This PR completes public dashboards v1 functionality and simplifies public dashboard conventions. It exists as a large PR so that we are not making constant changes to the database schema.
models.PublicDashboardConfig model replaced with models.PublicDashboard directly
dashboard_public_config table renamed to dashboard_public
models.Dashboard.IsPublic removed from the dashboard and replaced with models.PublicDashboard.isEnabled
Routing now uses a uuid v4 as an access token for viewing a public dashboard anonymously, PublicDashboard.Uid only used as database identifier
Frontend utilizes uuid for auth'd operations and access token for anonymous access
Default to time range defined on dashboard when viewing public dashboard
Add audit fields to public dashboard
Co-authored-by: Owen Smallwood <owen.smallwood@grafana.com>, Ezequiel Victorero <ezequiel.victorero@grafana.com>, Jesse Weaver <jesse.weaver@grafana.com>
* backend/api: refactor PlaylistId to PlaylistUid
* Add org_id to Get and Update playlist functions
Fix migration - no longer pad the uid; fix mysql syntax
The relevant tests are passing using postgres, mysql and the default sqllite backends, but there are a number of other failing tests when using postgres and myself so I'm not entirely confident with those results.
* fix bad query in GetPlaylistItem and add a test that would have caught the mistake in the first place. Reverted the playlist_uid column addition in playlist_item; it became unnecessary after this PR.
Added default value to the new UID column based on PR feedback.
* break this PRs migration into its own function
* Playlists: Update UI to use the updated API
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
This PR adds endpoints for public dashboards to retrieve data from the backend (trusted) query engine. It works by executing queries defined on the backend without any user input and does not support template variables.
* Public dashboard query API
* Create new API on service for building metric request
* Flesh out testing, implement BuildPublicDashboardMetricRequest
* Test for errors and missing panels
* Refactor tests, add supporting code for multiple datasources
* Handle queries from multiple datasources
* Explicitly pass no user for querying public dashboard
Co-authored-by: Jeff Levin <jeff@levinology.com>
This PR adds endpoints for saving and retrieving a public dashboard configuration and and api endpoint to retrieve the public dashboard.
All of this is highly experimental and APIs will change. Notably, we will be removing isPublic from the dashboard model and moving it over to the public dashboard table in the next release.
Further context can be found here: https://github.com/grafana/grafana/pull/49131#issuecomment-1145456952
* add isPublic to dashboard
* refactor routes to use route group and add placeholder method for sharing apii
* add sharing pane and utils for public dashboard config to sharing modal
* Sharing modal now persists data through the api
* moves ShareDashboard endpoint to new file and starts adding tests
* generates mocks. Adds tests for public dashboard feature flag
* Adds ability to pass in array of features to enable for the test
* test to update public flag on dashboard WIP
* Adds mock for SaveDashboardSharingConfig
* Fixes tests. Had to use FakeDashboardService
* Adds React tests for public dashboards toggle
* removes semicolons
* refactors SharePublic component to use hooks
* rename from `share publicly` to `public dashboard config`
* checkpoint. debugging tests. need to verify name changes
* checkpoint. test bugs fixed. need to finish returning proper response codes
* finish renaming. fix test
* Update pkg/api/api.go
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* update backend url
* rename internal objects and commands. fix configuration modal labels
* add endpoint for retrieving public dashboard configuration and populate the frontend state from it
* add test for dashboardCanBePublic
* adds backend routes
* copy DashboardPage component into component for public dashboards. WIP
* adds react routes, and doesnt render main nav bar when viewing a public route
* removes extra react route from testing
* updates component name
* Wrap the original dashboard component so we can pass props relevant to public dashboards, turn kiosk mode on/off, etc
* Wraps DashboardPage in PublicDashboardPage component. DashboardPage gets rendered in kiosk mode when public prop is passed.
* removes commented out code from exploratory work
* Makes public dashboard routes require no auth
* extracts helper to own util file to check if were viewing a public page
* Hides panel dropdown when its being viewed publicly
* formatting
* use function from utils file for determining if publicly viewed. If public, hides app notifications, searchwrapper, and commandpalette.
