IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Chore: remove legacy ac fallback from the route registration (#74464)

Browse Source 
remove legacy ac fallback from the routes
This commit is contained in:
Ieva 2023-09-06 16:57:22 +01:00 committed by GitHub
parent e027f1ef10
commit f52936a604
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 75 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
public/app/core/services/context_srv.ts
View File

@ -200,11 +200,8 @@ export class ContextSrv {
return this.hasPermissionInMetadata(action, object);
}
// evaluates access control permissions, granting access if the user has any of them; uses fallback if access control is disabled
evaluatePermission(fallback: () => string[], actions: string[]) {
if (!this.accessControlEnabled()) {
return fallback();
}
// evaluates access control permissions, granting access if the user has any of them
evaluatePermission(actions: string[]) {
if (actions.some((action) => this.hasPermission(action))) {
return [];
}

122
public/app/features/alerting/routes.tsx
View File

@ -1,7 +1,6 @@
import { uniq } from 'lodash';
import React from 'react';
import { OrgRole } from '@grafana/data';
import { SafeDynamicImport } from 'app/core/components/DynamicImports/SafeDynamicImport';
import { NavLandingPage } from 'app/core/components/NavLandingPage/NavLandingPage';
import { config } from 'app/core/config';
@ -96,130 +95,127 @@ const unifiedRoutes: RouteDescriptor[] = [
},
{
path: '/alerting/list',
roles: evaluateAccess(
[AccessControlAction.AlertingRuleRead, AccessControlAction.AlertingRuleExternalRead],
[OrgRole.Viewer, OrgRole.Editor, OrgRole.Admin]
),
roles: evaluateAccess([AccessControlAction.AlertingRuleRead, AccessControlAction.AlertingRuleExternalRead]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "AlertRuleListIndex" */ 'app/features/alerting/unified/RuleList')
),
},
{
path: '/alerting/routes',
roles: evaluateAccess(
[AccessControlAction.AlertingNotificationsRead, AccessControlAction.AlertingNotificationsExternalRead],
[OrgRole.Editor, OrgRole.Admin]
),
roles: evaluateAccess([
AccessControlAction.AlertingNotificationsRead,
AccessControlAction.AlertingNotificationsExternalRead,
]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "AlertAmRoutes" */ 'app/features/alerting/unified/NotificationPolicies')
),
},
{
path: '/alerting/routes/mute-timing/new',
roles: evaluateAccess(
[AccessControlAction.AlertingNotificationsWrite, AccessControlAction.AlertingNotificationsExternalWrite],
['Editor', 'Admin']
),
roles: evaluateAccess([
AccessControlAction.AlertingNotificationsWrite,
AccessControlAction.AlertingNotificationsExternalWrite,
]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "MuteTimings" */ 'app/features/alerting/unified/MuteTimings')
),
},
{
path: '/alerting/routes/mute-timing/edit',
roles: evaluateAccess(
[AccessControlAction.AlertingNotificationsWrite, AccessControlAction.AlertingNotificationsExternalWrite],
['Editor', 'Admin']
),
roles: evaluateAccess([
AccessControlAction.AlertingNotificationsWrite,
AccessControlAction.AlertingNotificationsExternalWrite,
]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "MuteTimings" */ 'app/features/alerting/unified/MuteTimings')
),
},
{
path: '/alerting/silences',
roles: evaluateAccess(
[AccessControlAction.AlertingInstanceRead, AccessControlAction.AlertingInstancesExternalRead],
['Viewer', 'Editor', 'Admin']
),
roles: evaluateAccess([
AccessControlAction.AlertingInstanceRead,
AccessControlAction.AlertingInstancesExternalRead,
]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "AlertSilences" */ 'app/features/alerting/unified/Silences')
),
},
{
path: '/alerting/silence/new',
roles: evaluateAccess(
[AccessControlAction.AlertingInstanceCreate, AccessControlAction.AlertingInstancesExternalWrite],
['Editor', 'Admin']
),
roles: evaluateAccess([
AccessControlAction.AlertingInstanceCreate,
AccessControlAction.AlertingInstancesExternalWrite,
]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "AlertSilences" */ 'app/features/alerting/unified/Silences')
),
},
{
path: '/alerting/silence/:id/edit',
roles: evaluateAccess(
[AccessControlAction.AlertingInstanceUpdate, AccessControlAction.AlertingInstancesExternalWrite],
['Editor', 'Admin']
),
roles: evaluateAccess([
AccessControlAction.AlertingInstanceUpdate,
AccessControlAction.AlertingInstancesExternalWrite,
]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "AlertSilences" */ 'app/features/alerting/unified/Silences')
),
},
{
path: '/alerting/notifications',
roles: evaluateAccess(
[AccessControlAction.AlertingNotificationsRead, AccessControlAction.AlertingNotificationsExternalRead],
['Editor', 'Admin']
),
roles: evaluateAccess([
AccessControlAction.AlertingNotificationsRead,
