IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Allow omitting default permissions when a new resource is created (#90720)

Browse Source 
* Cfg: Move rbac settings to own struct

* Cfg: Add setting to control if resource should generate managed permissions when created

* Dashboards: Check if we should generate default permissions when dashboard is created

* Folders: Check if we should generate default permissions when folder is created

* Datasource: Check if we should generate default permissions when datasource is created

* ServiceAccount: Check if we should generate default permissions when service account is created

* Cfg: Add option to specify resources for wich we should default seed

* ManagedPermissions: Move providers to their own files

* Dashboards: Default seed all possible managed permissions if configured

* Folders: Default seed all possible managed permissions if configured

* Cfg: Remove service account from list

* RBAC: Move utility function

* remove managed permission settings from the config file examples, change the setting names

* remove ini file changes from the PR

* fix setting reading

* fix linting errors

* fix tests

* fix wildcard role seeding

---------

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: jguer <me@jguer.space>
This commit is contained in:
Ieva
2024-07-24 17:31:26 +01:00
committed by GitHub
parent 82236976ae
commit 9bb2cf4968
19 changed files with 712 additions and 475 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/api/plugins_test.go
View File

@@ -87,7 +87,7 @@ func Test_PluginsInstallAndUninstall(t *testing.T) {
hs.Cfg = setting.NewCfg()
hs.Cfg.PluginAdminEnabled = tc.pluginAdminEnabled
hs.Cfg.PluginAdminExternalManageEnabled = tc.pluginAdminExternalManageEnabled
hs.Cfg.RBACSingleOrganization = tc.singleOrganization
hs.Cfg.RBAC.SingleOrganization = tc.singleOrganization
hs.orgService = &orgtest.FakeOrgService{ExpectedOrg: &org.Org{}}
hs.accesscontrolService = &actest.FakeService{}
@@ -743,7 +743,7 @@ func TestHTTPServer_hasPluginRequestedPermissions(t *testing.T) {
require.NoError(t, err)
hs.Cfg = setting.NewCfg()
hs.Cfg.RBACSingleOrganization = tt.singleOrg
hs.Cfg.RBAC.SingleOrganization = tt.singleOrg
hs.pluginStore = &pluginstore.FakePluginStore{
PluginList: []pluginstore.Plugin{tt.plugin},
}