IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
959ebf82da
grafana/pkg/services/accesscontrol/resourcepermissions/api.go

229 lines
8.0 KiB
Go
Raw Normal View History

Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
package resourcepermissions
import (
"fmt"
"net/http"
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
2022-01-14 10:55:57 -06:00
"strconv"
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
"github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/api/response"
"github.com/grafana/grafana/pkg/api/routing"
"github.com/grafana/grafana/pkg/services/accesscontrol"
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
"github.com/grafana/grafana/pkg/services/org"
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
"github.com/grafana/grafana/pkg/web"
)
type api struct {
ac accesscontrol.AccessControl
router routing.RouteRegister
service *Service
permissions []string
}
func newApi(ac accesscontrol.AccessControl, router routing.RouteRegister, manager *Service) *api {
permissions := make([]string, 0, len(manager.permissions))
// reverse the permissions order for display
for i := len(manager.permissions) - 1; i >= 0; i-- {
permissions = append(permissions, manager.permissions[i])
}
return &api{ac, router, manager, permissions}
}
func (a *api) registerEndpoints() {
Access Control: Move access control middlewares to domain package (#48322) * Move access control middleware to domain package
2022-04-28 03:46:18 -05:00
auth := accesscontrol.Middleware(a.ac)
DataSourcePermissions: Handle licensing properly for ds permissions (#59694) * RBAC: add viewer grand if dspermissions enforcement is not enabled * RBAC: Change permissions based on role prefix * RBAC: Add option to for permission service to add a license middleware * RBAC: Remove actions from query struct
2022-12-02 06:19:14 -06:00
licenseMW := a.service.options.LicenseMW
if licenseMW == nil {
licenseMW = nopMiddleware
}
Access Control: Remove unused option (#48317) * Remove unused option
2022-04-29 04:05:51 -05:00
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
a.router.Group(fmt.Sprintf("/api/access-control/%s", a.service.options.Resource), func(r routing.RouteRegister) {
Dashboard/Folder permission fix session (#47174) * Fix inherited scopes for dashboard to use folder uid * Add inherited evaluators * Slight modification of the commments * Add test for inheritance * Nit. * extract shared function from tests * Nit. Extra line * Remove unused comment Co-authored-by: Karl Persson <kalle.persson@grafana.com> Co-authored-by: gamab <gabi.mabs@gmail.com>
2022-04-05 07:28:23 -05:00
actionRead := fmt.Sprintf("%s.permissions:read", a.service.options.Resource)
actionWrite := fmt.Sprintf("%s.permissions:write", a.service.options.Resource)
Access Control: Support other attributes than id for resource permissions (#46727) * Add option to set ResourceAttribute for a permissions service * Use prefix in access control sql filter to parse scopes * Use prefix in access control metadata to check access
2022-03-21 11:58:18 -05:00
scope := accesscontrol.Scope(a.service.options.Resource, a.service.options.ResourceAttribute, accesscontrol.Parameter(":resourceID"))
RBAC: Remove legacy ac from authorization middleware (#68898) remove legacy AC fallback from RBAC middleware, and some unused auth logic
2023-05-24 03:49:42 -05:00
r.Get("/description", auth(accesscontrol.EvalPermission(actionRead)), routing.Wrap(a.getDescription))
r.Get("/:resourceID", auth(accesscontrol.EvalPermission(actionRead, scope)), routing.Wrap(a.getPermissions))
r.Post("/:resourceID", licenseMW, auth(accesscontrol.EvalPermission(actionWrite, scope)), routing.Wrap(a.setPermissions))
Revert "Service accounts: Add service account to teams" (#52710) * Revert "Service accounts: Add service account to teams (#51536)" This reverts commit 0f919671e79f5130f8d63a52361beef4b0ae3609. * remove unneeded line * fix test
2022-07-26 03:43:29 -05:00
if a.service.options.Assignments.Users {
RBAC: Remove legacy ac from authorization middleware (#68898) remove legacy AC fallback from RBAC middleware, and some unused auth logic
2023-05-24 03:49:42 -05:00
r.Post("/:resourceID/users/:userID", licenseMW, auth(accesscontrol.EvalPermission(actionWrite, scope)), routing.Wrap(a.setUserPermission))
AccessControl: Create own interface and impl for each permission service (#48871) * Create own interfaces for team, folder, dashboard and data source permissions services * Remove service container and inject them individually
2022-05-10 08:48:47 -05:00
}
if a.service.options.Assignments.Teams {
