mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Data sources: Grant creator edit permissions to data source by default (#46168)
* Data sources: Sent user ID when creating data source * Data sources: Grant a data source creator edit permissions * Use edit permisison and only append if user id is in command Co-authored-by: Karl Persson <kalle.persson@grafana.com>
This commit is contained in:
parent
0d5a6c2194
commit
0e5ac29763
@ -250,6 +250,7 @@ func (hs *HTTPServer) AddDataSource(c *models.ReqContext) response.Response {
|
||||
|
||||
datasourcesLogger.Debug("Received command to add data source", "url", cmd.Url)
|
||||
cmd.OrgId = c.OrgId
|
||||
cmd.UserId = c.UserId
|
||||
if cmd.Url != "" {
|
||||
if resp := validateURL(cmd.Type, cmd.Url); resp != nil {
|
||||
return resp
|
||||
|
@ -89,6 +89,7 @@ type AddDataSourceCommand struct {
|
||||
Uid string `json:"uid"`
|
||||
|
||||
OrgId int64 `json:"-"`
|
||||
UserId int64 `json:"-"`
|
||||
ReadOnly bool `json:"-"`
|
||||
EncryptedSecureJsonData map[string][]byte `json:"-"`
|
||||
|
||||
|
@ -168,13 +168,19 @@ func (s *Service) AddDataSource(ctx context.Context, cmd *models.AddDataSourceCo
|
||||
}
|
||||
|
||||
if s.features.IsEnabled(featuremgmt.FlagAccesscontrol) {
|
||||
if _, err := s.permissionsService.SetPermissions(ctx, cmd.OrgId, strconv.FormatInt(cmd.Result.Id, 10), accesscontrol.SetResourcePermissionCommand{
|
||||
BuiltinRole: "Viewer",
|
||||
Permission: "Query",
|
||||
}, accesscontrol.SetResourcePermissionCommand{
|
||||
BuiltinRole: "Editor",
|
||||
Permission: "Query",
|
||||
}); err != nil {
|
||||
// This belongs in Data source permissions, and we probably want
|
||||
// to do this with a hook in the store and rollback on fail.
|
||||
// We can't use events, because there's no way to communicate
|
||||
// failure, and we want "not being able to set default perms"
|
||||
// to fail the creation.
|
||||
permissions := []accesscontrol.SetResourcePermissionCommand{
|
||||
{BuiltinRole: "Viewer", Permission: "Query"},
|
||||
{BuiltinRole: "Editor", Permission: "Query"},
|
||||
}
|
||||
if cmd.UserId != 0 {
|
||||
permissions = append(permissions, accesscontrol.SetResourcePermissionCommand{UserID: cmd.UserId, Permission: "Edit"})
|
||||
}
|
||||
if _, err := s.permissionsService.SetPermissions(ctx, cmd.OrgId, strconv.FormatInt(cmd.Result.Id, 10), permissions...); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user