AccessControlAction.AlertingNotificationsExternalRead,
]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "NotificationsListPage" */ 'app/features/alerting/unified/Receivers')
),
},
{
path: '/alerting/notifications/:type/new',
roles: evaluateAccess(
[AccessControlAction.AlertingNotificationsWrite, AccessControlAction.AlertingNotificationsExternalWrite],
['Editor', 'Admin']
),
roles: evaluateAccess([
AccessControlAction.AlertingNotificationsWrite,
AccessControlAction.AlertingNotificationsExternalWrite,
]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "NotificationsListPage" */ 'app/features/alerting/unified/Receivers')
),
},
{
path: '/alerting/notifications/:type/:id/edit',
roles: evaluateAccess(
[AccessControlAction.AlertingNotificationsWrite, AccessControlAction.AlertingNotificationsExternalWrite],
['Editor', 'Admin']
),
roles: evaluateAccess([
AccessControlAction.AlertingNotificationsWrite,
AccessControlAction.AlertingNotificationsExternalWrite,
]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "NotificationsListPage" */ 'app/features/alerting/unified/Receivers')
),
},
{
path: '/alerting/notifications/:type/:id/duplicate',
roles: evaluateAccess(
[AccessControlAction.AlertingNotificationsWrite, AccessControlAction.AlertingNotificationsExternalWrite],
['Editor', 'Admin']
),
roles: evaluateAccess([
AccessControlAction.AlertingNotificationsWrite,
AccessControlAction.AlertingNotificationsExternalWrite,
]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "NotificationsListPage" */ 'app/features/alerting/unified/Receivers')
),
},
{
path: '/alerting/notifications/:type',
roles: evaluateAccess(
[AccessControlAction.AlertingNotificationsWrite, AccessControlAction.AlertingNotificationsExternalWrite],
['Editor', 'Admin']
),
roles: evaluateAccess([
AccessControlAction.AlertingNotificationsWrite,
AccessControlAction.AlertingNotificationsExternalWrite,
]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "NotificationsListPage" */ 'app/features/alerting/unified/Receivers')
),
},
{
path: '/alerting/groups/',
roles: evaluateAccess(
[AccessControlAction.AlertingInstanceRead, AccessControlAction.AlertingInstancesExternalRead],
[OrgRole.Viewer, OrgRole.Editor, OrgRole.Admin]
),
roles: evaluateAccess([
AccessControlAction.AlertingInstanceRead,
AccessControlAction.AlertingInstancesExternalRead,
]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "AlertGroups" */ 'app/features/alerting/unified/AlertGroups')
),
@ -227,10 +223,7 @@ const unifiedRoutes: RouteDescriptor[] = [
{
path: '/alerting/new/:type?',
pageClass: 'page-alerting',
roles: evaluateAccess(
[AccessControlAction.AlertingRuleCreate, AccessControlAction.AlertingRuleExternalWrite],
[OrgRole.Viewer, OrgRole.Editor, OrgRole.Admin] // Needs to include viewer because there may be Viewers with Edit permissions in folders
),
roles: evaluateAccess([AccessControlAction.AlertingRuleCreate, AccessControlAction.AlertingRuleExternalWrite]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "AlertingRuleForm"*/ 'app/features/alerting/unified/RuleEditor')
),
@ -238,10 +231,7 @@ const unifiedRoutes: RouteDescriptor[] = [
{
path: '/alerting/:id/edit',
pageClass: 'page-alerting',
roles: evaluateAccess(
[AccessControlAction.AlertingRuleUpdate, AccessControlAction.AlertingRuleExternalWrite],
[OrgRole.Viewer, OrgRole.Editor, OrgRole.Admin] // Needs to include viewer because there may be Viewers with Edit permissions in folders
),
roles: evaluateAccess([AccessControlAction.AlertingRuleUpdate, AccessControlAction.AlertingRuleExternalWrite]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "AlertingRuleForm"*/ 'app/features/alerting/unified/RuleEditor')
),
@ -249,10 +239,7 @@ const unifiedRoutes: RouteDescriptor[] = [
{
path: '/alerting/:sourceName/:id/view',
pageClass: 'page-alerting',
roles: evaluateAccess(
[AccessControlAction.AlertingRuleRead, AccessControlAction.AlertingRuleExternalRead],
[OrgRole.Viewer, OrgRole.Editor, OrgRole.Admin]
),
roles: evaluateAccess([AccessControlAction.AlertingRuleRead, AccessControlAction.AlertingRuleExternalRead]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "AlertingRule"*/ 'app/features/alerting/unified/RuleViewer')
),
@ -260,10 +247,7 @@ const unifiedRoutes: RouteDescriptor[] = [
{
path: '/alerting/:sourceName/:name/find',
pageClass: 'page-alerting',
roles: evaluateAccess(
[AccessControlAction.AlertingRuleRead, AccessControlAction.AlertingRuleExternalRead],
[OrgRole.Viewer, OrgRole.Editor, OrgRole.Admin]
),
roles: evaluateAccess([AccessControlAction.AlertingRuleRead, AccessControlAction.AlertingRuleExternalRead]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "AlertingRedirectToRule"*/ 'app/features/alerting/unified/RedirectToRuleViewer')
),

