Data sources: Grant creator edit permissions to data source by default (#46168)

* Data sources: Sent user ID when creating data source

* Data sources: Grant a data source creator edit permissions

* Use edit permisison and only append if user id is in command

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
This commit is contained in:
Emil Tullstedt 2022-03-21 17:16:05 +01:00 committed by GitHub
parent 0d5a6c2194
commit 0e5ac29763
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 7 deletions

View File

@ -250,6 +250,7 @@ func (hs *HTTPServer) AddDataSource(c *models.ReqContext) response.Response {
datasourcesLogger.Debug("Received command to add data source", "url", cmd.Url)
cmd.OrgId = c.OrgId
cmd.UserId = c.UserId
if cmd.Url != "" {
if resp := validateURL(cmd.Type, cmd.Url); resp != nil {
return resp

View File

@ -89,6 +89,7 @@ type AddDataSourceCommand struct {
Uid string `json:"uid"`
OrgId int64 `json:"-"`
UserId int64 `json:"-"`
ReadOnly bool `json:"-"`
EncryptedSecureJsonData map[string][]byte `json:"-"`

View File

@ -168,13 +168,19 @@ func (s *Service) AddDataSource(ctx context.Context, cmd *models.AddDataSourceCo
}
if s.features.IsEnabled(featuremgmt.FlagAccesscontrol) {
if _, err := s.permissionsService.SetPermissions(ctx, cmd.OrgId, strconv.FormatInt(cmd.Result.Id, 10), accesscontrol.SetResourcePermissionCommand{
BuiltinRole: "Viewer",
Permission: "Query",
}, accesscontrol.SetResourcePermissionCommand{
BuiltinRole: "Editor",
Permission: "Query",
}); err != nil {
// This belongs in Data source permissions, and we probably want
// to do this with a hook in the store and rollback on fail.
// We can't use events, because there's no way to communicate
// failure, and we want "not being able to set default perms"
// to fail the creation.
permissions := []accesscontrol.SetResourcePermissionCommand{
{BuiltinRole: "Viewer", Permission: "Query"},
{BuiltinRole: "Editor", Permission: "Query"},
}
if cmd.UserId != 0 {
permissions = append(permissions, accesscontrol.SetResourcePermissionCommand{UserID: cmd.UserId, Permission: "Edit"})
}
if _, err := s.permissionsService.SetPermissions(ctx, cmd.OrgId, strconv.FormatInt(cmd.Result.Id, 10), permissions...); err != nil {
return err
}
}