mirror of
https://github.com/grafana/grafana.git
synced 2024-11-26 02:40:26 -06:00
AccessControl: Add group to role picker and standardize display (#79570)
* add group to role picker and standardize display * change stuttery roles
This commit is contained in:
Jo
GitHub
parent
8a4bd85efd
commit
e77dbb63e3
@ -42,7 +42,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
provisioningWriterRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:provisioning:writer",
|
||||
DisplayName: "Provisioning writer",
|
||||
DisplayName: "Writer",
|
||||
Description: "Reload provisioning.",
|
||||
Group: "Provisioning",
|
||||
Permissions: []ac.Permission{
|
||||
@ -58,7 +58,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
datasourcesExplorerRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:datasources:explorer",
|
||||
DisplayName: "Data source explorer",
|
||||
DisplayName: "Explorer",
|
||||
Description: "Enable the Explore feature. Data source permissions still apply; you can only query data sources for which you have query permissions.",
|
||||
Group: "Data sources",
|
||||
Permissions: []ac.Permission{
|
||||
@ -77,7 +77,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
datasourcesReaderRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:datasources:reader",
|
||||
DisplayName: "Data source reader",
|
||||
DisplayName: "Reader",
|
||||
Description: "Read and query all data sources.",
|
||||
Group: "Data sources",
|
||||
Permissions: []ac.Permission{
|
||||
@ -97,7 +97,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
builtInDatasourceReader := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:datasources.builtin:reader",
|
||||
DisplayName: "Built in data source reader",
|
||||
DisplayName: "Built in reader",
|
||||
Description: "Read and query Grafana's built in test data sources.",
|
||||
Group: "Data sources",
|
||||
Permissions: []ac.Permission{
|
||||
@ -123,7 +123,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
datasourcesCreatorRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:datasources:creator",
|
||||
DisplayName: "Data source creator",
|
||||
DisplayName: "Creator",
|
||||
Description: "Create data sources.",
|
||||
Group: "Data sources",
|
||||
Permissions: []ac.Permission{
|
||||
@ -138,7 +138,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
datasourcesWriterRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:datasources:writer",
|
||||
DisplayName: "Data source writer",
|
||||
DisplayName: "Writer",
|
||||
Description: "Create, update, delete, read, or query data sources.",
|
||||
Group: "Data sources",
|
||||
Permissions: ac.ConcatPermissions(datasourcesReaderRole.Role.Permissions, []ac.Permission{
|
||||
@ -177,7 +177,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
apikeyReaderRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:apikeys:reader",
|
||||
DisplayName: "APIKeys reader",
|
||||
DisplayName: "Reader",
|
||||
Description: "Gives access to read api keys.",
|
||||
Group: "API Keys",
|
||||
Permissions: []ac.Permission{
|
||||
@ -193,7 +193,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
apikeyWriterRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:apikeys:writer",
|
||||
DisplayName: "APIKeys writer",
|
||||
DisplayName: "Writer",
|
||||
Description: "Gives access to add and delete api keys.",
|
||||
Group: "API Keys",
|
||||
Permissions: ac.ConcatPermissions(apikeyReaderRole.Role.Permissions, []ac.Permission{
|
||||
@ -212,7 +212,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
orgReaderRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:organization:reader",
|
||||
DisplayName: "Organization reader",
|
||||
DisplayName: "Reader",
|
||||
Description: "Read an organization, such as its ID, name, address, or quotas.",
|
||||
Group: "Organizations",
|
||||
Permissions: []ac.Permission{
|
||||
@ -226,7 +226,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
orgWriterRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:organization:writer",
|
||||
DisplayName: "Organization writer",
|
||||
DisplayName: "Writer",
|
||||
Description: "Read an organization, its quotas, or its preferences. Update organization properties, or its preferences.",
|
||||
Group: "Organizations",
|
||||
Permissions: ac.ConcatPermissions(orgReaderRole.Role.Permissions, []ac.Permission{
|
||||
@ -241,7 +241,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
orgMaintainerRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:organization:maintainer",
