IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Access Control: Set permissions for Grafana's test data source (#53247)

Browse Source 
* set permissions for Grafana's test data source

* linting
This commit is contained in:
Ieva
2022-08-05 10:19:50 +03:00
committed by GitHub
parent 64721bfa94
commit b590c1c60f
1 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
pkg/api/accesscontrol.go
View File

@@ -1,6 +1,8 @@
package api
import (
"fmt"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/plugins"
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
@@ -8,6 +10,7 @@ import (
"github.com/grafana/grafana/pkg/services/datasources"
"github.com/grafana/grafana/pkg/services/serviceaccounts"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/tsdb/grafanads"
)
// API related actions
@@ -98,6 +101,27 @@ func (hs *HTTPServer) declareFixedRoles() error {
Grants: []string{string(models.ROLE_ADMIN)},
}
builtInDatasourceReader := ac.RoleRegistration{
Role: ac.RoleDTO{
Name: "fixed:datasources.builtin:reader",
DisplayName: "Built in data source reader",
Description: "Read and query Grafana's built in test data sources.",
Group: "Data sources",
Permissions: []ac.Permission{
{
Action: datasources.ActionRead,
Scope: fmt.Sprintf("%s%s", datasources.ScopePrefix, grafanads.DatasourceUID),
},
{
Action: datasources.ActionQuery,
Scope: fmt.Sprintf("%s%s", datasources.ScopePrefix, grafanads.DatasourceUID),
},
},
Hidden: true,
},
Grants: []string{string(models.ROLE_VIEWER)},
}
// when running oss or enterprise without a license all users should be able to query data sources
if !hs.License.FeatureEnabled("accesscontrol.enforcement") {
datasourcesReaderRole.Grants = []string{string(models.ROLE_VIEWER)}
@@ -395,7 +419,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
}
return hs.AccessControl.DeclareFixedRoles(
provisioningWriterRole, datasourcesReaderRole, datasourcesWriterRole,
provisioningWriterRole, datasourcesReaderRole, builtInDatasourceReader, datasourcesWriterRole,
datasourcesIdReaderRole, orgReaderRole, orgWriterRole,
orgMaintainerRole, teamsCreatorRole, teamsWriterRole, datasourcesExplorerRole,
annotationsReaderRole, dashboardAnnotationsWriterRole, annotationsWriterRole,