Commit Graph

76 Commits

Author SHA1 Message Date
idafurjes
7e5544ab21
Add MFolderIDsServiceCount to count folderIDs in services pkg (#81237) 2024-01-25 11:10:35 +01:00
Alexander Zobnin
959ebf82da
Folders: Show dashboards and folders with directly assigned permissions in "Shared" folder (#78465)
* Folders: Show folders user has access to at the root level

* Refactor

* Refactor

* Hide parent folders user has no access to

* Skip expensive computation if possible

* Fix tests

* Fix potential nil access

* Fix duplicated folders

* Fix linter error

* Fix querying folders if no managed permissions set

* Update benchmark

* Add special shared with me folder and fetch available non-root folders on demand

* Fix parents query

* Improve db query for folders

* Reset benchmark changes

* Fix permissions for shared with me folder

* Simplify dedup

* Add option to include shared folder permission to user's permissions

* Fix nil UID

* Remove duplicated folders from shared list

* Folders: Fix fetching empty folder

* Nested folders: Show dashboards with directly assigned permissions

* Fix slow dashboards fetch

* Refactor

* Fix cycle dependencies

* Move shared folder to models

* Fix shared folder links

* Refactor

* Use feature flag for permissions

* Use feature flag

* Review comments

* Expose shared folder UID through frontend settings

* Add frontend type for sharedWithMeFolderUID option

* Refactor: apply review suggestions

* Fix parent uid for shared folder

* Fix listing shared dashboards for users with access to all folders

* Prevent creating folder with "shared" UID

* Add tests for shared folders

* Add test for shared dashboards

* Fix linter

* Add metrics for shared with me folder

* Add metrics for shared with me dashboards

* Fix tests

* Tests: add metrics as a dependency

* Fix access control metadata for shared with me folder

* Use constant for shared with me

* Optimize parent folders access check, fetch all folders in one query.

* Use labels for metrics
2023-12-05 16:13:31 +01:00
Kat Yang
2f2ce3edbb
Chore: Deprecate ID from Folder (#78281)
* Chore: Deprecate ID from Folder

* chore: add more linter comments

* chore: add missing lint comment
2023-11-20 15:44:51 -05:00
linoman
1b8e9b51b2
Replace signed in user for identity.requester (#74048)
* Make identity.Requester available at Context

* Clean pkg/services/guardian/guardian.go

* Clean guardian provider and guardian AC

* Clean pkg/api/team.go

* Clean ctxhandler, datasources, plugin and live

* Clean dashboards and guardian

* Implement NewUserDisplayDTOFromRequester

* Change status code numbers for http constants

* Upgrade signature of ngalert services

* log parsing errors instead of throwing error
2023-08-30 16:51:18 +02:00
Karl Persson
9470d97eea
Guardian: Remove legacy dashboard gurdian (#74022)
Gurdian: Remove legacy dashboard gurdian
2023-08-30 10:14:17 +02:00
Jo
a307582212
Revert "Replace signed in user for identity.requester (#73750)" (#73962)
This reverts commit 9b9c9e83dc.
2023-08-28 21:05:59 +02:00
linoman
9b9c9e83dc
Replace signed in user for identity.requester (#73750)
* Make identity.Requester available at Context

* Clean pkg/services/guardian/guardian.go

* Clean guardian provider and guardian AC

* Clean pkg/api/team.go

* Clean ctxhandler, datasources, plugin and live

* Question: what to do with the UserDisplayDTO?