4
public/app/features/alerting/unified/utils/access-control.ts
View File

@ -106,9 +106,9 @@ export function getRulesPermissions(rulesSourceName: string) {
};
}
export function evaluateAccess(actions: AccessControlAction[], fallBackUserRoles: string[]) {
export function evaluateAccess(actions: AccessControlAction[]) {
return () => {
return contextSrv.evaluatePermission(() => fallBackUserRoles, actions);
return contextSrv.evaluatePermission(actions);
};
}

56
public/app/routes/routes.tsx
View File

@ -48,7 +48,7 @@ export function getAppRoutes(): RouteDescriptor[] {
},
{
path: '/dashboard/new',
roles: () => contextSrv.evaluatePermission(() => [], [AccessControlAction.DashboardsCreate]),
roles: () => contextSrv.evaluatePermission([AccessControlAction.DashboardsCreate]),
pageClass: 'page-dashboard',
routeName: DashboardRoutes.New,
component: SafeDynamicImport(
@ -57,7 +57,7 @@ export function getAppRoutes(): RouteDescriptor[] {
},
{
path: '/dashboard/new-with-ds/:datasourceUid',
roles: () => contextSrv.evaluatePermission(() => ['Editor', 'Admin'], [AccessControlAction.DashboardsCreate]),
roles: () => contextSrv.evaluatePermission([AccessControlAction.DashboardsCreate]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "DashboardPage" */ '../features/dashboard/containers/NewDashboardWithDS')
),
@ -100,7 +100,7 @@ export function getAppRoutes(): RouteDescriptor[] {
},
{
path: '/dashboard/import',
roles: () => contextSrv.evaluatePermission(() => ['Editor', 'Admin'], [AccessControlAction.DashboardsCreate]),
roles: () => contextSrv.evaluatePermission([AccessControlAction.DashboardsCreate]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "DashboardImport"*/ 'app/features/manage-dashboards/DashboardImportPage')
),
@ -143,21 +143,16 @@ export function getAppRoutes(): RouteDescriptor[] {
},
{
path: '/dashboards/folder/new',
roles: () => contextSrv.evaluatePermission(() => ['Editor', 'Admin'], [AccessControlAction.FoldersCreate]),
roles: () => contextSrv.evaluatePermission([AccessControlAction.FoldersCreate]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "NewDashboardsFolder"*/ 'app/features/folders/components/NewDashboardsFolder')
),
},
!config.featureToggles.nestedFolders && {
path: '/dashboards/f/:uid/:slug/permissions',
component: config.rbacEnabled
? SafeDynamicImport(
() =>
import(/* webpackChunkName: "FolderPermissions"*/ 'app/features/folders/AccessControlFolderPermissions')
)
: SafeDynamicImport(
() => import(/* webpackChunkName: "FolderPermissions"*/ 'app/features/folders/FolderPermissions')
),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "FolderPermissions"*/ 'app/features/folders/AccessControlFolderPermissions')
),
},
{
path: '/dashboards/f/:uid/:slug/settings',
@ -180,11 +175,7 @@ export function getAppRoutes(): RouteDescriptor[] {
{
path: '/explore',
pageClass: 'page-explore',
roles: () =>
contextSrv.evaluatePermission(
() => (config.viewersCanEdit ? [] : ['Editor', 'Admin']),
[AccessControlAction.DataSourcesExplore]
),
roles: () => contextSrv.evaluatePermission([AccessControlAction.DataSourcesExplore]),
component: SafeDynamicImport(() =>
config.exploreEnabled
