Fontend handling of account role to hide user actions and links that the user does not have access to

2025-02-25 18:55:37 -06:00 · 2015-01-28 11:33:50 +01:00 · 2015-01-28 11:33:50 +01:00 · 1cff564483
commit 1cff564483
parent aa261bbe23
5 changed files with 23 additions and 22 deletions
--- a/conf/grafana.ini
+++ b/conf/grafana.ini
@ -46,6 +46,8 @@ secret_key = SW2YcwTIb9zpOOhoPsMm
 login_remember_days = 7
 cookie_username = grafana_user
 cookie_remember_name = grafana_remember
+; disable user signup / registration
+disable_user_signup = false

 [account.single]
 ; Enable this feature to auto assign new users to a single account, suitable for NON multi tenant setups
@ -57,7 +59,7 @@ default_role = Editor

 [auth.anonymous]
 ; enable anonymous access
-enabled = false
+enabled = true
 ; specify account name that should be used for unauthenticated users
 account_name = main
 ; specify role for unauthenticated users
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 017eab8dcd182b8c19f65657fc3d46e30545b7ff
+Subproject commit c75e669204ffd050e3ef23fdab516c425f7fb668
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@ -31,7 +31,7 @@ func Register(r *macaron.Macaron) {
 	r.Get("/account/users/", reqSignedIn, Index)
 	r.Get("/account/apikeys/", reqSignedIn, Index)
 	r.Get("/account/import/", reqSignedIn, Index)
-	r.Get("/admin/users", reqSignedIn, Index)
+	r.Get("/admin/users", reqGrafanaAdmin, Index)
 	r.Get("/dashboard/*", reqSignedIn, Index)

 	// sign up
@ -104,18 +104,15 @@ func setIndexViewData(c *middleware.Context) error {
 		return err
 	}

-	currentUser := &dtos.CurrentUser{}
-
-	if c.IsSignedIn {
-		currentUser = &dtos.CurrentUser{
+	currentUser := &dtos.CurrentUser{
+		IsSignedIn:     c.IsSignedIn,
 		Login:          c.Login,
 		Email:          c.Email,
 		Name:           c.Name,
-			UsingAccountName: c.AccountName,
+		AccountName:    c.AccountName,
+		AccountRole:    c.AccountRole,
 		GravatarUrl:    dtos.GetGravatarUrl(c.Email),
 		IsGrafanaAdmin: c.IsGrafanaAdmin,
-			Role:             c.AccountRole,
-		}
 	}

 	c.Data["User"] = currentUser
--- a/pkg/api/dtos/models.go
+++ b/pkg/api/dtos/models.go
@ -15,11 +15,12 @@ type LoginCommand struct {
 }

 type CurrentUser struct {
+	IsSignedIn     bool       `json:"isSignedIn"`
 	Login          string     `json:"login"`
 	Email          string     `json:"email"`
-	Role             m.RoleType `json:"role"`
 	Name           string     `json:"name"`
-	UsingAccountName string     `json:"usingAccountName"`
+	AccountRole    m.RoleType `json:"accountRole"`
+	AccountName    string     `json:"acountName"`
 	IsGrafanaAdmin bool       `json:"isGrafanaAdmin"`
 	GravatarUrl    string     `json:"gravatarUrl"`
 }
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@ -70,6 +70,7 @@ func RoleAuth(roles ...m.RoleType) macaron.Handler {
 func Auth(options *AuthOptions) macaron.Handler {
 	return func(c *Context) {
 		if !c.IsGrafanaAdmin && options.ReqGrafanaAdmin {
+			c.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+c.Req.RequestURI), 0, setting.AppSubUrl+"/")
 			authDenied(c)
 			return
 		}