* Clean dashboards and guardian

* Remove identity.Requester from ReqContext

* Implement NewUserDisplayDTOFromRequester

* Fix tests

* Change status code numbers for http constants

* Upgrade signature of ngalert services

* log parsing errors instead of throwing error

* Fix tests and add logs

* linting
2023-08-28 12:04:36 -05:00
Karl Persson
01d98114b9
Authz: fix snapshot tests legacy guardian (#73823)
* Guardian: remove unused dependencies

* API: rewrite tests to use access control guardian
2023-08-28 09:49:10 +02:00
Karl Persson
05c386504b
authz: Clean up acl endpoints and dashboard guardian (#73746)
* RBAC: remove unnessisary guardian construction and update tests

* RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test

* RBAC: remove usage of guardian in update and get permissions for dashboards
2023-08-24 15:37:54 +02:00
Marcus Efraimsson
040b7d2571
Chore: Add errutils helpers (#73577)
Add helpers for the errutil package in favor of errutil.NewBase.
2023-08-22 12:52:24 +02:00
Sofia Papagiannaki
1f742fcf93
Guardian: Split dashboard and folder guardian implementation (#69722)
* Split dashboard and folder guardian implementations

* Replace guardian constructors

* Simplify tests

* Add tests

* Apply suggestion from code review

Differentiate errors for dashboard and folders

* Remove tests for general folder

* Add tests for general scope
2023-07-25 15:31:12 +03:00
Jo
6b6cf5f4b7
Cfg: Move ViewersCanEdit into cfg (#64876)
move ViewersCanEdit into cfg
2023-03-16 10:54:01 +01:00
Kristin Laemmert
e8b8a9e276
chore: move dashboard_acl models into dashboard service (#62151) 2023-01-26 08:46:30 -05:00
idafurjes
b54b80f473
Chore: Remove Result from dashboard models (#61997)
* Chore: Remove Result from dashboard models

* Fix lint tests

* Fix dashboard service tests

* Fix API tests

* Remove commented out code

* Chore: Merge main - cleanup
2023-01-25 10:36:26 +01:00
idafurjes
68445a7c77
Chore: Remove dashboard ACL from models (#61749)
* Remove dashboard ACL from models

* Remove unused comment
2023-01-20 14:58:47 +01:00
idafurjes
7c2522c477
Chore: Move dashboard models to dashboard pkg (#61458)
* Copy dashboard models to dashboard pkg

* Use some models from current pkg instead of models

* Adjust api pkg

* Adjust pkg services

* Fix lint
2023-01-16 16:33:55 +01:00
idafurjes
f2ffce4351
Chore: Move team models to models pkg (#61262)
* Chore: Move team models to models pkg

* Fix ACL tests

* More ACL tests

* Change Id to ID in conflict user command test

* Remove team from models

* Fix ac test lint
2023-01-11 14:20:09 +01:00
Sofia Papagiannaki
11d8bcbea9
Guardian: Introduce additional constructors (#59577)
* Guardian: Use dashboard UID instead of ID

* Apply suggestions from code review

Introduce several guardian constructors and each time use
the most appropriate one.
2022-12-15 16:34:17 +02:00
Kristin Laemmert
05709ce411
chore: remove sqlstore & mockstore dependencies from (most) packages (#57087)
* chore: add alias for InitTestDB and Session

Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store.

* next pass of removing sqlstore imports
* last little bit
* remove mockstore where possible
2022-10-19 09:02:15 -04:00
Kristin Laemmert
c61b5e85b4
chore: replace sqlstore.Store with db.DB (#57010)
* chore: replace sqlstore.SQLStore with db.DB

* more post-sqlstore.SQLStore cleanup
2022-10-14 15:33:06 -04:00
Serge Zaitsev
305d494902
Chore: Switch over to team.Service instead of sqlstore (#55497)
* switch to using team service

* trying to fix tests

* more tests to fix

* add missing teamtest package
2022-09-20 18:58:04 +02:00
idafurjes
a14621fff6
Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343)
* Chore: Add user service method SetUsingOrg

* Chore: Add user service method GetSignedInUserWithCacheCtx

* Use method GetSignedInUserWithCacheCtx from user service

* Fix lint after rebase

* Fix lint

* Fix lint error

* roll back some changes

* Roll back changes in api and middleware

* Add xorm tags to SignedInUser ID fields
2022-08-11 13:28:55 +02:00
idafurjes
6afad51761
Move SignedInUser to user service and RoleType and Roles to org (#53445)
* Move SignedInUser to user service and RoleType and Roles to org