RBAC: Remove legacy ac from authorization middleware (#68898) remove legacy AC fallback from RBAC middleware, and some unused auth logic
2023-05-24 03:49:42 -05:00
r.Post("/:resourceID/teams/:teamID", licenseMW, auth(accesscontrol.EvalPermission(actionWrite, scope)), routing.Wrap(a.setTeamPermission))
AccessControl: Create own interface and impl for each permission service (#48871) * Create own interfaces for team, folder, dashboard and data source permissions services * Remove service container and inject them individually
2022-05-10 08:48:47 -05:00
}
if a.service.options.Assignments.BuiltInRoles {
RBAC: Remove legacy ac from authorization middleware (#68898) remove legacy AC fallback from RBAC middleware, and some unused auth logic
2023-05-24 03:49:42 -05:00
r.Post("/:resourceID/builtInRoles/:builtInRole", licenseMW, auth(accesscontrol.EvalPermission(actionWrite, scope)), routing.Wrap(a.setBuiltinRolePermission))
AccessControl: Create own interface and impl for each permission service (#48871) * Create own interfaces for team, folder, dashboard and data source permissions services * Remove service container and inject them individually
2022-05-10 08:48:47 -05:00
}
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
})
}
type Assignments struct {
Service Accounts: Enable adding folder, dashboard and data source permissions to service accounts (#76133) * Add SAs to Datasource permissions Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> * add SAs to dashboards/folders managed permissions * Update public/app/core/components/AccessControl/Permissions.tsx Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * regenerate i18n * add doc --------- Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
2023-10-06 10:48:13 -05:00
Users bool `json:"users"`
ServiceAccounts bool `json:"serviceAccounts"`
Teams bool `json:"teams"`
BuiltInRoles bool `json:"builtInRoles"`
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
}
type Description struct {
Assignments Assignments `json:"assignments"`
Permissions []string `json:"permissions"`
}
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
func (a *api) getDescription(c *contextmodel.ReqContext) response.Response {
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
return response.JSON(http.StatusOK, &Description{
Permissions: a.permissions,
Assignments: a.service.options.Assignments,
})
}
type resourcePermissionDTO struct {
Service Accounts: Enable adding folder, dashboard and data source permissions to service accounts (#76133) * Add SAs to Datasource permissions Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> * add SAs to dashboards/folders managed permissions * Update public/app/core/components/AccessControl/Permissions.tsx Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * regenerate i18n * add doc --------- Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
2023-10-06 10:48:13 -05:00
ID int64 `json:"id"`
RoleName string `json:"roleName"`
IsManaged bool `json:"isManaged"`
IsInherited bool `json:"isInherited"`
IsServiceAccount bool `json:"isServiceAccount"`
UserID int64 `json:"userId,omitempty"`
UserLogin string `json:"userLogin,omitempty"`
UserAvatarUrl string `json:"userAvatarUrl,omitempty"`
Team string `json:"team,omitempty"`
TeamID int64 `json:"teamId,omitempty"`
TeamAvatarUrl string `json:"teamAvatarUrl,omitempty"`
BuiltInRole string `json:"builtInRole,omitempty"`
Actions []string `json:"actions"`
Permission string `json:"permission"`
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
}
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
func (a *api) getPermissions(c *contextmodel.ReqContext) response.Response {
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
resourceID := web.Params(c.Req)[":resourceID"]
Access control: Filter users and teams by read permissions (#45968) * pass signed in user and filter based on permissions
2022-03-01 03:58:41 -06:00
permissions, err := a.service.GetPermissions(c.Req.Context(), c.SignedInUser, resourceID)
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
if err != nil {
return response.Error(http.StatusInternalServerError, "failed to get permissions", err)
}
Access control: Always append all permissions to role admin in oss (#46282) * Always append all permissions to built in role admin in oss
2022-03-07 06:28:39 -06:00
AccessControl: Replace IsEnterprise checks with license checks (#49572)
2022-05-25 13:40:41 -05:00
if a.service.options.Assignments.BuiltInRoles && !a.service.license.FeatureEnabled("accesscontrol.enforcement") {
Access control: Always append all permissions to role admin in oss (#46282) * Always append all permissions to built in role admin in oss
