Access Control: Move dashboard actions and create scope provider (#48618)

* Move dashboard actions and create scope provider
2025-02-25 18:55:37 -06:00 · 2022-05-04 16:12:09 +02:00
parent 00dbea91ea
commit 2738d1c557
15 changed files with 135 additions and 142 deletions
--- a/pkg/services/accesscontrol/models.go
+++ b/pkg/services/accesscontrol/models.go
@@ -359,17 +359,6 @@ const (
 	ActionAnnotationsRead   = "annotations:read"
 	ActionAnnotationsWrite  = "annotations:write"

-	// Dashboard actions
-	ActionDashboardsCreate           = "dashboards:create"
-	ActionDashboardsRead             = "dashboards:read"
-	ActionDashboardsWrite            = "dashboards:write"
-	ActionDashboardsDelete           = "dashboards:delete"
-	ActionDashboardsPermissionsRead  = "dashboards.permissions:read"
-	ActionDashboardsPermissionsWrite = "dashboards.permissions:write"
-
-	// Dashboard scopes
-	ScopeDashboardsAll = "dashboards:*"
-
 	// Alert scopes are divided into two groups. The internal (to Grafana) and the external ones.
 	// For the Grafana ones, given we have ACID control we're able to provide better granularity by defining CRUD options.
 	// For the external ones, we only have read and write permissions due to the lack of atomicity control of the external system.
--- a/pkg/services/accesscontrol/ossaccesscontrol/permissions_services.go
+++ b/pkg/services/accesscontrol/ossaccesscontrol/permissions_services.go
@@ -138,9 +138,9 @@ func ProvideTeamPermissions(
 	return resourcepermissions.New(options, cfg, router, ac, store, sql)
 }

-var DashboardViewActions = []string{accesscontrol.ActionDashboardsRead}
-var DashboardEditActions = append(DashboardViewActions, []string{accesscontrol.ActionDashboardsWrite, accesscontrol.ActionDashboardsDelete}...)
-var DashboardAdminActions = append(DashboardEditActions, []string{accesscontrol.ActionDashboardsPermissionsRead, accesscontrol.ActionDashboardsPermissionsWrite}...)
+var DashboardViewActions = []string{dashboards.ActionDashboardsRead}
+var DashboardEditActions = append(DashboardViewActions, []string{dashboards.ActionDashboardsWrite, dashboards.ActionDashboardsDelete}...)
+var DashboardAdminActions = append(DashboardEditActions, []string{dashboards.ActionDashboardsPermissionsRead, dashboards.ActionDashboardsPermissionsWrite}...)

 func ProvideDashboardPermissions(
 	cfg *setting.Cfg, router routing.RouteRegister, sql *sqlstore.SQLStore,
@@ -203,7 +203,7 @@ func ProvideDashboardPermissions(
 }

 var FolderViewActions = []string{dashboards.ActionFoldersRead}
-var FolderEditActions = append(FolderViewActions, []string{dashboards.ActionFoldersWrite, dashboards.ActionFoldersDelete, accesscontrol.ActionDashboardsCreate}...)
+var FolderEditActions = append(FolderViewActions, []string{dashboards.ActionFoldersWrite, dashboards.ActionFoldersDelete, dashboards.ActionDashboardsCreate}...)
 var FolderAdminActions = append(FolderEditActions, []string{dashboards.ActionFoldersPermissionsRead, dashboards.ActionFoldersPermissionsWrite}...)

 func ProvideFolderPermissions(