|
||||
DisplayName: "Organization maintainer",
|
||||
DisplayName: "Maintainer",
|
||||
Description: "Create, read, write, or delete an organization. Read or write an organization's quotas. Needs to be assigned globally.",
|
||||
Group: "Organizations",
|
||||
Permissions: ac.ConcatPermissions(orgReaderRole.Role.Permissions, []ac.Permission{
|
||||
@ -261,7 +261,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
teamsCreatorRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:teams:creator",
|
||||
DisplayName: "Team creator",
|
||||
DisplayName: "Creator",
|
||||
Description: "Create teams and read organisation users (required to manage the created teams).",
|
||||
Group: "Teams",
|
||||
Permissions: []ac.Permission{
|
||||
@ -275,7 +275,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
teamsReaderRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:teams:read",
|
||||
DisplayName: "Team reader",
|
||||
DisplayName: "Reader",
|
||||
Description: "List all teams.",
|
||||
Group: "Teams",
|
||||
Permissions: []ac.Permission{
|
||||
@ -288,7 +288,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
teamsWriterRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:teams:writer",
|
||||
DisplayName: "Team writer",
|
||||
DisplayName: "Writer",
|
||||
Description: "Create, read, write, or delete a team as well as controlling team memberships.",
|
||||
Group: "Teams",
|
||||
Permissions: []ac.Permission{
|
||||
@ -306,7 +306,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
annotationsReaderRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:annotations:reader",
|
||||
DisplayName: "Annotation reader",
|
||||
DisplayName: "Reader",
|
||||
Description: "Read annotations and tags",
|
||||
Group: "Annotations",
|
||||
Permissions: []ac.Permission{
|
||||
@ -336,7 +336,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
annotationsWriterRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:annotations:writer",
|
||||
DisplayName: "Annotation writer",
|
||||
DisplayName: "Writer",
|
||||
Description: "Update all annotations.",
|
||||
Group: "Annotations",
|
||||
Permissions: []ac.Permission{
|
||||
@ -389,7 +389,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
dashboardsCreatorRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:dashboards:creator",
|
||||
DisplayName: "Dashboard creator",
|
||||
DisplayName: "Creator",
|
||||
Description: "Create dashboard in general folder.",
|
||||
Group: "Dashboards",
|
||||
Permissions: []ac.Permission{
|
||||
@ -403,7 +403,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
dashboardsReaderRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:dashboards:reader",
|
||||
DisplayName: "Dashboard reader",
|
||||
DisplayName: "Reader",
|
||||
Description: "Read all dashboards.",
|
||||
Group: "Dashboards",
|
||||
Permissions: []ac.Permission{
|
||||
@ -416,7 +416,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
dashboardsWriterRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:dashboards:writer",
|
||||
DisplayName: "Dashboard writer",
|
||||
DisplayName: "Writer",
|
||||
Group: "Dashboards",
|
||||
Description: "Create, read, write or delete all dashboards and their permissions.",
|
||||
Permissions: ac.ConcatPermissions(dashboardsReaderRole.Role.Permissions, []ac.Permission{
|
||||
@ -433,7 +433,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
foldersCreatorRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:folders:creator",
|
||||
DisplayName: "Folder creator",
|
||||
DisplayName: "Creator",
|
||||
Description: "Create folders.",
|
||||
Group: "Folders",
|
||||
Permissions: []ac.Permission{
|
||||
@ -446,7 +446,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
foldersReaderRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:folders:reader",
|
||||
DisplayName: "Folder reader",
|
||||
DisplayName: "Reader",
|
||||
Description: "Read all folders and dashboards.",
|
||||
Group: "Folders",
|
||||
Permissions: []ac.Permission{
|
||||
@ -460,7 +460,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
foldersWriterRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:folders:writer",
|
||||
DisplayName: "Folder writer",
|
||||
DisplayName: "Writer",
|
||||
Description: "Create, read, write or delete all folders and dashboards and their permissions.",
|
||||
Group: "Folders",
|
||||
Permissions: ac.ConcatPermissions(
|
||||
@ -482,7 +482,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
libraryPanelsCreatorRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:library.panels:creator",
|
||||
DisplayName: "Library panel creator",
|
||||
DisplayName: "Creator",
|
||||
Description: "Create library panel in general folder.",
|
||||
Group: "Library panels",
|
||||
Permissions: []ac.Permission{
|
||||
@ -496,7 +496,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
libraryPanelsReaderRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:library.panels:reader",
|
||||
DisplayName: "Library panel reader",
|
||||
DisplayName: "Reader",
|
||||
Description: "Read all library panels.",
|
||||
Group: "Library panels",
|
||||
Permissions: []ac.Permission{
|
||||
@ -509,7 +509,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
libraryPanelsGeneralReaderRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:library.panels:general.reader",
|
||||
DisplayName: "Library panel general reader",
|
||||
DisplayName: "General reader",
|
||||
Description: "Read all library panels in general folder.",
|
||||
Group: "Library panels",
|
||||
Permissions: []ac.Permission{
|
||||
@ -522,7 +522,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
libraryPanelsWriterRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:library.panels:writer",
|
||||
DisplayName: "Library panel writer",
|
||||
DisplayName: "Writer",
|
||||
Group: "Library panels",
|
||||
Description: "Create, read, write or delete all library panels and their permissions.",
|
||||
Permissions: ac.ConcatPermissions(libraryPanelsReaderRole.Role.Permissions, []ac.Permission{
|
||||
@ -537,7 +537,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
libraryPanelsGeneralWriterRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:library.panels:general.writer",
|
||||
DisplayName: "Library panel general writer",
|
||||
DisplayName: "General writer",
|
||||
Group: "Library panels",
|
||||
Description: "Create, read, write or delete all library panels and their permissions in the general folder.",
|
||||
Permissions: ac.ConcatPermissions(libraryPanelsGeneralReaderRole.Role.Permissions, []ac.Permission{
|
||||
@ -565,7 +565,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
featuremgmtReaderRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:featuremgmt:reader",
|
||||
DisplayName: "Feature Management reader",
|
||||
DisplayName: "Reader",
|
||||
Description: "Read feature toggles",
|
||||
Group: "Feature Management",
|
||||
Permissions: []ac.Permission{
|
||||
@ -578,7 +578,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
featuremgmtWriterRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:featuremgmt:writer",
|
||||
DisplayName: "Feature Management writer",
|
||||
DisplayName: "Writer",
|
||||
Description: "Write feature toggles",
|
||||
Group: "Feature Management",
|
||||
Permissions: []ac.Permission{
|
||||
@ -601,7 +601,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
allAnnotationsReaderRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:annotations.all:reader",
|
||||
DisplayName: "Annotation reader",
|
||||
DisplayName: "Reader",
|
||||
Description: "Read all annotations and tags",
|
||||
Group: "Annotations",
|
||||
Permissions: []ac.Permission{
|
||||
@ -615,7 +615,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
|
||||
allAnnotationsWriterRole := ac.RoleRegistration{
|
||||
Role: ac.RoleDTO{
|
||||
Name: "fixed:annotations.all:writer",
|
||||
DisplayName: "Annotation writer",
|
||||
DisplayName: "Writer",
|
||||
Description: "Update all annotations.",
|
||||
Group: "Annotations",
|
||||
Permissions: []ac.Permission{
|
||||
|
||||
@ -75,7 +75,7 @@ export const RolePickerInput = ({
|
||||
<div className={styles.wrapper}>
|
||||
{showBasicRoleOnLabel && <ValueContainer>{basicRole}</ValueContainer>}
|
||||
{appliedRoles.map((role) => (
|
||||
<ValueContainer key={role.uid}>{role.displayName || role.name}</ValueContainer>
|
||||
<ValueContainer key={role.uid}>{role.group + ':' + (role.displayName || role.name)}</ValueContainer>
|
||||
))}
|
||||
|
||||
{!disabled && (
|
||||
@ -114,7 +114,7 @@ export const RolesLabel = ({ showBuiltInRole, numberOfRoles, appliedRoles }: Rol
|
||||
<Tooltip
|
||||
content={
|
||||
<div className={styles.tooltip}>
|
||||
{appliedRoles?.map((role) => <p key={role.uid}>{role.displayName}</p>)}
|
||||
{appliedRoles?.map((role) => <p key={role.uid}>{role.group + ':' + (role.displayName || role.name)}</p>)}
|
||||
</div>
|
||||
}
|
||||
>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user