From 1cff564483e05038bc48b2431fb15eef301fd4ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torkel=20=C3=96degaard?= Date: Wed, 28 Jan 2015 11:33:50 +0100 Subject: [PATCH] Fontend handling of account role to hide user actions and links that the user does not have access to --- conf/grafana.ini | 4 +++- grafana | 2 +- pkg/api/api.go | 23 ++++++++++------------- pkg/api/dtos/models.go | 15 ++++++++------- pkg/middleware/auth.go | 1 + 5 files changed, 23 insertions(+), 22 deletions(-) diff --git a/conf/grafana.ini b/conf/grafana.ini index 562fd6dee2e..bd9b39cf134 100644 --- a/conf/grafana.ini +++ b/conf/grafana.ini @@ -46,6 +46,8 @@ secret_key = SW2YcwTIb9zpOOhoPsMm login_remember_days = 7 cookie_username = grafana_user cookie_remember_name = grafana_remember +; disable user signup / registration +disable_user_signup = false [account.single] ; Enable this feature to auto assign new users to a single account, suitable for NON multi tenant setups @@ -57,7 +59,7 @@ default_role = Editor [auth.anonymous] ; enable anonymous access -enabled = false +enabled = true ; specify account name that should be used for unauthenticated users account_name = main ; specify role for unauthenticated users diff --git a/grafana b/grafana index 017eab8dcd1..c75e669204f 160000 --- a/grafana +++ b/grafana @@ -1 +1 @@ -Subproject commit 017eab8dcd182b8c19f65657fc3d46e30545b7ff +Subproject commit c75e669204ffd050e3ef23fdab516c425f7fb668 diff --git a/pkg/api/api.go b/pkg/api/api.go index 2fba7c0656e..1bd79f11581 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -31,7 +31,7 @@ func Register(r *macaron.Macaron) { r.Get("/account/users/", reqSignedIn, Index) r.Get("/account/apikeys/", reqSignedIn, Index) r.Get("/account/import/", reqSignedIn, Index) - r.Get("/admin/users", reqSignedIn, Index) + r.Get("/admin/users", reqGrafanaAdmin, Index) r.Get("/dashboard/*", reqSignedIn, Index) // sign up @@ -104,18 +104,15 @@ func setIndexViewData(c *middleware.Context) error { return err } - currentUser := &dtos.CurrentUser{} - - if c.IsSignedIn { - currentUser = &dtos.CurrentUser{ - Login: c.Login, - Email: c.Email, - Name: c.Name, - UsingAccountName: c.AccountName, - GravatarUrl: dtos.GetGravatarUrl(c.Email), - IsGrafanaAdmin: c.IsGrafanaAdmin, - Role: c.AccountRole, - } + currentUser := &dtos.CurrentUser{ + IsSignedIn: c.IsSignedIn, + Login: c.Login, + Email: c.Email, + Name: c.Name, + AccountName: c.AccountName, + AccountRole: c.AccountRole, + GravatarUrl: dtos.GetGravatarUrl(c.Email), + IsGrafanaAdmin: c.IsGrafanaAdmin, } c.Data["User"] = currentUser diff --git a/pkg/api/dtos/models.go b/pkg/api/dtos/models.go index 250a6564fee..b4089862a72 100644 --- a/pkg/api/dtos/models.go +++ b/pkg/api/dtos/models.go @@ -15,13 +15,14 @@ type LoginCommand struct { } type CurrentUser struct { - Login string `json:"login"` - Email string `json:"email"` - Role m.RoleType `json:"role"` - Name string `json:"name"` - UsingAccountName string `json:"usingAccountName"` - IsGrafanaAdmin bool `json:"isGrafanaAdmin"` - GravatarUrl string `json:"gravatarUrl"` + IsSignedIn bool `json:"isSignedIn"` + Login string `json:"login"` + Email string `json:"email"` + Name string `json:"name"` + AccountRole m.RoleType `json:"accountRole"` + AccountName string `json:"acountName"` + IsGrafanaAdmin bool `json:"isGrafanaAdmin"` + GravatarUrl string `json:"gravatarUrl"` } type DataSource struct { diff --git a/pkg/middleware/auth.go b/pkg/middleware/auth.go index c49f5298f9b..848dc424285 100644 --- a/pkg/middleware/auth.go +++ b/pkg/middleware/auth.go @@ -70,6 +70,7 @@ func RoleAuth(roles ...m.RoleType) macaron.Handler { func Auth(options *AuthOptions) macaron.Handler { return func(c *Context) { if !c.IsGrafanaAdmin && options.ReqGrafanaAdmin { + c.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+c.Req.RequestURI), 0, setting.AppSubUrl+"/") authDenied(c) return }