* Reduce restrictions with non-user accounts
* Revert restrictions on anonymous accounts
* Change log level from warning to debug
* Change log messages to upper case
* Make identity.Requester available at Context
* Clean pkg/services/guardian/guardian.go
* Clean guardian provider and guardian AC
* Clean pkg/api/team.go
* Clean ctxhandler, datasources, plugin and live
* Clean dashboards and guardian
* Implement NewUserDisplayDTOFromRequester
* Change status code numbers for http constants
* Upgrade signature of ngalert services
* log parsing errors instead of throwing error
* Make identity.Requester available at Context
* Clean pkg/services/guardian/guardian.go
* Clean guardian provider and guardian AC
* Clean pkg/api/team.go
* Clean ctxhandler, datasources, plugin and live
* Question: what to do with the UserDisplayDTO?
* Clean dashboards and guardian
* Remove identity.Requester from ReqContext
* Implement NewUserDisplayDTOFromRequester
* Fix tests
* Change status code numbers for http constants
* Upgrade signature of ngalert services
* log parsing errors instead of throwing error
* Fix tests and add logs
* linting
* RBAC: remove unnessisary guardian construction and update tests
* RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test
* RBAC: remove usage of guardian in update and get permissions for dashboards
* move access control api to SignedInUser interface
* remove unused code
* add logic for reading perms from a specific org
* move the specific org logic to org_user.go
* add a comment
---------
Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
* Dashboards: Fix tests when authn broker is enabled.
StarService was not configured for tests, the call was guarded by !c.IsSignedIn
* Change default to be anon user to match expectations from tests
* OAuth: rewrite tests to work with authn.Service
* Setup template renderer by default
* Extract cookie options from cfg instead of relying on global variables
* Fix test to work with authn service
* Middleware: rewrite auth tests
* Remvoe session cookie if we cannot refresh access token
* Auth: prevent auto_login redirect if user is already authenticated
Before attempting an auto-login for OAuth, verifies if current context has already been
authenticated.
Fixes: #72476
Co-authored-by: Karl Persson <kalle.persson92@gmail.com>
* add termination stage
* uid -> pluginID (for now)
* also fix fakes
* add simple test
* Fix logger name
Co-authored-by: Giuseppe Guerra <giuseppe.guerra@grafana.com>
* inline stop func call
Co-authored-by: Giuseppe Guerra <giuseppe.guerra@grafana.com>
---------
Co-authored-by: Giuseppe Guerra <giuseppe.guerra@grafana.com>
* Search: Attempt to support folderUID filter
* Search: Use folder UID instead of ID for searching folders
* Update swagger
* Fix JSON property casing
* Add integration test
* Remove redundant query condition
* Fix frontend test
* Fix listing dashboards in General/root
* Add support for fetching top level folders
using `folderUIDs=` (empty string) query parameter
* Add deprecation notice
* Send uid of general in sql.ts
* Use 'general' for query folderUIDs query param for fetching folder
* Add tests
* Fix FolderUIDFilter
---------
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Add feature flag
* Introduce interface and dummy implementation
* Add tests for the new filter
* accessControlDashboardPermissionFilterNoFolderSubquery implementation
* join only if it's necessary
* force ordering for tests
* Temporarily enable new query for benchmarks
* lock down server admin role updates on the frontend if the user is externally synced
* add tests
* lock Grafana Server admin role updates from the backend
* rename variables
* check that the user has auth info
* add LDAP to providers for which Grafana Server admin role can be synced
* linting