* adds unit tests for util function used to see if page is being viewed publicly
* cant added annotations to panel when being publicly viewed
* removes useless comment
* hides backend and frontend pubdash routes behind feature flag
* consider feature flag when checking url path to see if on public dashboard
* renames function
* still render app notifications when in public view
* Extract pubdash route logic into own file
* fixes failing tests
* Determines path using location locationUtils. This covers the case when grafana is being hosted on a subpath. Updates tests.
* renames pubdash web route to be more understandable
* rename route
* fixes failing test
* fixes failing test. Needed to update pubdash urls
* sets flag on grafana boot config for if viewing public dashboard. Removes hacky check that looks at the url
* fixes failing tests. Uses config to determine if viewing public dashboard
* renders the blue panel timeInfo on public dashboard panel
* Extracts conditional logic for rendering components out into their own functions
* removes publicDashboardView check, and uses dashboard meta instead
* the timeInfo is always displayed on the panel
* After fetch of public dashboard dto, the meta isPublic flag gets set and used to determine if viewing public dashboard for child components. Fixes tests for PanelHeader.
* Fixes failing test. Needed to add isPublic flag to dashboard meta.
Co-authored-by: Jeff Levin <jeff@levinology.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* update action names
* correctly retrieve teams for signed in user
* remove test
* undo swagger changes
* undo swagger changes pt2
* add migration from old action names to the new ones
* rename from list to read
* linting
* also update alertign actions
* fix migration
* backend/sqlstore split: remove unused GetDashboardPermissionsForUser from sqlstore
* remove debugging line
* backend/sqlstore: move dashboard permission related functions to dashboard service
* Add database migrations
* Use short uids as data key ids
* Add support for manual data key rotation
* Fix duplicated mutex unlocks
* Fix migration
* Manage current data keys per name
* Adjust key re-encryption and test
* Modify rename column migration for MySQL compatibility
* Refactor secrets manager and data keys cache
* Multiple o11y adjustments
* Fix stats query
* Apply suggestions from code review
Co-authored-by: Tania <yalyna.ts@gmail.com>
* Fix linter
* Docs: Rotate data encryption keys API endpoint
Co-authored-by: Tania <yalyna.ts@gmail.com>
adds toggle to make a dashboard public
* config struct for public dashboard config
* api endpoints for public dashboard configuration
* ui for toggling public dashboard on and off
* load public dashboard config on share modal
Co-authored-by: Owen Smallwood <owen.smallwood@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* Refactor: Add UID endpoint for dashboard versions and restore
* Fix: User dashID instead of dash.id
* 💩
* Move apiCmd error handling outside of dashUID check
* fix the panic in test
* Fix handler and update docs
Co-authored-by: Kat Yang <yangkb09@users.noreply.github.com>
* Docs: add deprecated warning to restore and version docs
* Fix hyperlink text
* Add swagger endpoints for restore and versions
* Add deprecated tag on swagger for both endpoints
* Fix: Update access control to be dashboards
* Return UID in response; Update docs to reflect this; Implement Ying suggestion
* Update docs/sources/http_api/dashboard_versions.md
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update pkg/models/dashboard_version.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update pkg/models/dashboard_version.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update query to refer to DashboardUID
Co-authored-by: Ying WANG <ying.wang@grafana.com>
Co-authored-by: Sofia Papagiannaki <sofia@grafana.com>
Co-authored-by: Kat Yang <yangkb09@users.noreply.github.com>
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Refactor: Add UID endpoint for get dashboard version
* Add initial docs language
* Add new endpoint in swagger
* Change access control to dashboards
* Add parameters to swagger endpoint
* Return UID in response; Update docs to reflect this; Implement Ying suggestion
* Update docs/sources/http_api/dashboard_versions.md
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update pkg/api/api.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update pkg/models/dashboard_version.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Rename UID to DashboardUID for clarity; use dashUID in method
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Add SQL filter for global user search
* Remove scope requirements from endpoints
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Remove banner when missing permissions to list users
* For OSS allow users to list other users if they have permissions to
write either team, dashboard or folder permissions
* Move ApiKeyDTO to dtos package
* Add access control filter to api keys
* pass user in GetApiKeysQuery
* Add api key metadata to DTO
* Remove scope all requirement from get api keys endpoint
