IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Data sources: Grant creator edit permissions to data source by default (#46168)

Browse Source 
* Data sources: Sent user ID when creating data source

* Data sources: Grant a data source creator edit permissions

* Use edit permisison and only append if user id is in command

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
This commit is contained in:
Emil Tullstedt 2022-03-21 17:16:05 +01:00 committed by GitHub
parent 0d5a6c2194
commit 0e5ac29763
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pkg/api/datasources.go
View File

@ -250,6 +250,7 @@ func (hs *HTTPServer) AddDataSource(c *models.ReqContext) response.Response {
datasourcesLogger.Debug("Received command to add data source", "url", cmd.Url) datasourcesLogger.Debug("Received command to add data source", "url", cmd.Url)
cmd.OrgId = c.OrgId cmd.OrgId = c.OrgId
cmd.UserId = c.UserId
if cmd.Url != "" { if cmd.Url != "" {
if resp := validateURL(cmd.Type, cmd.Url); resp != nil { if resp := validateURL(cmd.Type, cmd.Url); resp != nil {
return resp return resp

1
pkg/models/datasource.go
View File

@ -89,6 +89,7 @@ type AddDataSourceCommand struct {
Uid string `json:"uid"` Uid string `json:"uid"`
OrgId int64 `json:"-"` OrgId int64 `json:"-"`
UserId int64 `json:"-"`
ReadOnly bool `json:"-"` ReadOnly bool `json:"-"`
EncryptedSecureJsonData map[string][]byte `json:"-"` EncryptedSecureJsonData map[string][]byte `json:"-"`

20
pkg/services/datasources/service/datasource_service.go
View File

@ -168,13 +168,19 @@ func (s *Service) AddDataSource(ctx context.Context, cmd *models.AddDataSourceCo
} }
if s.features.IsEnabled(featuremgmt.FlagAccesscontrol) { if s.features.IsEnabled(featuremgmt.FlagAccesscontrol) {
if _, err := s.permissionsService.SetPermissions(ctx, cmd.OrgId, strconv.FormatInt(cmd.Result.Id, 10), accesscontrol.SetResourcePermissionCommand{ // This belongs in Data source permissions, and we probably want
BuiltinRole: "Viewer", // to do this with a hook in the store and rollback on fail.
Permission: "Query", // We can't use events, because there's no way to communicate
}, accesscontrol.SetResourcePermissionCommand{ // failure, and we want "not being able to set default perms"
BuiltinRole: "Editor", // to fail the creation.
Permission: "Query", permissions := []accesscontrol.SetResourcePermissionCommand{
}); err != nil { {BuiltinRole: "Viewer", Permission: "Query"},
{BuiltinRole: "Editor", Permission: "Query"},
}
if cmd.UserId != 0 {
permissions = append(permissions, accesscontrol.SetResourcePermissionCommand{UserID: cmd.UserId, Permission: "Edit"})
}
if _, err := s.permissionsService.SetPermissions(ctx, cmd.OrgId, strconv.FormatInt(cmd.Result.Id, 10), permissions...); err != nil {
return err return err
} }
} }