweak group option styles * Role picker menu: refactor * Reorganize roles in menu * Fix input behaviour * Hide groups on search * Remove unused components * Refactor * Fix group selection * Remove icons from role tags * Add spacing for menu sections * Rename clear all to clear in submenu * Tweak menu width * Show changes in the input when selecting roles * Exclude inherited roles from selection * Increase menu height * Change built-in role in input on select * Include inherited roles to the built-in role selection * refcator import * Refactor role picker to be able to pass roles and builtin roles getters * Add role picker to the org users page * Show inherited builtin roles in the popup * Filter out managed roles * Fix displaying initial builtin roles * Show tooltip only for non-builtin roles * Set min width for focused input * Do not disable inherited roles (by design) * Only show picker if access control enabled * Fix tests * Only close menu on click outside or on indicator click * Open submenu on hover * Don't search on empty query * Do not open/close menu on click * Refactor * Apply suggestions from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Fix formatting * Apply suggestions * Add more space for close menu sign * Tune tooltip styles * Move tooltip to the right side of option * Use info sign instead of question Co-authored-by: Clarity-89 <homes89@ukr.net> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
2021-11-17 09:22:40 -06:00
}
AccessControl: Add accesscontrol metadata to datasources DTOs (#42675) * AccessControl: Provide scope to frontend * Covering datasources with accesscontrol metadata * Write benchmark tests for GetResourcesMetadata * Add accesscontrol util and interface * Add the hasPermissionInMetadata function in the frontend access control code * Use IsDisabled rather that performing a feature toggle check Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2021-12-15 05:08:15 -06:00
// Checks whether user has required permission
hasPermissionInMetadata(action: AccessControlAction | string, object: WithAccessControlMetadata): boolean {
// Fallback if access control disabled
AccessControl: introduce a different accesscontrol check (licensed or not) (#44777) Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
2022-02-03 09:27:53 -06:00
if (!this.accessControlEnabled()) {
AccessControl: Add accesscontrol metadata to datasources DTOs (#42675) * AccessControl: Provide scope to frontend * Covering datasources with accesscontrol metadata * Write benchmark tests for GetResourcesMetadata * Add accesscontrol util and interface * Add the hasPermissionInMetadata function in the frontend access control code * Use IsDisabled rather that performing a feature toggle check Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2021-12-15 05:08:15 -06:00
return true;
}
return !!object.accessControl?.[action];
}
Access control: expose permissions to the frontend (#32954) * Expose user permissions to the frontend * Do not include empty scope * Extend ContextSrv with hasPermission() method * Add access control types * Fix type error (make permissions optional) * Fallback if access control disabled * Move UserPermission to types * Simplify hasPermission()
2021-04-16 08:02:16 -05:00
// Checks whether user has required permission
Access control: Move enterprise-specific access control actions (#33781) * Access control: add reporting permissions * Move enterprise-specific access control actions
2021-05-06 08:28:38 -05:00
hasPermission(action: AccessControlAction | string): boolean {
Access control: expose permissions to the frontend (#32954) * Expose user permissions to the frontend * Do not include empty scope * Extend ContextSrv with hasPermission() method * Add access control types * Fix type error (make permissions optional) * Fallback if access control disabled * Move UserPermission to types * Simplify hasPermission()
2021-04-16 08:02:16 -05:00
// Fallback if access control disabled
AccessControl: introduce a different accesscontrol check (licensed or not) (#44777) Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
2022-02-03 09:27:53 -06:00
if (!this.accessControlEnabled()) {
Access control: expose permissions to the frontend (#32954) * Expose user permissions to the frontend * Do not include empty scope * Extend ContextSrv with hasPermission() method * Add access control types * Fix type error (make permissions optional) * Fallback if access control disabled * Move UserPermission to types * Simplify hasPermission()
2021-04-16 08:02:16 -05:00
return true;
}