* Handle api key access control metadata in frondend
* Replace sequential IDs with UID for dashboard permossion
* Add back endpoint with id
* Rename parameter from dashboarUid->uid and add swagger definitions for endpoints
* Generate swagger json
* Add deprecated to swagger and docs
* Add deprecated comment in the api.go
* Add model for POST body
* Fix model post body for endpoint
* Generate spec with enterprise
* forbid setting role higher than user's role
* change response code
* can assign API key permissions to non-admin users
* add: assign viewer role directly upon creation
* refactor: add AddSATcommand infavor of AddAPIkey
* refactor: frontend fixes for ServiceAccountToken
Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
* pass in user to attribute scope resolver
* add SQL filter to annotation listing
* check annotation FGAC permissions before exposing them for commenting
* remove the requirement to be able to list all annotations from annotation listing endpoint
* adding tests for annotation listing
* remove changes that got moved to a different PR
* unused var
* Update pkg/services/sqlstore/annotation.go
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* remove unneeded check
* remove unneeded check
* undo accidental change
* undo accidental change
* doc update
* move tests
* redo the approach for passing the user in for scope resolution
* accidental change
* cleanup
* error handling
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* add FGAC actions for silences table
* redirect users without permissions
* add permissions checks to routes
* add fgac to notifications and contact points
* fgac for notification policies
* fix mute timing authorization
* use consistent naming for checking grafana alertmanager
* tests for fgac in contact points and notification policies
* bump up timeout on rule editor test
* use new permissions util
* break out route evaluation into util
* Remove test timeout
* Change permissions for the alert-notifiers endpoint
* Use signed in handler for alert-notifiers when unified alerting enabled
Co-authored-by: Konrad Lalik <konrad.lalik@grafana.com>
* Use Wiring to initialize Avatar Cache Server
Create AvatarCacheServer Provider function and pass it in as an
argument to HTTPServer. Also convert CacheServer to a singleton
so that we keep all cached Avatar info in one place for easier access
* Refactor avatar cache server and add 'isCustom' check
Avatar cache server needs to perform two similar fetches
back-to-back; break up functions to allow for easy reuse.
Then add handling to see if a user has a custom avatar.
* Add additional accessors so that /recents api can easily use the cache
* Minor mods to avatar server to facilitiate unit testing
* add unit tests for avatar fetching
* add error handling in case we somehow fetch gravatars while they are disabled
* linting: read error return value in unit test
* Use http package status codes
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Use http package status codes
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Use http package status codes
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Incorporate suggestions from PR
-avoid mutating arguments
-change error handler function to private and make name more descriptive
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* use uid:s for folder and dashboard permissions
* evaluate folder and dashboard permissions based on uids
* add dashboard.uid to accept list
* Check for exact suffix
* Check parent folder on create
* update test
* drop dashboard:create actions with dashboard scope
* fix typo
* AccessControl: test id 0 scope conversion
* AccessControl: store only parent folder UID
* AccessControl: extract general as a constant
* FolderServices: Prevent creation of a folder uid'd general
* FolderServices: Test folder creation prevention
* Update pkg/services/guardian/accesscontrol_guardian.go
* FolderServices: fix mock call expect
* FolderServices: remove uneeded mocks
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* First attempt at creating new navbar_preferences table in db
* Apply to every nav item instead of just home
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* Chore: introduce initTestDB options for features
* fix unit tests
* Add another unit test and some logic for detecting if a preference already exists
* tidy up
* Only override IsFeatureToggleEnabled if it's defined
* Extract setNavPreferences out into it's own function, initialise features correctly
* Make the linter happy
* Use new structure
* user essentials mob! 🔱
* user essentials mob! 🔱
* Split NavbarPreferences from Preferences
* user essentials mob! 🔱
* user essentials mob! 🔱
* Fix lint error
* Start adding tests
* Change internal db structure to be a generic json object
* GetJsonData -> GetPreferencesJsonData
* Stop using simplejson + add some more unit tests
* Update pkg/api/preferences.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Updates following review comments
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* Change patch to upsert, add a unit test
* remove commented out code
* introduce patch user/org preferences methods
* