IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Don't set empty action sets (#87398)

Browse Source 
* don't set empty action sets

* extend comment
This commit is contained in:
Ieva 2024-05-08 13:09:46 +01:00 committed by GitHub
parent be5ced4287
commit 9a824bdf0a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/services/accesscontrol/resourcepermissions/store.go
View File

@ -664,7 +664,7 @@ func (s *store) createPermissions(sess *db.Session, roleID int64, resource, reso
/*
Add ACTION SET of managed permissions to in-memory store
*/
if s.features.IsEnabled(context.TODO(), featuremgmt.FlagAccessActionSets) {
if s.features.IsEnabled(context.TODO(), featuremgmt.FlagAccessActionSets) && permission != "" {
actionSetName := s.actionSetService.GetActionSetName(resource, permission)
p := managedPermission(actionSetName, resource, resourceID, resourceAttribute)
p.RoleID = roleID
@ -674,10 +674,10 @@ func (s *store) createPermissions(sess *db.Session, roleID int64, resource, reso
permissions = append(permissions, p)
}
// If there are no missing actions for the resource, we don't need to insert any prior actions
// we still want to add the action set
// If there are no missing actions for the resource (in case of access level downgrade or resource removal), we don't need to insert any prior actions
// we still want to add the action set in case of access level downgrade, but not in case of resource removal (when permission == "")
if len(missingActions) == 0 {
if s.features.IsEnabled(context.TODO(), featuremgmt.FlagAccessActionSets) {
if s.features.IsEnabled(context.TODO(), featuremgmt.FlagAccessActionSets) && permission != "" {
if _, err := sess.InsertMulti(&permissions); err != nil {
return err
}