* Use go naming convention for roles

* Fix some imports and leftovers

* Fix ldap debug test

* Fix lint

* Fix lint 2

* Fix lint 3

* Fix type and not needed conversion

* Clean up messages in api tests

* Clean up api tests 2
2022-08-10 11:56:48 +02:00
idafurjes
f5cace8bbd
Rename Acl to ACL (#52342)
* Rename Acl to ACL

* Fix yaml files

* Add xorm tags and fix test
2022-07-18 15:14:58 +02:00
Ieva
5dbea9996b
RBAC: Make RBAC action names more consistent (#49730)
* update action names

* correctly retrieve teams for signed in user

* remove test

* undo swagger changes

* undo swagger changes pt2

* add migration from old action names to the new ones

* rename from list to read

* linting

* also update alertign actions

* fix migration
2022-06-02 13:14:48 +01:00
Kristin Laemmert
2edfbb7767
sqlstore split: dashboard permissions (#49962)
* backend/sqlstore split: remove unused GetDashboardPermissionsForUser from sqlstore
* remove debugging line
* backend/sqlstore: move dashboard permission related functions to dashboard service
2022-06-01 14:16:26 -04:00
Serge Zaitsev
fec634a091
Chore: Remove bus.Dispatch from guardian package (#46711)
* replace bus in guardian with sqlstore

* fix a couple of tests

* replace bus in the rest of the tests

* allow init guardian from other packages

* make linter happy

* init guardian in library elements

* fix another test in libraryelements

* fix more tests

* move guardian mock one level deeper

* fix more tests

* rename init functions
2022-03-21 10:49:49 +01:00
Karl Persson
4982ca3b1d
Access control: Use access control for dashboard and folder (#44702)
* Add actions and scopes

* add resource service for dashboard and folder

* Add dashboard guardian with fgac permission evaluation

* Add CanDelete function to guardian interface

* Add CanDelete property to folder and dashboard dto and set values

* change to correct function name

* Add accesscontrol to folder endpoints

* add access control to dashboard endpoints

* check access for nav links

* Add fixed roles for dashboard and folders

* use correct package

* add hack to override guardian Constructor if accesscontrol is enabled

* Add services

* Add function to handle api backward compatability

* Add permissionServices to HttpServer

* Set permission when new dashboard is created

* Add default permission when creating new dashboard

* Set default permission when creating folder and dashboard

* Add access control filter for dashboard search

* Add to accept list

* Add accesscontrol to dashboardimport

* Disable access control in tests

* Add check to see if user is allow to create a dashboard

* Use SetPermissions

* Use function to set several permissions at once

* remove permissions for folder and dashboard on delete

* update required permission

* set permission for provisioning

* Add CanCreate to dashboard guardian and set correct permisisons for
provisioning

* Dont set admin on folder / dashboard creation

* Add dashboard and folder permission migrations

* Add tests for CanCreate

* Add roles and update descriptions

* Solve uid to id for dashboard and folder permissions

* Add folder and dashboard actions to permission filter

* Handle viewer_can_edit flag

* set folder and dashboard permissions services

* Add dashboard permissions when importing a new dashboard

* Set access control permissions on provisioning

* Pass feature flags and only set permissions if access control is enabled

* only add default permissions for folders and dashboards without folders

* Batch create permissions in migrations


* Remove `dashboards:edit` action

* Remove unused function from interface

* Update pkg/services/guardian/accesscontrol_guardian_test.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-03-03 15:05:47 +01:00
idafurjes
8e6d6af744
Rename DispatchCtx to Dispatch (#43563) 2021-12-28 17:36:22 +01:00
idafurjes
c80e7764d8
Chore: Remove Dispatch and AddHandler (#42603)
* Remove Dispatch

* Remove context.TODO()

* Remove AddHandler and Dispatch
2021-12-02 18:08:59 +01:00
Marcus Efraimsson
518a0d0458
Chore: Propagate context for dashboard guardian (#39201)
Require guardian.New to take context.Context as first argument. 
Migrates the GetDashboardAclInfoListQuery to be dispatched using context.

