IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Render team, service account and user list when a user can see entities but not roles attached to them (#79642)

Browse Source 
* Render list even when user cannot list roles assigned for entities
This commit is contained in:
Karl Persson 2023-12-18 15:55:02 +01:00 committed by GitHub
parent f7248efff5
commit 0437a74956
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
public/app/features/serviceaccounts/state/actions.ts
View File

@ -54,7 +54,10 @@ export function fetchServiceAccounts(
)}&accesscontrol=true`
);
if (contextSrv.licensedAccessControlEnabled()) {
if (
contextSrv.licensedAccessControlEnabled() &&
contextSrv.hasPermission(AccessControlAction.ActionUserRolesList)
) {
dispatch(rolesFetchBegin());
const orgId = contextSrv.user.orgId;
const userIds = result?.serviceAccounts.map((u: ServiceAccountDTO) => u.id);

5
public/app/features/teams/state/actions.ts
View File

@ -41,7 +41,10 @@ export function loadTeams(initial = false): ThunkResult<void> {
noTeams = response.teams.length === 0;
}
if (contextSrv.licensedAccessControlEnabled()) {
if (
contextSrv.licensedAccessControlEnabled() &&
contextSrv.hasPermission(AccessControlAction.ActionTeamsRolesList)
) {
dispatch(rolesFetchBegin());
const teamIds = response?.teams.map((t: Team) => t.id);
const roles = await getBackendSrv().post(`/api/access-control/teams/roles/search`, { teamIds });

7
public/app/features/users/state/actions.ts
View File

@ -6,7 +6,7 @@ import { contextSrv } from 'app/core/core';
import { accessControlQueryParam } from 'app/core/utils/accessControl';
import { OrgUser } from 'app/types';
import { ThunkResult } from '../../../types';
import { AccessControlAction, ThunkResult } from '../../../types';
import {
usersLoaded,
@ -29,7 +29,10 @@ export function loadUsers(): ThunkResult<void> {
accessControlQueryParam({ perpage: perPage, page, query: searchQuery, sort })
);
if (contextSrv.licensedAccessControlEnabled()) {
if (
contextSrv.licensedAccessControlEnabled() &&
contextSrv.hasPermission(AccessControlAction.ActionUserRolesList)
) {
dispatch(rolesFetchBegin());
const orgId = contextSrv.user.orgId;
const userIds = users?.orgUsers.map((u: OrgUser) => u.userId);