IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Access control: Make Admin/Users UI working with the permissions (#33176)

Browse Source 
* API: authorize admin/users views

* Render admin/users components based on user's permissions

* Add LDAP permissions (required by admin/user page)

* Extend default admin role by LDAP permissions

* Show/hide LDAP debug views

* Render LDAP debug page if user has access

* Authorize LDAP debug view

* fix permissions definitions

* Add LDAP page permissions

* remove ambiguous permissions check

* Hide logout buttons in sessions table

* Add org/users permissions

* Use org permissions for managing user roles in orgs

* Apply permissions to org/users

* Apply suggestions from review

* Fix tests

* remove scopes from the frontend

* Tweaks according to review

* Handle /invites endpoints
This commit is contained in:
Alexander Zobnin
2021-04-22 13:19:41 +03:00
committed by GitHub
parent 66020b419c
commit a7e721e987
24 changed files with 356 additions and 204 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
public/app/types/accessControl.ts
View File

@@ -8,11 +8,6 @@ export type UserPermission = {
[key: string]: { [key: string]: string };
};
export interface AccessControlPermission {
action: AccessControlAction;
scope?: AccessControlScope;
}
// Permission actions
export enum AccessControlAction {
UsersRead = 'users:read',
@@ -20,19 +15,22 @@ export enum AccessControlAction {
UsersTeamRead = 'users.teams:read',
UsersAuthTokenList = 'users.authtoken:list',
UsersAuthTokenUpdate = 'users.authtoken:update',
UsersPasswordUpdate = 'users.password.update',
UsersPasswordUpdate = 'users.password:update',
UsersDelete = 'users:delete',
UsersCreate = 'users:create',
UsersEnable = 'users:enable',
UsersDisable = 'users:disable',
UsersPermissionsUpdate = 'users.permissions.update',
UsersPermissionsUpdate = 'users.permissions:update',
UsersLogout = 'users:logout',
UsersQuotasList = 'users.quotas:list',
UsersQuotasUpdate = 'users.quotas:update',
}
// Global Scopes
export enum AccessControlScope {
UsersAll = 'users:*',
UsersSelf = 'users:self',
OrgUsersRead = 'org.users:read',
OrgUsersAdd = 'org.users:add',
OrgUsersRemove = 'org.users:remove',
OrgUsersRoleUpdate = 'org.users.role:update',
LDAPUsersRead = 'ldap.user:read',
LDAPUsersSync = 'ldap.user:sync',
LDAPStatusRead = 'ldap.status:read',
}