Access control: Make Admin/Users UI working with the permissions (#33176) * API: authorize admin/users views * Render admin/users components based on user's permissions * Add LDAP permissions (required by admin/user page) * Extend default admin role by LDAP permissions * Show/hide LDAP debug views * Render LDAP debug page if user has access * Authorize LDAP debug view * fix permissions definitions * Add LDAP page permissions * remove ambiguous permissions check * Hide logout buttons in sessions table * Add org/users permissions * Use org permissions for managing user roles in orgs * Apply permissions to org/users * Apply suggestions from review * Fix tests * remove scopes from the frontend * Tweaks according to review * Handle /invites endpoints
2021-04-22 05:19:41 -05:00
return !!this.user.permissions?.[action];
Access control: expose permissions to the frontend (#32954) * Expose user permissions to the frontend * Do not include empty scope * Extend ContextSrv with hasPermission() method * Add access control types * Fix type error (make permissions optional) * Fallback if access control disabled * Move UserPermission to types * Simplify hasPermission()
2021-04-16 08:02:16 -05:00
}
suppress refresh when user is inactive (#7219)
2017-01-11 12:46:34 -06:00
isGrafanaVisible() {
AccessControl: frontend changes for adding FGAC to licensing (#39484) * refactor licenseURL function to use context and export permission evaluation fction * remove provisioning file * refactor licenseURL to take in a bool to avoid circular dependencies * remove function for appending nav link, as it was only used once and move the function to create admin node * better argument names * create a function for permission checking * extend permission checking when displaying server stats * enable the use of enterprise access control actions when evaluating permissions * import ordering * move licensing FGAC action definitions to models package to allow access from oss * move evaluatePermissions for routes to context serve * change permission evaluator to take in more permissions * move licensing FGAC actions again to appease wire * avoid index out of bounds issue in case no children are passed in when creating server admin node * simplify syntax for permission checking Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * update loading state for server stats * linting * more linting * fix test * fix a frontend test * update "licensing.reports:read" action naming * UI doesn't allow reading only licensing reports and not the rest of licensing info Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
2021-10-05 08:54:26 -05:00
return document.visibilityState === undefined || document.visibilityState === 'visible';
suppress refresh when user is inactive (#7219)
2017-01-11 12:46:34 -06:00
}
Dashboard: Adds support for a global minimum dashboard refresh interval (#19416) This feature would provide a way for administrators to limit the minimum dashboard refresh interval globally. Filters out the refresh intervals available in the time picker that are lower than the set minimum refresh interval in the configuration .ini file Adds the minimum refresh interval as available in the time picker. If the user tries to enter a refresh interval that is lower than the minimum in the URL, defaults to the minimum interval. When trying to update the JSON via the API, rejects the update if the dashboard's refresh interval is lower than the minimum. When trying to update a dashboard via provisioning having a lower refresh interval than the minimum, defaults to the minimum interval and logs a warning. Fixes #3356 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-02-28 07:32:01 -06:00
// checks whether the passed interval is longer than the configured minimum refresh rate
isAllowedInterval(interval: string) {
if (!config.minRefreshInterval) {
return true;
}
RangeUtils: migrate logic from kbn to grafana/data (#27347)
2020-09-03 01:54:06 -05:00
return rangeUtil.intervalToMs(interval) >= rangeUtil.intervalToMs(config.minRefreshInterval);
Dashboard: Adds support for a global minimum dashboard refresh interval (#19416) This feature would provide a way for administrators to limit the minimum dashboard refresh interval globally. Filters out the refresh intervals available in the time picker that are lower than the set minimum refresh interval in the configuration .ini file Adds the minimum refresh interval as available in the time picker. If the user tries to enter a refresh interval that is lower than the minimum in the URL, defaults to the minimum interval. When trying to update the JSON via the API, rejects the update if the dashboard's refresh interval is lower than the minimum. When trying to update a dashboard via provisioning having a lower refresh interval than the minimum, defaults to the minimum interval and logs a warning. Fixes #3356 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-02-28 07:32:01 -06:00
}
getValidInterval(interval: string) {
if (!this.isAllowedInterval(interval)) {
