IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Allow listing Dashboards through k8s APIs (#98997)

Browse Source 
What

This PR changes the dashboard authorizer logic to no longer require
requester to be the super admin user in order to list dashboards using
k8s APIs.

Why

We no longer need this precondition - dashboards should be listable
based on the regular authorizer logic.

Signed-off-by: Igor Suleymanov <igor.suleymanov@grafana.com>
This commit is contained in:
Igor Suleymanov 2025-01-15 11:50:28 +02:00 committed by GitHub
parent 32790c6918
commit 7f04f66137
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 0 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/registry/apis/dashboard/authorizer.go
View File

@ -7,7 +7,6 @@ import (
"github.com/grafana/authlib/claims"
"github.com/grafana/grafana/pkg/apimachinery/identity"
"github.com/grafana/grafana/pkg/apis/dashboard"
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/guardian"
@ -27,12 +26,6 @@ func GetAuthorizer(dashboardService dashboards.DashboardService, l log.Logger) a
}
if attr.GetName() == "" {
// Discourage use of the "list" command for non super admin users
if attr.GetVerb() == "list" && attr.GetResource() == dashboard.DashboardResourceInfo.GroupResource().Resource {
if !user.GetIsGrafanaAdmin() {
return authorizer.DecisionDeny, "list summary objects (or connect as GrafanaAdmin)", err
}
}
return authorizer.DecisionNoOpinion, "", nil
}