RBAC: Display indicator if a permission is inherited (#54080)

* RBAC: Add IsInherited property

* PermissionList: Display inherited indicator

pkg/services/accesscontrol/models.go

@@ -235,6 +235,7 @@ type ResourcePermission struct {
 	Team        string
 	BuiltInRole string
 	IsManaged   bool
+	IsInherited bool
 	Created     time.Time
 	Updated     time.Time
 }

pkg/services/accesscontrol/resourcepermissions/api.go

@@ -74,6 +74,7 @@ type resourcePermissionDTO struct {
 	ID            int64    `json:"id"`
 	RoleName      string   `json:"roleName"`
 	IsManaged     bool     `json:"isManaged"`
+	IsInherited   bool     `json:"isInherited"`
 	UserID        int64    `json:"userId,omitempty"`
 	UserLogin     string   `json:"userLogin,omitempty"`
 	UserAvatarUrl string   `json:"userAvatarUrl,omitempty"`
@@ -122,6 +123,7 @@ func (a *api) getPermissions(c *models.ReqContext) response.Response {
 				Actions:       p.Actions,
 				Permission:    permission,
 				IsManaged:     p.IsManaged,
+				IsInherited:   p.IsInherited,
 			})
 		}
 	}

pkg/services/accesscontrol/resourcepermissions/store.go

@@ -44,7 +44,7 @@ func (p *flatResourcePermission) IsManaged(scope string) bool {
 }
 
 func (p *flatResourcePermission) IsInherited(scope string) bool {
-	return p.Scope != scope
+	return !strings.HasPrefix(p.Scope, strings.Split(strings.ReplaceAll(scope, "*", ""), ":")[0])
 }
 
 func (s *store) SetUserResourcePermission(
@@ -482,6 +482,7 @@ func flatPermissionsToResourcePermission(scope string, permissions []flatResourc
 		Created:     first.Created,
 		Updated:     first.Updated,
 		IsManaged:   first.IsManaged(scope),
+		IsInherited: first.IsInherited(scope),
 	}
 }
 

public/app/core/components/AccessControl/PermissionList.tsx

@@ -24,6 +24,7 @@ export const PermissionList = ({ title, items, permissionLevels, canSet, onRemov
           <tr>
             <th style={{ width: '1%' }} />
             <th>{title}</th>
+            <th style={{ width: '1%' }} />
             <th>Permission</th>
             <th style={{ width: '1%' }} />
             <th style={{ width: '1%' }} />

public/app/core/components/AccessControl/PermissionListItem.tsx

@@ -16,6 +16,7 @@ export const PermissionListItem = ({ item, permissionLevels, canSet, onRemove, o
   <tr>
     <td style={{ width: '1%' }}>{getAvatar(item)}</td>
     <td style={{ width: '90%' }}>{getDescription(item)}</td>
+    <td>{item.isInherited && <em className="muted no-wrap">Inherited from folder</em>}</td>
     <td>
       <div className="gf-form">
         <Select
@@ -43,7 +44,7 @@ export const PermissionListItem = ({ item, permissionLevels, canSet, onRemove, o
           aria-label={`Remove permission for ${getName(item)}`}
         />
       ) : (
-        <Tooltip content="Provisioned permission">
+        <Tooltip content={item.isInherited ? 'Inherited Permission' : 'Provisioned Permission'}>
           <Button size="sm" icon="lock" />
         </Tooltip>
       )}

public/app/core/components/AccessControl/types.ts

@@ -2,6 +2,7 @@ export type ResourcePermission = {
   id: number;
   resourceId: string;
   isManaged: boolean;
+  isInherited: boolean;
   userId?: number;
   userLogin?: string;
   userAvatarUrl?: string;