? import(/* webpackChunkName: "explore" */ 'app/features/explore/ExplorePage')
@ -239,7 +230,7 @@ export function getAppRoutes(): RouteDescriptor[] {
},
{
path: '/org/apikeys',
roles: () => contextSrv.evaluatePermission(() => ['Admin'], [AccessControlAction.ActionAPIKeysRead]),
roles: () => contextSrv.evaluatePermission([AccessControlAction.ActionAPIKeysRead]),
component: SafeDynamicImport(
() => import(/* webpackChunkName: "ApiKeysPage" */ 'app/features/api-keys/ApiKeysPage')
),
@ -247,10 +238,10 @@ export function getAppRoutes(): RouteDescriptor[] {
{
path: '/org/serviceaccounts',
roles: () =>
contextSrv.evaluatePermission(
() => ['Admin'],
[AccessControlAction.ServiceAccountsRead, AccessControlAction.ServiceAccountsCreate]
),
contextSrv.evaluatePermission([
AccessControlAction.ServiceAccountsRead,
AccessControlAction.ServiceAccountsCreate,
]),
component: SafeDynamicImport(
() =>
import(/* webpackChunkName: "ServiceAccountsPage" */ 'app/features/serviceaccounts/ServiceAccountsListPage')
@ -274,28 +265,18 @@ export function getAppRoutes(): RouteDescriptor[] {
{
path: '/org/teams',
roles: () =>
contextSrv.evaluatePermission(
() => (config.editorsCanAdmin ? ['Editor', 'Admin'] : ['Admin']),
[AccessControlAction.ActionTeamsRead, AccessControlAction.ActionTeamsCreate]
),
contextSrv.evaluatePermission([AccessControlAction.ActionTeamsRead, AccessControlAction.ActionTeamsCreate]),
component: SafeDynamicImport(() => import(/* webpackChunkName: "TeamList" */ 'app/features/teams/TeamList')),
},
{
path: '/org/teams/new',
roles: () =>
contextSrv.evaluatePermission(
() => (config.editorsCanAdmin ? ['Editor', 'Admin'] : ['Admin']),
[AccessControlAction.ActionTeamsCreate]
),
roles: () => contextSrv.evaluatePermission([AccessControlAction.ActionTeamsCreate]),
component: SafeDynamicImport(() => import(/* webpackChunkName: "CreateTeam" */ 'app/features/teams/CreateTeam')),
},
{
path: '/org/teams/edit/:id/:page?',
roles: () =>
contextSrv.evaluatePermission(
() => (config.editorsCanAdmin ? ['Editor', 'Admin'] : ['Admin']),
[AccessControlAction.ActionTeamsRead, AccessControlAction.ActionTeamsCreate]
),
contextSrv.evaluatePermission([AccessControlAction.ActionTeamsRead, AccessControlAction.ActionTeamsCreate]),
component: SafeDynamicImport(() => import(/* webpackChunkName: "TeamPages" */ 'app/features/teams/TeamPages')),
},
// ADMIN
@ -305,7 +286,7 @@ export function getAppRoutes(): RouteDescriptor[] {
},
{
path: '/admin/authentication',
roles: () => contextSrv.evaluatePermission(() => ['Admin', 'ServerAdmin'], [AccessControlAction.SettingsWrite]),
roles: () => contextSrv.evaluatePermission([AccessControlAction.SettingsWrite]),
component:
config.licenseInfo.enabledFeatures?.saml || config.ldapEnabled
? SafeDynamicImport(
@ -491,8 +472,7 @@ export function getAppRoutes(): RouteDescriptor[] {
},
{
path: '/dashboards/f/:uid/:slug/alerting',
roles: () =>
contextSrv.evaluatePermission(() => ['Viewer', 'Editor', 'Admin'], [AccessControlAction.AlertingRuleRead]),
roles: () => contextSrv.evaluatePermission([AccessControlAction.AlertingRuleRead]),
component: SafeDynamicImport(
config.featureToggles.nestedFolders
? () =>