IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Authz: Remove use of SignedInUser copy for permission evaluation (#78448)

Browse Source 
* remove use of SignedInUserCopies

* add extra safety to not cross assign permissions

unwind circular dependency

dashboardacl->dashboardaccess

fix missing import

* correctly set teams for permissions

* fix missing inits

* nit: check err

* exit early for api keys
This commit is contained in:
Jo
2023-11-22 14:20:22 +01:00
committed by GitHub
parent 392a4342a8
commit 0de66a8099
44 changed files with 422 additions and 337 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
pkg/services/team/model.go
View File

@@ -8,7 +8,7 @@ import (
"github.com/grafana/grafana/pkg/kinds/team"
"github.com/grafana/grafana/pkg/services/auth/identity"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/dashboards/dashboardaccess"
"github.com/grafana/grafana/pkg/services/search/model"
)
@@ -103,15 +103,15 @@ type SearchTeamsQuery struct {
}
type TeamDTO struct {
ID int64 `json:"id" xorm:"id"`
UID string `json:"uid" xorm:"uid"`
OrgID int64 `json:"orgId" xorm:"org_id"`
Name string `json:"name"`
Email string `json:"email"`
AvatarURL string `json:"avatarUrl"`
MemberCount int64 `json:"memberCount"`
Permission dashboards.PermissionType `json:"permission"`
AccessControl map[string]bool `json:"accessControl"`
ID int64 `json:"id" xorm:"id"`
UID string `json:"uid" xorm:"uid"`
OrgID int64 `json:"orgId" xorm:"org_id"`
Name string `json:"name"`
Email string `json:"email"`
AvatarURL string `json:"avatarUrl"`
MemberCount int64 `json:"memberCount"`
Permission dashboardaccess.PermissionType `json:"permission"`
AccessControl map[string]bool `json:"accessControl"`
}
type SearchTeamQueryResult struct {
@@ -128,7 +128,7 @@ type TeamMember struct {
TeamID int64 `xorm:"team_id"`
UserID int64 `xorm:"user_id"`
External bool // Signals that the membership has been created by an external systems, such as LDAP
Permission dashboards.PermissionType
Permission dashboardaccess.PermissionType
Created time.Time
Updated time.Time
@@ -138,18 +138,18 @@ type TeamMember struct {
// COMMANDS
type AddTeamMemberCommand struct {
UserID int64 `json:"userId" binding:"Required"`
OrgID int64 `json:"-"`
TeamID int64 `json:"-"`
External bool `json:"-"`
Permission dashboards.PermissionType `json:"-"`
UserID int64 `json:"userId" binding:"Required"`
OrgID int64 `json:"-"`
TeamID int64 `json:"-"`
External bool `json:"-"`
Permission dashboardaccess.PermissionType `json:"-"`
}
type UpdateTeamMemberCommand struct {
UserID int64 `json:"-"`
OrgID int64 `json:"-"`
TeamID int64 `json:"-"`
Permission dashboards.PermissionType `json:"permission"`
UserID int64 `json:"-"`
OrgID int64 `json:"-"`
TeamID int64 `json:"-"`
Permission dashboardaccess.PermissionType `json:"permission"`
}
type RemoveTeamMemberCommand struct {
@@ -174,16 +174,16 @@ type GetTeamMembersQuery struct {
// Projections and DTOs
type TeamMemberDTO struct {
OrgID int64 `json:"orgId" xorm:"org_id"`
TeamID int64 `json:"teamId" xorm:"team_id"`
TeamUID string `json:"teamUID" xorm:"uid"`
UserID int64 `json:"userId" xorm:"user_id"`
External bool `json:"-"`
AuthModule string `json:"auth_module"`
Email string `json:"email"`
Name string `json:"name"`
Login string `json:"login"`
AvatarURL string `json:"avatarUrl" xorm:"avatar_url"`
Labels []string `json:"labels"`
Permission dashboards.PermissionType `json:"permission"`
OrgID int64 `json:"orgId" xorm:"org_id"`
TeamID int64 `json:"teamId" xorm:"team_id"`
TeamUID string `json:"teamUID" xorm:"uid"`
UserID int64 `json:"userId" xorm:"user_id"`
External bool `json:"-"`
AuthModule string `json:"auth_module"`
Email string `json:"email"`
Name string `json:"name"`
Login string `json:"login"`
AvatarURL string `json:"avatarUrl" xorm:"avatar_url"`
Labels []string `json:"labels"`
Permission dashboardaccess.PermissionType `json:"permission"`
}