return config.minRefreshInterval;
}
return interval;
}
Added function hasAccessToExplore in ContextSrv and refactored tests
2019-01-21 03:50:34 -06:00
hasAccessToExplore() {
AccessControl: introduce a different accesscontrol check (licensed or not) (#44777) Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
2022-02-03 09:27:53 -06:00
if (this.accessControlEnabled()) {
Panel Menu: Use config explore enabled as an override to access control (#57225) * Use config explore as an override to access control * Change logic to need something explicitly false * Keep logic consistent
2022-10-19 15:21:40 -05:00
return this.hasPermission(AccessControlAction.DataSourcesExplore) && config.exploreEnabled;
Access Control: Add fine-grained access control to explore (#35883) * add fixed role for datasource read operations * Add action for datasource explore * add authorize middleware to explore index route * add fgac support for explore navlink * update hasAccessToExplore to check if accesscontrol is enable and evalute action if it is * add getExploreRoles to evalute roles based onaccesscontrol, viewersCanEdit and default * create function to evaluate permissions or using fallback if accesscontrol is disabled * change hasAccess to prop and derive the value in mapStateToProps * add test case to ensure buttons is not rendered when user does not have access * Only hide return with changes button * remove internal links if user does not have access to explorer Co-authored-by: Ivana Huckova <30407135+ivanahuckova@users.noreply.github.com>
2021-07-02 07:43:12 -05:00
}
Added function hasAccessToExplore in ContextSrv and refactored tests
2019-01-21 03:50:34 -06:00
return (this.isEditor || config.viewersCanEdit) && config.exploreEnabled;
}
AccessControl: frontend changes for adding FGAC to licensing (#39484) * refactor licenseURL function to use context and export permission evaluation fction * remove provisioning file * refactor licenseURL to take in a bool to avoid circular dependencies * remove function for appending nav link, as it was only used once and move the function to create admin node * better argument names * create a function for permission checking * extend permission checking when displaying server stats * enable the use of enterprise access control actions when evaluating permissions * import ordering * move licensing FGAC action definitions to models package to allow access from oss * move evaluatePermissions for routes to context serve * change permission evaluator to take in more permissions * move licensing FGAC actions again to appease wire * avoid index out of bounds issue in case no children are passed in when creating server admin node * simplify syntax for permission checking Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * update loading state for server stats * linting * more linting * fix test * fix a frontend test * update "licensing.reports:read" action naming * UI doesn't allow reading only licensing reports and not the rest of licensing info Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
2021-10-05 08:54:26 -05:00
Access control: Allow organisation admins to add existing users to org (#51668) * check users with user add permission to access the invite endpoint * undo unneeded changes * tests and cleanup * linting * linting * betterer * betterer again * fix prettier issue Co-authored-by: jguer <joao.guerreiro@grafana.com>
2022-07-08 06:07:00 -05:00
hasAccess(action: string, fallBack: boolean): boolean {
AccessControl: introduce a different accesscontrol check (licensed or not) (#44777) Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
2022-02-03 09:27:53 -06:00
if (!this.accessControlEnabled()) {
AccessControl: frontend changes for adding FGAC to licensing (#39484) * refactor licenseURL function to use context and export permission evaluation fction * remove provisioning file * refactor licenseURL to take in a bool to avoid circular dependencies * remove function for appending nav link, as it was only used once and move the function to create admin node * better argument names * create a function for permission checking * extend permission checking when displaying server stats * enable the use of enterprise access control actions when evaluating permissions * import ordering * move licensing FGAC action definitions to models package to allow access from oss * move evaluatePermissions for routes to context serve * change permission evaluator to take in more permissions * move licensing FGAC actions again to appease wire * avoid index out of bounds issue in case no children are passed in when creating server admin node * simplify syntax for permission checking Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * update loading state for server stats * linting * more linting * fix test * fix a frontend test * update "licensing.reports:read" action naming * UI doesn't allow reading only licensing reports and not the rest of licensing info Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