2022-03-07 06:28:39 -06:00
permissions = append(permissions, accesscontrol.ResourcePermission{
Actions: a.service.actions,
Scope: "*",
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
BuiltInRole: string(org.RoleAdmin),
Access control: Always append all permissions to role admin in oss (#46282) * Always append all permissions to built in role admin in oss
2022-03-07 06:28:39 -06:00
})
}
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
dto := make([]resourcePermissionDTO, 0, len(permissions))
for _, p := range permissions {
Access control: Use access control for dashboard and folder (#44702) * Add actions and scopes * add resource service for dashboard and folder * Add dashboard guardian with fgac permission evaluation * Add CanDelete function to guardian interface * Add CanDelete property to folder and dashboard dto and set values * change to correct function name * Add accesscontrol to folder endpoints * add access control to dashboard endpoints * check access for nav links * Add fixed roles for dashboard and folders * use correct package * add hack to override guardian Constructor if accesscontrol is enabled * Add services * Add function to handle api backward compatability * Add permissionServices to HttpServer * Set permission when new dashboard is created * Add default permission when creating new dashboard * Set default permission when creating folder and dashboard * Add access control filter for dashboard search * Add to accept list * Add accesscontrol to dashboardimport * Disable access control in tests * Add check to see if user is allow to create a dashboard * Use SetPermissions * Use function to set several permissions at once * remove permissions for folder and dashboard on delete * update required permission * set permission for provisioning * Add CanCreate to dashboard guardian and set correct permisisons for provisioning * Dont set admin on folder / dashboard creation * Add dashboard and folder permission migrations * Add tests for CanCreate * Add roles and update descriptions * Solve uid to id for dashboard and folder permissions * Add folder and dashboard actions to permission filter * Handle viewer_can_edit flag * set folder and dashboard permissions services * Add dashboard permissions when importing a new dashboard * Set access control permissions on provisioning * Pass feature flags and only set permissions if access control is enabled * only add default permissions for folders and dashboards without folders * Batch create permissions in migrations * Remove `dashboards:edit` action * Remove unused function from interface * Update pkg/services/guardian/accesscontrol_guardian_test.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-03-03 08:05:47 -06:00
if permission := a.service.MapActions(p); permission != "" {
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
teamAvatarUrl := ""
if p.TeamId != 0 {
teamAvatarUrl = dtos.GetGravatarUrlWithDefault(p.TeamEmail, p.Team)
}
dto = append(dto, resourcePermissionDTO{
Service Accounts: Enable adding folder, dashboard and data source permissions to service accounts (#76133) * Add SAs to Datasource permissions Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> * add SAs to dashboards/folders managed permissions * Update public/app/core/components/AccessControl/Permissions.tsx Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * regenerate i18n * add doc --------- Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
2023-10-06 10:48:13 -05:00
ID: p.ID,
RoleName: p.RoleName,
UserID: p.UserId,
UserLogin: p.UserLogin,
UserAvatarUrl: dtos.GetGravatarUrl(p.UserEmail),
Team: p.Team,
TeamID: p.TeamId,
TeamAvatarUrl: teamAvatarUrl,
BuiltInRole: p.BuiltInRole,
Actions: p.Actions,
Permission: permission,
IsManaged: p.IsManaged,
IsInherited: p.IsInherited,
IsServiceAccount: p.IsServiceAccount,
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
})
}
}
return response.JSON(http.StatusOK, dto)
}
type setPermissionCommand struct {
Permission string `json:"permission"`
}
add an endpoint for updating several managed permissions with one call (#57893)
2022-10-31 06:46:58 -05:00
type setPermissionsCommand struct {
Permissions []accesscontrol.SetResourcePermissionCommand `json:"permissions"`
}
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
func (a *api) setUserPermission(c *contextmodel.ReqContext) response.Response {
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
2022-01-14 10:55:57 -06:00
userID, err := strconv.ParseInt(web.Params(c.Req)[":userID"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "userID is invalid", err)
