IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Access control: expose SA frontend to users with the right permissions (#47727)

Browse Source 
* expose frontend to users with permissions

* cover the ui endpoints

* fix permissions
This commit is contained in:
Ieva
2022-04-14 12:40:15 +01:00
committed by GitHub
parent 6f31a69bfd
commit e50bd5cac8
7 changed files with 57 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
public/app/features/serviceaccounts/ServiceAccountsListItem.tsx
View File

@@ -28,7 +28,10 @@ const ServiceAccountListItem = memo(
const editUrl = `org/serviceaccounts/${serviceAccount.id}`;
const styles = useStyles2(getStyles);
const canUpdateRole = contextSrv.hasPermissionInMetadata(AccessControlAction.ServiceAccountsWrite, serviceAccount);
const rolePickerDisabled = !canUpdateRole;
const displayRolePicker =
contextSrv.hasPermission(AccessControlAction.ActionRolesList) &&
contextSrv.hasPermission(AccessControlAction.ActionUserRolesList);
const enableRolePicker = contextSrv.hasPermission(AccessControlAction.OrgUsersRoleUpdate) && canUpdateRole;
return (
<tr key={serviceAccount.id}>
@@ -61,26 +64,30 @@ const ServiceAccountListItem = memo(
{serviceAccount.login}
</a>
</td>
<td className={cx('link-td', styles.iconRow)}>
{contextSrv.licensedAccessControlEnabled() ? (
<UserRolePicker
userId={serviceAccount.id}
orgId={serviceAccount.orgId}
builtInRole={serviceAccount.role}
onBuiltinRoleChange={(newRole) => onRoleChange(newRole, serviceAccount)}
roleOptions={roleOptions}
builtInRoles={builtInRoles}
disabled={rolePickerDisabled}
/>
) : (
{contextSrv.licensedAccessControlEnabled() ? (
displayRolePicker && (
<td className={cx('link-td', styles.iconRow)}>
<UserRolePicker
userId={serviceAccount.id}
orgId={serviceAccount.orgId}
builtInRole={serviceAccount.role}
onBuiltinRoleChange={(newRole) => onRoleChange(newRole, serviceAccount)}
roleOptions={roleOptions}
builtInRoles={builtInRoles}
disabled={!enableRolePicker}
/>
</td>
)
) : (
<td className={cx('link-td', styles.iconRow)}>
<OrgRolePicker
aria-label="Role"
value={serviceAccount.role}
disabled={!canUpdateRole}
onChange={(newRole) => onRoleChange(newRole, serviceAccount)}
/>
)}
</td>
</td>
)}
<td className="link-td max-width-10">
<a
className="ellipsis"

18
public/app/features/serviceaccounts/state/actions.ts
View File

@@ -1,4 +1,4 @@
import { ServiceAccountDTO, ThunkResult, ServiceAccountFilter } from '../../../types';
import { ServiceAccountDTO, ThunkResult, ServiceAccountFilter, AccessControlAction } from '../../../types';
import { getBackendSrv, locationService } from '@grafana/runtime';
import {
acOptionsLoaded,
@@ -16,6 +16,7 @@ import {
import { accessControlQueryParam } from 'app/core/utils/accessControl';
import { fetchBuiltinRoles, fetchRoleOptions } from 'app/core/components/RolePicker/api';
import { debounce } from 'lodash';
import { contextSrv } from '../../../core/services/context_srv';
import { ServiceAccountToken } from '../CreateServiceAccountTokenModal';
const BASE_URL = `/api/serviceaccounts`;
@@ -23,10 +24,17 @@ const BASE_URL = `/api/serviceaccounts`;
export function fetchACOptions(): ThunkResult<void> {
return async (dispatch) => {
try {
const options = await fetchRoleOptions();
dispatch(acOptionsLoaded(options));
const builtInRoles = await fetchBuiltinRoles();
dispatch(builtInRolesLoaded(builtInRoles));
if (contextSrv.licensedAccessControlEnabled() && contextSrv.hasPermission(AccessControlAction.ActionRolesList)) {
const options = await fetchRoleOptions();
dispatch(acOptionsLoaded(options));
}
if (
contextSrv.licensedAccessControlEnabled() &&
contextSrv.hasPermission(AccessControlAction.ActionBuiltinRolesList)
) {
const builtInRoles = await fetchBuiltinRoles();
dispatch(builtInRolesLoaded(builtInRoles));
}
} catch (error) {
console.error(error);
}