2021-10-05 08:54:26 -05:00
return fallBack;
}
return this.hasPermission(action);
}
PluginDetails: Make plugin details page look good in topnav (#55571) * PluginDetails: Make plugin details page look good in topnav * Minor style tweak aligning things * minor refactoring where I moved the logic to decide the default tab into its own hook. * refactor(plugindetails): first pass at using navmodel for usePluginDetailsTabs hook * refactor(plugindetails): move "reset page when uninstalling plugin" to installcontrols this prevents a user from seeing a blank page if they uninstall an app plugin whilst viewing a config page * refactor(plugindetails): remove usage of toIconName and reduce nested if * Trying to fix tests * minor fix * test(plugindetails): update selectors causing failing tests * chore(plugindetails): remove commented out test code * test(plugindetails): clean up - remove unnecesary usage of waitFor Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com> Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
2022-09-26 08:04:07 -05:00
hasAccessInMetadata(action: string, object: WithAccessControlMetadata, fallBack: boolean): boolean {
Alerting: Use folders' RBAC permission to control rules actions (#51434) Co-authored-by: Gilles De Mey <gilles.de.mey@gmail.com>
2022-06-30 06:00:29 -05:00
if (!this.accessControlEnabled()) {
AccessControl: Change teams permissions page when accesscontrol is enabled (#43971) * AccessControl: Change teams permissions page when frontend is hit * Implement frontend changes for group sync * Changing the org/teams/edit permissions Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> * Fixing routes Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> * Use props straight away no need to go through the state Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Update public/app/features/teams/TeamPages.tsx Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
2022-02-03 10:49:39 -06:00
return fallBack;
}
return this.hasPermissionInMetadata(action, object);
}
AccessControl: frontend changes for adding FGAC to licensing (#39484) * refactor licenseURL function to use context and export permission evaluation fction * remove provisioning file * refactor licenseURL to take in a bool to avoid circular dependencies * remove function for appending nav link, as it was only used once and move the function to create admin node * better argument names * create a function for permission checking * extend permission checking when displaying server stats * enable the use of enterprise access control actions when evaluating permissions * import ordering * move licensing FGAC action definitions to models package to allow access from oss * move evaluatePermissions for routes to context serve * change permission evaluator to take in more permissions * move licensing FGAC actions again to appease wire * avoid index out of bounds issue in case no children are passed in when creating server admin node * simplify syntax for permission checking Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * update loading state for server stats * linting * more linting * fix test * fix a frontend test * update "licensing.reports:read" action naming * UI doesn't allow reading only licensing reports and not the rest of licensing info Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
2021-10-05 08:54:26 -05:00
// evaluates access control permissions, granting access if the user has any of them; uses fallback if access control is disabled
evaluatePermission(fallback: () => string[], actions: string[]) {
AccessControl: introduce a different accesscontrol check (licensed or not) (#44777) Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
2022-02-03 09:27:53 -06:00
if (!this.accessControlEnabled()) {
AccessControl: frontend changes for adding FGAC to licensing (#39484) * refactor licenseURL function to use context and export permission evaluation fction * remove provisioning file * refactor licenseURL to take in a bool to avoid circular dependencies * remove function for appending nav link, as it was only used once and move the function to create admin node * better argument names * create a function for permission checking * extend permission checking when displaying server stats * enable the use of enterprise access control actions when evaluating permissions * import ordering * move licensing FGAC action definitions to models package to allow access from oss * move evaluatePermissions for routes to context serve * change permission evaluator to take in more permissions * move licensing FGAC actions again to appease wire * avoid index out of bounds issue in case no children are passed in when creating server admin node * simplify syntax for permission checking Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * update loading state for server stats * linting * more linting * fix test * fix a frontend test * update "licensing.reports:read" action naming * UI doesn't allow reading only licensing reports and not the rest of licensing info Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