}
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
resourceID := web.Params(c.Req)[":resourceID"]
var cmd setPermissionCommand
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
Auth: Move access control API to SignedInUser interface (#73144) * move access control api to SignedInUser interface * remove unused code * add logic for reading perms from a specific org * move the specific org logic to org_user.go * add a comment --------- Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
2023-08-18 05:42:18 -05:00
_, err = a.service.SetUserPermission(c.Req.Context(), c.SignedInUser.GetOrgID(), accesscontrol.User{ID: userID}, resourceID, cmd.Permission)
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
if err != nil {
return response.Error(http.StatusBadRequest, "failed to set user permission", err)
}
return permissionSetResponse(cmd)
}
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
func (a *api) setTeamPermission(c *contextmodel.ReqContext) response.Response {
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
2022-01-14 10:55:57 -06:00
teamID, err := strconv.ParseInt(web.Params(c.Req)[":teamID"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "teamID is invalid", err)
}
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
resourceID := web.Params(c.Req)[":resourceID"]
var cmd setPermissionCommand
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
Auth: Move access control API to SignedInUser interface (#73144) * move access control api to SignedInUser interface * remove unused code * add logic for reading perms from a specific org * move the specific org logic to org_user.go * add a comment --------- Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
2023-08-18 05:42:18 -05:00
_, err = a.service.SetTeamPermission(c.Req.Context(), c.SignedInUser.GetOrgID(), teamID, resourceID, cmd.Permission)
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
if err != nil {
return response.Error(http.StatusBadRequest, "failed to set team permission", err)
}
return permissionSetResponse(cmd)
}
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
func (a *api) setBuiltinRolePermission(c *contextmodel.ReqContext) response.Response {
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
builtInRole := web.Params(c.Req)[":builtInRole"]
resourceID := web.Params(c.Req)[":resourceID"]
cmd := setPermissionCommand{}
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
Auth: Move access control API to SignedInUser interface (#73144) * move access control api to SignedInUser interface * remove unused code * add logic for reading perms from a specific org * move the specific org logic to org_user.go * add a comment --------- Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
2023-08-18 05:42:18 -05:00
_, err := a.service.SetBuiltInRolePermission(c.Req.Context(), c.SignedInUser.GetOrgID(), builtInRole, resourceID, cmd.Permission)
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
if err != nil {
return response.Error(http.StatusBadRequest, "failed to set role permission", err)
}
return permissionSetResponse(cmd)
}
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
func (a *api) setPermissions(c *contextmodel.ReqContext) response.Response {
add an endpoint for updating several managed permissions with one call (#57893)
2022-10-31 06:46:58 -05:00
resourceID := web.Params(c.Req)[":resourceID"]
cmd := setPermissionsCommand{}
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
Auth: Move access control API to SignedInUser interface (#73144) * move access control api to SignedInUser interface * remove unused code * add logic for reading perms from a specific org * move the specific org logic to org_user.go * add a comment --------- Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
2023-08-18 05:42:18 -05:00
_, err := a.service.SetPermissions(c.Req.Context(), c.SignedInUser.GetOrgID(), resourceID, cmd.Permissions...)
add an endpoint for updating several managed permissions with one call (#57893)
2022-10-31 06:46:58 -05:00
if err != nil {
return response.Error(http.StatusBadRequest, "failed to set permissions", err)
}
return response.Success("Permissions updated")
}
Access control: Refactor managed permission system to create api and frontend components (#42540) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 02:52:24 -06:00
func permissionSetResponse(cmd setPermissionCommand) response.Response {
message := "Permission updated"
if cmd.Permission == "" {
message = "Permission removed"
}
return response.Success(message)
}
Reference in New Issue Copy Permalink