IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Access control: fetch role options only if user has permissions (#44201)

Browse Source 
* Access control: fetch role options only if user has permissions

* Fix org/users page
This commit is contained in:
Alexander Zobnin 2022-01-19 16:15:52 +03:00 committed by GitHub
parent 46280848d8
commit dc913f2311
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 45 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
public/app/core/components/RolePicker/TeamRolePicker.tsx
View File

@ -1,6 +1,7 @@
import React, { FC, useState } from 'react'; import React, { FC, useState } from 'react';
import { useAsync } from 'react-use'; import { useAsync } from 'react-use';
import { Role } from 'app/types'; import { contextSrv } from 'app/core/core';
import { AccessControlAction, Role } from 'app/types';
import { RolePicker } from './RolePicker'; import { RolePicker } from './RolePicker';
import { fetchRoleOptions, fetchTeamRoles, updateTeamRoles } from './api'; import { fetchRoleOptions, fetchTeamRoles, updateTeamRoles } from './api';
@ -18,8 +19,12 @@ export const TeamRolePicker: FC<Props> = ({ teamId, orgId, getRoleOptions, disab
const { loading } = useAsync(async () => { const { loading } = useAsync(async () => {
try { try {
let options = await (getRoleOptions ? getRoleOptions() : fetchRoleOptions(orgId)); if (contextSrv.hasPermission(AccessControlAction.ActionRolesList)) {
setRoleOptions(options.filter((option) => !option.name?.startsWith('managed:'))); let options = await (getRoleOptions ? getRoleOptions() : fetchRoleOptions(orgId));
setRoleOptions(options.filter((option) => !option.name?.startsWith('managed:')));
} else {
setRoleOptions([]);
}
const teamRoles = await fetchTeamRoles(teamId, orgId); const teamRoles = await fetchTeamRoles(teamId, orgId);
setAppliedRoles(teamRoles); setAppliedRoles(teamRoles);

27
public/app/core/components/RolePicker/UserRolePicker.tsx
View File

@ -1,6 +1,7 @@
import React, { FC, useState } from 'react'; import React, { FC, useState } from 'react';
import { useAsync } from 'react-use'; import { useAsync } from 'react-use';
import { Role, OrgRole } from 'app/types'; import { contextSrv } from 'app/core/core';
import { Role, OrgRole, AccessControlAction } from 'app/types';
import { RolePicker } from './RolePicker'; import { RolePicker } from './RolePicker';
import { fetchBuiltinRoles, fetchRoleOptions, fetchUserRoles, updateUserRoles } from './api'; import { fetchBuiltinRoles, fetchRoleOptions, fetchUserRoles, updateUserRoles } from './api';
@ -31,14 +32,26 @@ export const UserRolePicker: FC<Props> = ({
const { loading } = useAsync(async () => { const { loading } = useAsync(async () => {
try { try {
let options = await (getRoleOptions ? getRoleOptions() : fetchRoleOptions(orgId)); if (contextSrv.hasPermission(AccessControlAction.ActionRolesList)) {
setRoleOptions(options.filter((option) => !option.name?.startsWith('managed:'))); let options = await (getRoleOptions ? getRoleOptions() : fetchRoleOptions(orgId));
setRoleOptions(options.filter((option) => !option.name?.startsWith('managed:')));
} else {
setRoleOptions([]);
}
const builtInRoles = await (getBuiltinRoles ? getBuiltinRoles() : fetchBuiltinRoles(orgId)); if (contextSrv.hasPermission(AccessControlAction.ActionBuiltinRolesList)) {
setBuiltinRoles(builtInRoles); const builtInRoles = await (getBuiltinRoles ? getBuiltinRoles() : fetchBuiltinRoles(orgId));
setBuiltinRoles(builtInRoles);
} else {
setBuiltinRoles({});
}
const userRoles = await fetchUserRoles(userId, orgId); if (contextSrv.hasPermission(AccessControlAction.ActionUserRolesList)) {
setAppliedRoles(userRoles); const userRoles = await fetchUserRoles(userId, orgId);
setAppliedRoles(userRoles);
} else {
setAppliedRoles([]);
}
} catch (e) { } catch (e) {
// TODO handle error // TODO handle error
console.error('Error loading options'); console.error('Error loading options');

17
public/app/features/users/UsersTable.tsx
View File

@ -23,10 +23,19 @@ const UsersTable: FC<Props> = (props) => {
useEffect(() => { useEffect(() => {
async function fetchOptions() { async function fetchOptions() {
try { try {
let options = await fetchRoleOptions(orgId); if (contextSrv.hasPermission(AccessControlAction.ActionRolesList)) {
setRoleOptions(options); let options = await fetchRoleOptions(orgId);
const builtInRoles = await fetchBuiltinRoles(orgId); setRoleOptions(options);
setBuiltinRoles(builtInRoles); } else {
setRoleOptions([]);
}
if (contextSrv.hasPermission(AccessControlAction.ActionBuiltinRolesList)) {
const builtInRoles = await fetchBuiltinRoles(orgId);
setBuiltinRoles(builtInRoles);
} else {
setBuiltinRoles({});
}
} catch (e) { } catch (e) {
console.error('Error loading options'); console.error('Error loading options');
} }

4
public/app/types/accessControl.ts
View File

@ -50,6 +50,10 @@ export enum AccessControlAction {
ActionServerStatsRead = 'server.stats:read', ActionServerStatsRead = 'server.stats:read',
ActionTeamsCreate = 'teams:create', ActionTeamsCreate = 'teams:create',
ActionRolesList = 'roles:list',
ActionBuiltinRolesList = 'roles.builtin:list',
ActionUserRolesList = 'users.roles:list',
} }
export interface Role { export interface Role {