Ref #36734

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: sam boyer <sam.boyer@grafana.com>
2021-09-23 17:43:32 +02:00
Marcus Efraimsson
7e6db1ee7e
Permissions: Fix inherited folder permissions can prevent new permissions being added to a dashboard (#33329)
In the case permissions has been added on dashboard(s). Later permissions for the 
parent folder of the dashboard is edited in such a way that dashboard in that folder 
has a permission that is a duplicate of an inherited one. This PR changes so that 
duplicate permissions are now filtered out from /api/dashboards/id/<dashboard id>/permissions.
Duplicate permission are not filtered out if the permission on dashboard is higher 
than on the inherited folder.

Fixes #33296

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-04-28 14:42:18 +02:00
Agnès Toulet
22788d1d86
Add an option to hide certain users in the UI (#28942)
* Add an option to hide certain users in the UI

* revert changes for admin users routes

* fix sqlstore function name

* Improve slice management

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* Hidden users: convert slice to map

* filter with user logins instead of IDs

* put HiddenUsers in Cfg struct

* hide hidden users from dashboards/folders permissions list

* Update conf/defaults.ini

Co-authored-by: Torkel Ödegaard <torkel@grafana.com>

* fix params order

* fix tests

* fix dashboard/folder update with hidden user

* add team tests

* add dashboard and folder permissions tests

* fixes after merge

* fix tests

* API: add test for org users endpoints

* update hidden users management for dashboard / folder permissions

* improve dashboard / folder permissions tests

* fixes after merge

* Guardian: add hidden acl tests

* API: add team members tests

* fix team sql syntax for postgres

* api tests update

* fix linter error

* fix tests errors after merge

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
2020-11-24 12:10:32 +01:00
Arve Knudsen
52c154a221
Backend: Rename variables for style conformance (#29097)
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-17 17:09:14 +01:00
Arve Knudsen
4dd7b7a82d
Chore: Remove unused Go code (#28852)
* Chore: Remove more unused Go code

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-17 11:51:31 +01:00
Arve Knudsen
7897c6b7d5
Chore: Fix staticcheck issues (#28854)
* Chore: Fix issues reported by staticcheck

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Undo changes

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-05 11:57:20 +01:00
Carl Bergquist
f9962eabff
chore: avoid aliasing imports in services (#22499) 2020-02-29 13:35:15 +01:00
zhulongcheng
2fff8f77dc move log package to /infra (#17023)
ref #14679

Signed-off-by: zhulongcheng <zhulongcheng.me@gmail.com>
2019-05-13 08:45:54 +02:00
Marcus Efraimsson
b371f2d91f
add debug logging of folder/dashbord permission checks 2018-10-23 11:08:57 +02:00
Torkel Ödegaard
c03764ff8a
Refactor team pages to react & design change (#12574)
* Rewriting team pages in react

