grafana/pkg/services/supportbundles/supportbundlesimpl/models.go

package supportbundlesimpl

import (
	"github.com/grafana/grafana/pkg/services/accesscontrol"
	"github.com/grafana/grafana/pkg/services/org"
)

const (
	ActionRead   = "support.bundles:read"
	ActionCreate = "support.bundles:create"
	ActionDelete = "support.bundles:delete"
)

var (
	bundleReaderRole = accesscontrol.RoleDTO{
		Name:        "fixed:support.bundles:reader",
		DisplayName: "Support bundle reader",
		Description: "List and download support bundles",
		Group:       "Support bundles",
		Permissions: []accesscontrol.Permission{
			{Action: ActionRead},
		},
	}

	bundleWriterRole = accesscontrol.RoleDTO{
		Name:        "fixed:support.bundles:writer",
		DisplayName: "Support bundle writer",
		Description: "Create, delete, list and download support bundles",
		Group:       "Support bundles",
		Permissions: []accesscontrol.Permission{
			{Action: ActionRead},
			{Action: ActionCreate},
			{Action: ActionDelete},
		},
	}
)

func (s *Service) declareFixedRoles(ac accesscontrol.Service) error {
	grants := []string{string(org.RoleAdmin), accesscontrol.RoleGrafanaAdmin}
	if s.serverAdminOnly {
		grants = []string{accesscontrol.RoleGrafanaAdmin}
	}

	bundleReader := accesscontrol.RoleRegistration{
		Role:   bundleReaderRole,
		Grants: grants,
	}
	bundleWriter := accesscontrol.RoleRegistration{
		Role:   bundleWriterRole,
		Grants: grants,
	}

	return ac.DeclareFixedRoles(bundleWriter, bundleReader)
}
Admin: Add support bundles (#60536) * Add support bundles Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> * tweak code owners * rename and lint frontend * lint * fix backend lint * register feature flag * add feature toggle. fix small backend issues Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> 2022-12-20 10:13:37 +00:00			`package supportbundlesimpl`

			`import (`
			`"github.com/grafana/grafana/pkg/services/accesscontrol"`
			`"github.com/grafana/grafana/pkg/services/org"`
			`)`

			`const (`
			`ActionRead = "support.bundles:read"`
			`ActionCreate = "support.bundles:create"`
			`ActionDelete = "support.bundles:delete"`
			`)`

			`var (`
			`bundleReaderRole = accesscontrol.RoleDTO{`
			`Name: "fixed:support.bundles:reader",`
			`DisplayName: "Support bundle reader",`
			`Description: "List and download support bundles",`
			`Group: "Support bundles",`
			`Permissions: []accesscontrol.Permission{`
			`{Action: ActionRead},`
			`},`
			`}`

			`bundleWriterRole = accesscontrol.RoleDTO{`
			`Name: "fixed:support.bundles:writer",`
			`DisplayName: "Support bundle writer",`
			`Description: "Create, delete, list and download support bundles",`
			`Group: "Support bundles",`
			`Permissions: []accesscontrol.Permission{`
			`{Action: ActionRead},`
			`{Action: ActionCreate},`
			`{Action: ActionDelete},`
			`},`
			`}`
			`)`

SupportBundles: Add config enablement (#61776) * wip * implement role middleware drop * remove not implement feature * change grants based on config * Update pkg/services/supportbundles/supportbundlesimpl/models.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> 2023-01-20 08:59:15 +00:00			`func (s *Service) declareFixedRoles(ac accesscontrol.Service) error {`
			`grants := []string{string(org.RoleAdmin), accesscontrol.RoleGrafanaAdmin}`
			`if s.serverAdminOnly {`
			`grants = []string{accesscontrol.RoleGrafanaAdmin}`
			`}`

Admin: Add support bundles (#60536) * Add support bundles Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> * tweak code owners * rename and lint frontend * lint * fix backend lint * register feature flag * add feature toggle. fix small backend issues Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> 2022-12-20 10:13:37 +00:00			`bundleReader := accesscontrol.RoleRegistration{`
			`Role: bundleReaderRole,`
SupportBundles: Add config enablement (#61776) * wip * implement role middleware drop * remove not implement feature * change grants based on config * Update pkg/services/supportbundles/supportbundlesimpl/models.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> 2023-01-20 08:59:15 +00:00			`Grants: grants,`
Admin: Add support bundles (#60536) * Add support bundles Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> * tweak code owners * rename and lint frontend * lint * fix backend lint * register feature flag * add feature toggle. fix small backend issues Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> 2022-12-20 10:13:37 +00:00			`}`
			`bundleWriter := accesscontrol.RoleRegistration{`
			`Role: bundleWriterRole,`
SupportBundles: Add config enablement (#61776) * wip * implement role middleware drop * remove not implement feature * change grants based on config * Update pkg/services/supportbundles/supportbundlesimpl/models.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> 2023-01-20 08:59:15 +00:00			`Grants: grants,`
Admin: Add support bundles (#60536) * Add support bundles Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> * tweak code owners * rename and lint frontend * lint * fix backend lint * register feature flag * add feature toggle. fix small backend issues Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> 2022-12-20 10:13:37 +00:00			`}`

			`return ac.DeclareFixedRoles(bundleWriter, bundleReader)`
			`}`