grafana/pkg/plugins/accesscontrol.go

package plugins

import (
	ac "github.com/grafana/grafana/pkg/services/accesscontrol"
	"github.com/grafana/grafana/pkg/services/org"
)

const (
	ActionAppAccess = "plugins.app:access"
)

var (
	ScopeProvider = ac.NewScopeProvider("plugins")
)

func DeclareRBACRoles(service ac.Service) error {
	AppPluginsReader := ac.RoleRegistration{
		Role: ac.RoleDTO{
			Name:        ac.FixedRolePrefix + "plugins.app:reader",
			DisplayName: "Application Plugins Access",
			Description: "Access application plugins (still enforcing the organization role)",
			Group:       "Plugins",
			Permissions: []ac.Permission{
				{Action: ActionAppAccess, Scope: ScopeProvider.GetResourceAllScope()},
			},
		},
		Grants: []string{string(org.RoleViewer)},
	}
	return service.DeclareFixedRoles(AppPluginsReader)
}
RBAC: Allow app plugins access restriction (#51524) * RBAC: Allow app plugins restriction Co-authored-by: Kalle Persson <kalle.persson@grafana.com> * Fix tests * Imports * WIP * Adding RBAC to AppPluginsRoutes * Switching middleware order * Restrict access to resources * Nit * Cosmetic changes * Fix fallback * Moving declaration to HttpServer Co-Authored-By: marefr <marcus.efraimsson@gmail.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: marefr <marcus.efraimsson@gmail.com> 2022-07-08 06:24:09 -05:00			`package plugins`

			`import (`
			`ac "github.com/grafana/grafana/pkg/services/accesscontrol"`
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2 2022-08-10 04:56:48 -05:00			`"github.com/grafana/grafana/pkg/services/org"`
RBAC: Allow app plugins access restriction (#51524) * RBAC: Allow app plugins restriction Co-authored-by: Kalle Persson <kalle.persson@grafana.com> * Fix tests * Imports * WIP * Adding RBAC to AppPluginsRoutes * Switching middleware order * Restrict access to resources * Nit * Cosmetic changes * Fix fallback * Moving declaration to HttpServer Co-Authored-By: marefr <marcus.efraimsson@gmail.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: marefr <marcus.efraimsson@gmail.com> 2022-07-08 06:24:09 -05:00			`)`

			`const (`
			`ActionAppAccess = "plugins.app:access"`
			`)`

			`var (`
			`ScopeProvider = ac.NewScopeProvider("plugins")`
			`)`

RBAC: Remove DeclareFixedRoles wrapper on Access control and inject service (#54153) * RBAC: Remove DeclareFixedRoles wrapper on Access control and inject service when needed 2022-08-26 02:59:34 -05:00			`func DeclareRBACRoles(service ac.Service) error {`
RBAC: Allow app plugins access restriction (#51524) * RBAC: Allow app plugins restriction Co-authored-by: Kalle Persson <kalle.persson@grafana.com> * Fix tests * Imports * WIP * Adding RBAC to AppPluginsRoutes * Switching middleware order * Restrict access to resources * Nit * Cosmetic changes * Fix fallback * Moving declaration to HttpServer Co-Authored-By: marefr <marcus.efraimsson@gmail.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: marefr <marcus.efraimsson@gmail.com> 2022-07-08 06:24:09 -05:00			`AppPluginsReader := ac.RoleRegistration{`
			`Role: ac.RoleDTO{`
			`Name: ac.FixedRolePrefix + "plugins.app:reader",`
			`DisplayName: "Application Plugins Access",`
			`Description: "Access application plugins (still enforcing the organization role)",`
			`Group: "Plugins",`
			`Permissions: []ac.Permission{`
			`{Action: ActionAppAccess, Scope: ScopeProvider.GetResourceAllScope()},`
			`},`
			`},`
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2 2022-08-10 04:56:48 -05:00			`Grants: []string{string(org.RoleViewer)},`
RBAC: Allow app plugins access restriction (#51524) * RBAC: Allow app plugins restriction Co-authored-by: Kalle Persson <kalle.persson@grafana.com> * Fix tests * Imports * WIP * Adding RBAC to AppPluginsRoutes * Switching middleware order * Restrict access to resources * Nit * Cosmetic changes * Fix fallback * Moving declaration to HttpServer Co-Authored-By: marefr <marcus.efraimsson@gmail.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: marefr <marcus.efraimsson@gmail.com> 2022-07-08 06:24:09 -05:00			`}`
RBAC: Remove DeclareFixedRoles wrapper on Access control and inject service (#54153) * RBAC: Remove DeclareFixedRoles wrapper on Access control and inject service when needed 2022-08-26 02:59:34 -05:00			`return service.DeclareFixedRoles(AppPluginsReader)`
RBAC: Allow app plugins access restriction (#51524) * RBAC: Allow app plugins restriction Co-authored-by: Kalle Persson <kalle.persson@grafana.com> * Fix tests * Imports * WIP * Adding RBAC to AppPluginsRoutes * Switching middleware order * Restrict access to resources * Nit * Cosmetic changes * Fix fallback * Moving declaration to HttpServer Co-Authored-By: marefr <marcus.efraimsson@gmail.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: marefr <marcus.efraimsson@gmail.com> 2022-07-08 06:24:09 -05:00			`}`