mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Access control: hide team role picker if user doesn't have access to it (#45068)
* hide team role column * hide or disable the role picker as needed * add SWL filtering for role listing
This commit is contained in:
Ieva
GitHub
parent
4e38ac9cf7
commit
4f4b1cb5ea
@ -11,6 +11,7 @@ import (
|
||||
|
||||
var sqlIDAcceptList = map[string]struct{}{
|
||||
"org_user.user_id": {},
|
||||
"role.id": {},
|
||||
}
|
||||
|
||||
var (
|
||||
|
||||
@ -74,6 +74,14 @@ export class TeamList extends PureComponent<Props, State> {
|
||||
team,
|
||||
isPermissionTeamAdmin({ permission, editorsCanAdmin, signedInUser })
|
||||
);
|
||||
const canSeeTeamRoles = contextSrv.hasAccessInMetadata(AccessControlAction.ActionTeamsRolesList, team, false);
|
||||
const canUpdateTeamRoles =
|
||||
contextSrv.hasAccess(AccessControlAction.ActionTeamsRolesAdd, false) ||
|
||||
contextSrv.hasAccess(AccessControlAction.ActionTeamsRolesRemove, false);
|
||||
const displayRolePicker =
|
||||
contextSrv.licensedAccessControlEnabled() &&
|
||||
contextSrv.hasPermission(AccessControlAction.ActionTeamsRolesList) &&
|
||||
contextSrv.hasPermission(AccessControlAction.ActionRolesList);
|
||||
|
||||
return (
|
||||
<tr key={team.id}>
|
||||
@ -93,9 +101,11 @@ export class TeamList extends PureComponent<Props, State> {
|
||||
<td className="link-td">
|
||||
<a href={teamUrl}>{team.memberCount}</a>
|
||||
</td>
|
||||
{contextSrv.licensedAccessControlEnabled() && (
|
||||
{displayRolePicker && (
|
||||
<td>
|
||||
<TeamRolePicker teamId={team.id} roleOptions={this.state.roleOptions} />
|
||||
{canSeeTeamRoles && (
|
||||
<TeamRolePicker teamId={team.id} roleOptions={this.state.roleOptions} disabled={!canUpdateTeamRoles} />
|
||||
)}
|
||||
</td>
|
||||
)}
|
||||
<td className="text-right">
|
||||
@ -134,6 +144,10 @@ export class TeamList extends PureComponent<Props, State> {
|
||||
const { teams, searchQuery, editorsCanAdmin, searchPage, setTeamsSearchPage } = this.props;
|
||||
const teamAdmin = contextSrv.hasRole('Admin') || (editorsCanAdmin && contextSrv.hasRole('Editor'));
|
||||
const canCreate = contextSrv.hasAccess(AccessControlAction.ActionTeamsCreate, teamAdmin);
|
||||
const displayRolePicker =
|
||||
contextSrv.licensedAccessControlEnabled() &&
|
||||
contextSrv.hasPermission(AccessControlAction.ActionTeamsRolesList) &&
|
||||
contextSrv.hasPermission(AccessControlAction.ActionRolesList);
|
||||
const newTeamHref = canCreate ? 'org/teams/new' : '#';
|
||||
const paginatedTeams = this.getPaginatedTeams(teams);
|
||||
const totalPages = Math.ceil(teams.length / pageLimit);
|
||||
@ -159,7 +173,7 @@ export class TeamList extends PureComponent<Props, State> {
|
||||
<th>Name</th>
|
||||
<th>Email</th>
|
||||
<th>Members</th>
|
||||
{contextSrv.licensedAccessControlEnabled() && <th>Roles</th>}
|
||||
{displayRolePicker && <th>Roles</th>}
|
||||
<th style={{ width: '1%' }} />
|
||||
</tr>
|
||||
</thead>
|
||||
|
||||
@ -60,6 +60,9 @@ export enum AccessControlAction {
|
||||
|
||||
ActionRolesList = 'roles:list',
|
||||
ActionBuiltinRolesList = 'roles.builtin:list',
|
||||
ActionTeamsRolesList = 'teams.roles:list',
|
||||
ActionTeamsRolesAdd = 'teams.roles:add',
|
||||
ActionTeamsRolesRemove = 'teams.roles:remove',
|
||||
ActionUserRolesList = 'users.roles:list',
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user