IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Add permission to get usage report preview (#61570)

Browse Source 
* AccessControl: Protect usage report preview endpoint

* Fix role display name

* Change action name

* Fix imports
This commit is contained in:
Alexander Zobnin 2023-01-18 16:07:36 +01:00 committed by GitHub
parent 959c89793f
commit 1fdd3767f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 57 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
pkg/infra/usagestats/service/accesscontrol.go Normal file
View File

@ -0,0 +1,30 @@
package service
import (
"github.com/grafana/grafana/pkg/services/accesscontrol"
)
const (
ActionRead = "server.usagestats.report:read"
)
var (
usagestatsReaderRole = accesscontrol.RoleDTO{
Name: "fixed:usagestats:reader",
DisplayName: "Usage stats report reader",
Description: "View usage statistics report",
Group: "Statistics",
Permissions: []accesscontrol.Permission{
{Action: ActionRead},
},
}
)
func declareFixedRoles(ac accesscontrol.Service) error {
usagestatsReader := accesscontrol.RoleRegistration{
Role: usagestatsReaderRole,
Grants: []string{string(accesscontrol.RoleGrafanaAdmin)},
}
return ac.DeclareFixedRoles(usagestatsReader)
}

5
pkg/infra/usagestats/service/api.go
View File

@ -7,13 +7,16 @@ import (
"github.com/grafana/grafana/pkg/api/routing" "github.com/grafana/grafana/pkg/api/routing"
"github.com/grafana/grafana/pkg/middleware" "github.com/grafana/grafana/pkg/middleware"
"github.com/grafana/grafana/pkg/models" "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/accesscontrol"
) )
const rootUrl = "/api/admin" const rootUrl = "/api/admin"
func (uss *UsageStats) registerAPIEndpoints() { func (uss *UsageStats) registerAPIEndpoints() {
authorize := accesscontrol.Middleware(uss.accesscontrol)
uss.RouteRegister.Group(rootUrl, func(subrouter routing.RouteRegister) { uss.RouteRegister.Group(rootUrl, func(subrouter routing.RouteRegister) {
subrouter.Get("/usage-report-preview", middleware.ReqGrafanaAdmin, routing.Wrap(uss.getUsageReportPreview)) subrouter.Get("/usage-report-preview", authorize(middleware.ReqGrafanaAdmin, accesscontrol.EvalPermission(ActionRead)), routing.Wrap(uss.getUsageReportPreview))
}) })
} }

19
pkg/infra/usagestats/service/service.go
View File

@ -10,6 +10,7 @@ import (
"github.com/grafana/grafana/pkg/infra/tracing" "github.com/grafana/grafana/pkg/infra/tracing"
"github.com/grafana/grafana/pkg/infra/usagestats" "github.com/grafana/grafana/pkg/infra/usagestats"
"github.com/grafana/grafana/pkg/plugins" "github.com/grafana/grafana/pkg/plugins"
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/setting" "github.com/grafana/grafana/pkg/setting"
) )
@ -18,6 +19,7 @@ type UsageStats struct {
kvStore *kvstore.NamespacedKVStore kvStore *kvstore.NamespacedKVStore
RouteRegister routing.RouteRegister RouteRegister routing.RouteRegister
pluginStore plugins.Store pluginStore plugins.Store
accesscontrol ac.AccessControl
log log.Logger log log.Logger
tracer tracing.Tracer tracer tracing.Tracer
@ -26,7 +28,13 @@ type UsageStats struct {
sendReportCallbacks []usagestats.SendReportCallbackFunc sendReportCallbacks []usagestats.SendReportCallbackFunc
} }
func ProvideService(cfg *setting.Cfg, pluginStore plugins.Store, kvStore kvstore.KVStore, routeRegister routing.RouteRegister, tracer tracing.Tracer) *UsageStats { func ProvideService(cfg *setting.Cfg,
pluginStore plugins.Store,
kvStore kvstore.KVStore,
routeRegister routing.RouteRegister,
tracer tracing.Tracer,
accesscontrol ac.AccessControl,
accesscontrolService ac.Service) (*UsageStats, error) {
s := &UsageStats{ s := &UsageStats{
Cfg: cfg, Cfg: cfg,
RouteRegister: routeRegister, RouteRegister: routeRegister,
@ -34,11 +42,18 @@ func ProvideService(cfg *setting.Cfg, pluginStore plugins.Store, kvStore kvstore
kvStore: kvstore.WithNamespace(kvStore, 0, "infra.usagestats"), kvStore: kvstore.WithNamespace(kvStore, 0, "infra.usagestats"),
log: log.New("infra.usagestats"), log: log.New("infra.usagestats"),
tracer: tracer, tracer: tracer,
accesscontrol: accesscontrol,
}
if !accesscontrol.IsDisabled() {
if err := declareFixedRoles(accesscontrolService); err != nil {
return nil, err
}
} }
s.registerAPIEndpoints() s.registerAPIEndpoints()
return s return s, nil
} }
func (uss *UsageStats) Run(ctx context.Context) error { func (uss *UsageStats) Run(ctx context.Context) error {

7
pkg/infra/usagestats/service/usage_stats_test.go
View File

@ -22,6 +22,7 @@ import (
"github.com/grafana/grafana/pkg/infra/tracing" "github.com/grafana/grafana/pkg/infra/tracing"
"github.com/grafana/grafana/pkg/infra/usagestats" "github.com/grafana/grafana/pkg/infra/usagestats"
"github.com/grafana/grafana/pkg/plugins" "github.com/grafana/grafana/pkg/plugins"
"github.com/grafana/grafana/pkg/services/accesscontrol/actest"
"github.com/grafana/grafana/pkg/setting" "github.com/grafana/grafana/pkg/setting"
) )
@ -214,11 +215,15 @@ func createService(t *testing.T, cfg setting.Cfg, sqlStore db.DB, withDB bool) *
sqlStore = db.InitTestDB(t) sqlStore = db.InitTestDB(t)
} }
return ProvideService( service, _ := ProvideService(
&cfg, &cfg,
&plugins.FakePluginStore{}, &plugins.FakePluginStore{},
kvstore.ProvideService(sqlStore), kvstore.ProvideService(sqlStore),
routing.NewRouteRegister(), routing.NewRouteRegister(),
tracing.InitializeTracerForTest(), tracing.InitializeTracerForTest(),
actest.FakeAccessControl{ExpectedDisabled: true},
actest.FakeService{},
) )
return service
} }