IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Access control: Always append all permissions to role admin in oss (#46282)

Browse Source 
* Always append all permissions to built in role admin in oss
This commit is contained in:
Karl Persson
2022-03-07 13:28:39 +01:00
committed by GitHub
parent 00a8542ecf
commit 0debf33c76
6 changed files with 44 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
pkg/services/accesscontrol/ossaccesscontrol/permissions_services.go
View File

@@ -11,18 +11,22 @@ import (
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/accesscontrol/resourcepermissions"
"github.com/grafana/grafana/pkg/services/sqlstore"
"github.com/grafana/grafana/pkg/setting"
)
func ProvidePermissionsServices(router routing.RouteRegister, sql *sqlstore.SQLStore, ac accesscontrol.AccessControl, store resourcepermissions.Store) (*PermissionsServices, error) {
teamPermissions, err := ProvideTeamPermissions(router, sql, ac, store)
func ProvidePermissionsServices(
cfg *setting.Cfg, router routing.RouteRegister, sql *sqlstore.SQLStore,
ac accesscontrol.AccessControl, store resourcepermissions.Store,
) (*PermissionsServices, error) {
teamPermissions, err := ProvideTeamPermissions(cfg, router, sql, ac, store)
if err != nil {
return nil, err
}
folderPermissions, err := provideFolderService(router, sql, ac, store)
folderPermissions, err := provideFolderService(cfg, router, sql, ac, store)
if err != nil {
return nil, err
}
dashboardPermissions, err := provideDashboardService(router, sql, ac, store)
dashboardPermissions, err := provideDashboardService(cfg, router, sql, ac, store)
if err != nil {
return nil, err
}
@@ -72,7 +76,10 @@ var (
}
)
func ProvideTeamPermissions(router routing.RouteRegister, sql *sqlstore.SQLStore, ac accesscontrol.AccessControl, store resourcepermissions.Store) (*resourcepermissions.Service, error) {
func ProvideTeamPermissions(
cfg *setting.Cfg, router routing.RouteRegister, sql *sqlstore.SQLStore,
ac accesscontrol.AccessControl, store resourcepermissions.Store,
) (*resourcepermissions.Service, error) {
options := resourcepermissions.Options{
Resource: "teams",
OnlyManaged: true,
@@ -126,7 +133,7 @@ func ProvideTeamPermissions(router routing.RouteRegister, sql *sqlstore.SQLStore
},
}
return resourcepermissions.New(options, router, ac, store, sql)
return resourcepermissions.New(options, cfg, router, ac, store, sql)
}
var DashboardViewActions = []string{accesscontrol.ActionDashboardsRead}
@@ -136,7 +143,10 @@ var FolderViewActions = []string{accesscontrol.ActionFoldersRead}
var FolderEditActions = append(FolderViewActions, []string{accesscontrol.ActionFoldersWrite, accesscontrol.ActionFoldersDelete, accesscontrol.ActionDashboardsCreate}...)
var FolderAdminActions = append(FolderEditActions, []string{accesscontrol.ActionFoldersPermissionsRead, accesscontrol.ActionFoldersPermissionsWrite}...)
func provideDashboardService(router routing.RouteRegister, sql *sqlstore.SQLStore, accesscontrol accesscontrol.AccessControl, store resourcepermissions.Store) (*resourcepermissions.Service, error) {
func provideDashboardService(
cfg *setting.Cfg, router routing.RouteRegister, sql *sqlstore.SQLStore,
accesscontrol accesscontrol.AccessControl, store resourcepermissions.Store,
) (*resourcepermissions.Service, error) {
options := resourcepermissions.Options{
Resource: "dashboards",
ResourceValidator: func(ctx context.Context, orgID int64, resourceID string) error {
@@ -180,10 +190,13 @@ func provideDashboardService(router routing.RouteRegister, sql *sqlstore.SQLStor
RoleGroup: "Dashboards",
}
return resourcepermissions.New(options, router, accesscontrol, store, sql)
return resourcepermissions.New(options, cfg, router, accesscontrol, store, sql)
}
func provideFolderService(router routing.RouteRegister, sql *sqlstore.SQLStore, accesscontrol accesscontrol.AccessControl, store resourcepermissions.Store) (*resourcepermissions.Service, error) {
func provideFolderService(
cfg *setting.Cfg, router routing.RouteRegister, sql *sqlstore.SQLStore,
accesscontrol accesscontrol.AccessControl, store resourcepermissions.Store,
) (*resourcepermissions.Service, error) {
options := resourcepermissions.Options{
Resource: "folders",
ResourceValidator: func(ctx context.Context, orgID int64, resourceID string) error {
@@ -227,7 +240,7 @@ func provideFolderService(router routing.RouteRegister, sql *sqlstore.SQLStore,
RoleGroup: "Folders",
}
return resourcepermissions.New(options, router, accesscontrol, store, sql)
return resourcepermissions.New(options, cfg, router, accesscontrol, store, sql)
}
func provideEmptyPermissionsService() accesscontrol.PermissionsService {