* teams to react progress

* teams: getting team by id returns same DTO as search, needed for AvatarUrl

* teams: progress on new team pages

* fix: team test

* listing team members and removing team members now works

* teams: team member page now works

* ux: fixed adding team member issue

* refactoring TeamPicker to conform to react coding styles better

* teams: very close to being done with team page rewrite

* minor style tweak

* ux: polish to team pages

* feature: team pages in react & everything working

* fix: removed flickering when changing tabs by always rendering PageHeader
2018-07-11 11:23:07 -07:00
Torkel Ödegaard
24d0b43e62 fix: fixed permission issue with api key with viewer role in dashboards with default permissions 2018-06-19 11:10:17 +02:00
Marcus Efraimsson
d86ed679b1
return inherited property for permissions 2018-04-23 09:23:14 +02:00
Daniel Lee
b3acbb9995
Merge pull request #11526 from grafana/11173_folder_admin
A folder admin should be able to add permissions for folder/its dashboards
2018-04-17 13:42:38 +02:00
Mario Trangoni
91fb2e07ce pkg: fix codespell issues 2018-04-13 20:31:29 +02:00
Marcus Efraimsson
f3e1557761
guardian: when updating permissions should verify existing permissions
Before in CheckPermissionBeforeUpdate, access was verified for updated
permissions. Now access is verified for existing permissions.
Refactored guardian tests to cover more test cases for org admin, editor
and viewer roles
2018-04-08 15:06:22 +02:00
Marcus Efraimsson
f44e476580 permissions: fix validation of permissions before update
Did a bad pointer comparison so extended the tests for duplicate permissions.
2018-02-28 08:48:28 +01:00
Marcus Efraimsson
f76b98d252 dashboards: change dashboard/folder permission error messages 2018-02-27 16:04:45 +01:00
Marcus Efraimsson
955dfcc8fe dashboards: don't allow override of permissions with a lower precedence
If a dashboard inherits permissions from a folder, don't allow same permission to be added
to the dashboard with a lower permission.
Add backend validation so that you cannot add same permission to folder/dashboard, for example
same user/team with different permissions
2018-02-27 16:04:45 +01:00
Marcus Efraimsson
02278f90a7 dashboards: make fake dashboard guardian available to other packages 2018-02-20 18:08:19 +01:00
Marcus Efraimsson
53cd39fde5 Shouldn't be able to overwrite a dashboard if you don't have permissions (#10900)
* dashboards: new command for validating dashboard before update

Removes validation logic from saveDashboard and later on use the new command for validating
dashboard before saving a dashboard. This due to the fact that we need to validate permissions
for overwriting other dashboards by uid and title.

* dashboards: use the new command for validating dashboard before saving

Had to refactor dashboard provisioning a bit to be able to sidetrack the permission validation
in a somewhat reasonable way.
Adds some initial tests of the dashboard repository, but needs to be extended later. At least
now you can mock the dashboard guardian

* dashboards: removes validation logic in the save dashboard api layer

Use the dashboard repository solely for create/update dashboards and let it do all
the validation. One exception regarding quota validation which still is in api layer
since that logic is in a macaron middleware.
Need to move out-commented api tests later.

* dashboards: fix database tests for validate and saving dashboards

* dashboards: rename dashboard repository to dashboard service

Split the old dashboard repository interface in two new interfaces, IDashboardService and
IDashboardProvisioningService. Makes it more explicit when using it from the provisioning package
and there's no possibility of calling an incorrect method for saving a dashboard.

* database: make the InitTestDB function available to use from other packages

* dashboards: rename ValidateDashboardForUpdateCommand and some refactoring

* dashboards: integration tests of dashboard service

* dashboard: fix sqlstore test due to folder exist validation

* dashboards: move dashboard service integration tests to sqlstore package

Had to move it to the sqlstore package due to concurrency problems when running
against mysql and postgres. Using InitTestDB from two packages added conflicts
when clearing and running migrations on the test database

* dashboards: refactor how to find id to be used for save permission check

* dashboards: remove duplicated dashboard tests

* dashboards: cleanup dashboard service integration tests

* dashboards: handle save dashboard errors and return correct http status

* fix: remove log statement

* dashboards: import dashboard should use dashboard service

Had to move alerting commands to models package due to problems with import cycles of packages.

* dashboards: cleanup dashboard api tests and add some tests for post dashboard

* dashboards: rename dashboard service interfaces

* dashboards: rename dashboard guardian interface
2018-02-19 11:12:56 +01:00