Auth: Add no role frontend feature flag (#72823)

* Add 'noBasicRole' feature flag * Hide role options and tooltip with feature flag * Add feature flag to registry
2025-02-25 18:55:37 -06:00 · 2023-08-04 11:08:14 +02:00 · 2023-08-04 11:08:14 +02:00 · 64ed77ddce
commit 64ed77ddce
parent 0b9bb97982
8 changed files with 31 additions and 7 deletions
--- a/docs/sources/setup-grafana/configure-grafana/feature-toggles/index.md
+++ b/docs/sources/setup-grafana/configure-grafana/feature-toggles/index.md
@ -129,6 +129,7 @@ Experimental features might be changed or removed without prior notice.
 | `permissionsFilterRemoveSubquery`           | Alternative permission filter implementation that does not use subqueries for fetching the dashboard folder                                                                              |
 | `prometheusConfigOverhaulAuth`              | Update the Prometheus configuration page with the new auth component                                                                                                                     |
 | `influxdbSqlSupport`                        | Enable InfluxDB SQL query language support with new querying UI                                                                                                                          |
+| `noBasicRole`                               | Enables a new role that has no permissions by default                                                                                                                                    |

 ## Development feature toggles

--- a/packages/grafana-data/src/types/featureToggles.gen.ts
+++ b/packages/grafana-data/src/types/featureToggles.gen.ts
@ -118,4 +118,5 @@ export interface FeatureToggles {
  prometheusConfigOverhaulAuth?: boolean;
  configurableSchedulerTick?: boolean;
  influxdbSqlSupport?: boolean;
+  noBasicRole?: boolean;
 }
--- a/pkg/services/featuremgmt/registry.go
+++ b/pkg/services/featuremgmt/registry.go
@ -691,5 +691,13 @@ var (
 			Owner:           grafanaObservabilityMetricsSquad,
 			RequiresRestart: false,
 		},
+		{
+			Name:            "noBasicRole",
+			Description:     "Enables a new role that has no permissions by default",
+			Stage:           FeatureStageExperimental,
+			FrontendOnly:    true,
+			Owner:           grafanaAuthnzSquad,
+			RequiresRestart: true,
+		},
 	}
 )
--- a/pkg/services/featuremgmt/toggles_gen.csv
+++ b/pkg/services/featuremgmt/toggles_gen.csv
@ -99,3 +99,4 @@ permissionsFilterRemoveSubquery,experimental,@grafana/backend-platform,false,fal
 prometheusConfigOverhaulAuth,experimental,@grafana/observability-metrics,false,false,false,false
 configurableSchedulerTick,experimental,@grafana/alerting-squad,false,false,true,false
 influxdbSqlSupport,experimental,@grafana/observability-metrics,false,false,false,false
+noBasicRole,experimental,@grafana/grafana-authnz-team,false,false,true,true
--- a/pkg/services/featuremgmt/toggles_gen.go
+++ b/pkg/services/featuremgmt/toggles_gen.go
@ -406,4 +406,8 @@ const (
 	// FlagInfluxdbSqlSupport
 	// Enable InfluxDB SQL query language support with new querying UI
 	FlagInfluxdbSqlSupport = "influxdbSqlSupport"
+
+	// FlagNoBasicRole
+	// Enables a new role that has no permissions by default
+	FlagNoBasicRole = "noBasicRole"
 )
--- a/public/app/core/components/RolePicker/BuiltinRoleSelector.tsx
+++ b/public/app/core/components/RolePicker/BuiltinRoleSelector.tsx
@ -1,15 +1,23 @@
 import React from 'react';

 import { SelectableValue } from '@grafana/data';
+import { config } from '@grafana/runtime';
 import { Icon, RadioButtonList, Tooltip, useStyles2, useTheme2 } from '@grafana/ui';
+import { contextSrv } from 'app/core/core';
 import { OrgRole } from 'app/types';

 import { getStyles } from './styles';

-const BasicRoleOption: Array<SelectableValue<OrgRole>> = Object.values(OrgRole).map((r) => ({
-  label: r === OrgRole.None ? 'No basic role' : r,
-  value: r,
-}));
+const noBasicRoleFlag = contextSrv.licensedAccessControlEnabled();
+
+const noBasicRole = config.featureToggles.noBasicRole && noBasicRoleFlag;
+
+const BasicRoleOption: Array<SelectableValue<OrgRole>> = Object.values(OrgRole)
+  .filter((r) => noBasicRole || r !== OrgRole.None)
+  .map((r) => ({
+    label: r === OrgRole.None ? 'No basic role' : r,
+    value: r,
+  }));

 interface Props {
  value?: OrgRole;
--- a/public/app/core/components/RolePicker/RolePickerMenu.tsx
+++ b/public/app/core/components/RolePicker/RolePickerMenu.tsx
@ -1,6 +1,7 @@
 import { css, cx } from '@emotion/css';
 import React, { useEffect, useRef, useState } from 'react';

+import { config } from '@grafana/runtime';
 import { Button, CustomScrollbar, HorizontalGroup, useStyles2, useTheme2 } from '@grafana/ui';
 import { getSelectStyles } from '@grafana/ui/src/components/Select/getSelectStyles';
 import { contextSrv } from 'app/core/core';
@ -35,7 +36,7 @@ const fixedRoleGroupNames: Record<string, string> = {
  current: 'Current org',
 };

-const noBasicRoleFlag = contextSrv.licensedAccessControlEnabled();
+const noBasicRoleFlag = contextSrv.licensedAccessControlEnabled() && config.featureToggles.noBasicRole;
 const tooltipMessage = noBasicRoleFlag
  ? 'You can now select the "No basic role" option and add permissions to your custom needs.'
  : undefined;
--- a/public/app/features/org/UserInviteForm.tsx
+++ b/public/app/features/org/UserInviteForm.tsx
@ -2,7 +2,7 @@ import React from 'react';

 import { locationUtil, SelectableValue } from '@grafana/data';
 import { Stack } from '@grafana/experimental';
-import { locationService } from '@grafana/runtime';
+import { config, locationService } from '@grafana/runtime';
 import {
  Button,
  LinkButton,
@ -23,7 +23,7 @@ import { OrgRole, useDispatch } from 'app/types';

 import { addInvitee } from '../invites/state/actions';

-const noBasicRoleFlag = contextSrv.licensedAccessControlEnabled();
+const noBasicRoleFlag = contextSrv.licensedAccessControlEnabled() && config.featureToggles.noBasicRole;

 const tooltipMessage = noBasicRoleFlag
  ? 'You can now select the "No basic role" option and add permissions to your custom needs.'