IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Access control: Change data source permissions to be based on UID (#46741)

Browse Source 
* Add ResourceAttribute

* Add ResourceAttribute option

* Set ResourceAttribute option

* Change resolvers to return uid based scopes

* update swagger to correct scope

* use ResourceAttribute for endpoint scope

* bump role version

* Add support for different attributes for access control metadata

* evaluate data source metadata based on uid

* Fix test

* uncomment benchmarks

* Use resourceID

* use evaluator for access control metadata

* update comment

* Set default permissions based on uid

* Add attribute to accesscontrol filter

* validate that scopes has correct attribute

* lint

* Update comment

* remove attribute parameter and extend prefix

* refactor to use scope prefix

* Get metadata with prefix

* fix test

* fix comparision

* remove unused type

* fix attribute index

* fix typo

* restructure logic

* Get metadata by uid

* fix imports

Co-authored-by: jguer <joao.guerreiro@grafana.com>
This commit is contained in:
Karl Persson
2022-03-24 12:21:26 +01:00
committed by GitHub
parent 758ccfb69e
commit cac6936015
5 changed files with 47 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/api/docs/definitions/datasources.go
View File

@@ -46,7 +46,7 @@ import (
// encrypted fields are listed under secureJsonFields section in the response.
//
// If you are running Grafana Enterprise and have Fine-grained access control enabled
// you need to have a permission with action: `datasources:write` and scopes: `datasources:*`, `datasources:id:*` and `datasources:id:1` (single data source).
// you need to have a permission with action: `datasources:write` and scopes: `datasources:*`, `datasources:uid:*` and `datasources:uid:1` (single data source).
//
// Responses:
// 200: createOrUpdateDatasourceResponse
@@ -59,7 +59,7 @@ import (
// Delete an existing data source by id.
//
// If you are running Grafana Enterprise and have Fine-grained access control enabled
// you need to have a permission with action: `datasources:delete` and scopes: `datasources:*`, `datasources:id:*` and `datasources:id:1` (single data source).
// you need to have a permission with action: `datasources:delete` and scopes: `datasources:*`, `datasources:uid:*` and `datasources:uid:1` (single data source).
//
// Responses:
// 200: okResponse
@@ -101,7 +101,7 @@ import (
// Get a single data source by Id.
//
// If you are running Grafana Enterprise and have Fine-grained access control enabled
// you need to have a permission with action: `datasources:read` and scopes: `datasources:*`, `datasources:id:*` and `datasources:id:1` (single data source).
// you need to have a permission with action: `datasources:read` and scopes: `datasources:*`, `datasources:uid:*` and `datasources:uid:1` (single data source).
//
// Responses:
// 200: getDatasourceResponse