mirror of
https://github.com/grafana/grafana.git
synced 2025-01-24 23:37:01 -06:00
AccessControl: Modify provisioning to prevent built-in role assignment (#48031)
* Add basic and managed prefixes to avoid magic strings For now let's stick with grafana_builtins add function isBasic to RoleDTO add function isBasic to Role Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Add team store to wire Co-authored-by: Jguer <joao.guerreiro@grafana.com> Co-authored-by: Jguer <joao.guerreiro@grafana.com>
This commit is contained in:
parent
b727c324b8
commit
9ed7e48454
@ -253,6 +253,7 @@ var wireSet = wire.NewSet(
|
||||
wireBasicSet,
|
||||
sqlstore.ProvideService,
|
||||
wire.Bind(new(alerting.AlertStore), new(*sqlstore.SQLStore)),
|
||||
wire.Bind(new(sqlstore.TeamStore), new(*sqlstore.SQLStore)),
|
||||
ngmetrics.ProvideService,
|
||||
wire.Bind(new(notifications.TempUserStore), new(*sqlstore.SQLStore)),
|
||||
wire.Bind(new(notifications.Service), new(*notifications.NotificationService)),
|
||||
@ -268,6 +269,7 @@ var wireTestSet = wire.NewSet(
|
||||
sqlstore.ProvideServiceForTests,
|
||||
ngmetrics.ProvideServiceForTest,
|
||||
wire.Bind(new(alerting.AlertStore), new(*sqlstore.SQLStore)),
|
||||
wire.Bind(new(sqlstore.TeamStore), new(*sqlstore.SQLStore)),
|
||||
|
||||
notifications.MockNotificationService,
|
||||
wire.Bind(new(notifications.TempUserStore), new(*mockstore.SQLStoreMock)),
|
||||
|
@ -32,7 +32,7 @@ type flatResourcePermission struct {
|
||||
}
|
||||
|
||||
func (p *flatResourcePermission) IsManaged() bool {
|
||||
return strings.HasPrefix(p.RoleName, "managed:") && !p.IsInherited()
|
||||
return strings.HasPrefix(p.RoleName, accesscontrol.ManagedRolePrefix) && !p.IsInherited()
|
||||
}
|
||||
|
||||
func (p *flatResourcePermission) IsInherited() bool {
|
||||
|
@ -41,6 +41,10 @@ func (r *Role) IsFixed() bool {
|
||||
return strings.HasPrefix(r.Name, FixedRolePrefix)
|
||||
}
|
||||
|
||||
func (r *Role) IsBasic() bool {
|
||||
return strings.HasPrefix(r.Name, BasicRolePrefix) || strings.HasPrefix(r.UID, BasicRoleUIDPrefix)
|
||||
}
|
||||
|
||||
func (r *Role) GetDisplayName() string {
|
||||
if r.IsFixed() && r.DisplayName == "" {
|
||||
r.DisplayName = fallbackDisplayName(r.Name)
|
||||
@ -118,6 +122,10 @@ func (r *RoleDTO) IsFixed() bool {
|
||||
return strings.HasPrefix(r.Name, FixedRolePrefix)
|
||||
}
|
||||
|
||||
func (r *RoleDTO) IsBasic() bool {
|
||||
return strings.HasPrefix(r.Name, BasicRolePrefix) || strings.HasPrefix(r.UID, BasicRoleUIDPrefix)
|
||||
}
|
||||
|
||||
func (r *RoleDTO) GetDisplayName() string {
|
||||
if r.IsFixed() && r.DisplayName == "" {
|
||||
r.DisplayName = fallbackDisplayName(r.Name)
|
||||
@ -261,9 +269,12 @@ type SetResourcePermissionCommand struct {
|
||||
}
|
||||
|
||||
const (
|
||||
GlobalOrgID = 0
|
||||
FixedRolePrefix = "fixed:"
|
||||
RoleGrafanaAdmin = "Grafana Admin"
|
||||
GlobalOrgID = 0
|
||||
FixedRolePrefix = "fixed:"
|
||||
ManagedRolePrefix = "managed:"
|
||||
BasicRolePrefix = "grafana:builtins:"
|
||||
BasicRoleUIDPrefix = "grafana_builtins_"
|
||||
RoleGrafanaAdmin = "Grafana Admin"
|
||||
|
||||
GeneralFolderUID = "general"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user