2021-10-05 08:54:26 -05:00
return fallback();
}
if (actions.some((action) => this.hasPermission(action))) {
return [];
}
// Hack to reject when user does not have permission
return ['Reject'];
}
Auth: Add feature flag to move token rotation to client (#65060) * FeatureToggle: Add toggle to use a new way of rotating tokens * API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd * Auth: Aling not authorized handling between auth middleware and access control middleware * API: add utility function to get redirect for login * API: Handle token rotation redirect for login page * Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request * ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * Cookies: Add option NotHttpOnly * AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated * AuthN: Add function to delete session cookie and set expiry cookie Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-03-23 08:39:04 -05:00
// schedules a job to perform token ration in the background
private scheduleTokenRotationJob() {
// only schedule job if feature toggle is enabled and user is signed in
if (config.featureToggles.clientTokenRotation && this.isSignedIn) {
// get the time token is going to expire
let expires = this.getSessionExpiry();
// if expires is 0 we run rotation now and reschedule the job
// this can happen if user was signed in before upgrade
// after a successful rotation the expiry cookie will be present
if (expires === 0) {
this.rotateToken().then();
return;
}
// because this job is scheduled for every tab we have open that shares a session we try
// to distribute the scheduling of the job. For now this can be between 1 and 20 seconds
const expiresWithDistribution = expires - Math.floor(Math.random() * (20 - 1) + 1);
// nextRun is when the job should be scheduled for
let nextRun = expiresWithDistribution * 1000 - Date.now();
// @ts-ignore
this.tokenRotationJobId = setTimeout(() => {
// if we have a new expiry time from the expiry cookie another tab have already performed the rotation
// so the only thing we need to do is reschedule the job and exit
if (this.getSessionExpiry() > expires) {
this.scheduleTokenRotationJob();
return;
}
this.rotateToken().then();
}, nextRun);
}
}
private cancelTokenRotationJob() {
if (config.featureToggles.clientTokenRotation && this.tokenRotationJobId > 0) {
clearTimeout(this.tokenRotationJobId);
}
}
private rotateToken() {
// We directly use fetch here to bypass the request queue from backendSvc
return fetch('/api/user/auth-tokens/rotate', { method: 'POST' })
.then((res) => {
if (res.status === 200) {
this.scheduleTokenRotationJob();
return;
}
if (res.status === 401) {
this.setLoggedOut();
return;
}
})
.catch((e) => {
console.error(e);
});
}
private getSessionExpiry() {
const expiryCookie = document.cookie.split('; ').find((row) => row.startsWith('grafana_session_expiry='));
if (!expiryCookie) {
return 0;
}
let expiresStr = expiryCookie.split('=').at(1);
if (!expiresStr) {
return 0;
}
return parseInt(expiresStr, 10);
}
feat(prefs): moved context srv to typescript
2016-04-03 07:27:35 -05:00
}
Dashboard: Unsaved changes warning shown for anyone that can save (#33145) * Dashboard: Unsaved changes warning shown for anyone that can save * Refactor: changes the order in function
2021-04-20 02:55:46 -05:00
let contextSrv = new ContextSrv();
tech: ran pretttier on all typescript files
2017-12-19 09:06:54 -06:00
export { contextSrv };
feat(prefs): moved context srv to typescript
2016-04-03 07:27:35 -05:00
Dashboard: Unsaved changes warning shown for anyone that can save (#33145) * Dashboard: Unsaved changes warning shown for anyone that can save * Refactor: changes the order in function
2021-04-20 02:55:46 -05:00
export const setContextSrv = (override: ContextSrv) => {
if (process.env.NODE_ENV !== 'test') {
Chore: Add type info for grafana boot data (#45322) Co-authored-by: Levente Balogh <balogh.levente.hu@gmail.com>
2022-03-30 04:48:58 -05:00
throw new Error('contextSrv can be only overridden in test environment');
Dashboard: Unsaved changes warning shown for anyone that can save (#33145) * Dashboard: Unsaved changes warning shown for anyone that can save * Refactor: changes the order in function
2021-04-20 02:55:46 -05:00
}
contextSrv = override;
};
Reference in New Issue Copy Permalink