mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Auth: add a feature toggle for locking user roles for users synced through GCom (#72202)
* add a new feature toggle for locking down role sync for users managed by GCom * protect the frontend and the backend using the new feature toggle * fix merge
This commit is contained in:
@@ -5,6 +5,7 @@ import { Button, ConfirmModal } from '@grafana/ui';
|
||||
import { UserRolePicker } from 'app/core/components/RolePicker/UserRolePicker';
|
||||
import { fetchRoleOptions } from 'app/core/components/RolePicker/api';
|
||||
import { TagBadge } from 'app/core/components/TagFilter/TagBadge';
|
||||
import config from 'app/core/config';
|
||||
import { contextSrv } from 'app/core/core';
|
||||
import { AccessControlAction, OrgUser, Role } from 'app/types';
|
||||
|
||||
@@ -56,8 +57,14 @@ export const UsersTable = ({ users, orgId, onRoleChange, onRemoveUser }: Props)
|
||||
<tbody>
|
||||
{users.map((user, index) => {
|
||||
let basicRoleDisabled = !contextSrv.hasPermissionInMetadata(AccessControlAction.OrgUsersWrite, user);
|
||||
const isUserSynced = user?.isExternallySynced;
|
||||
basicRoleDisabled = isUserSynced || basicRoleDisabled;
|
||||
let authLabel = Array.isArray(user.authLabels) && user.authLabels.length > 0 ? user.authLabels[0] : '';
|
||||
// A GCom specific feature toggle for role locking has been introduced, as the previous implementation had a bug with locking down external users synced through GCom (https://github.com/grafana/grafana/pull/72044)
|
||||
// Remove this conditional once FlagGcomOnlyExternalOrgRoleSync feature toggle has been removed
|
||||
if (authLabel !== 'grafana.com' || config.featureToggles.gcomOnlyExternalOrgRoleSync) {
|
||||
const isUserSynced = user?.isExternallySynced;
|
||||
basicRoleDisabled = isUserSynced || basicRoleDisabled;
|
||||
}
|
||||
|
||||
return (
|
||||
<tr key={`${user.userId}-${index}`}>
|
||||
<td className="width-2 text-center">
|
||||
|
||||
Reference in New Issue
Block a user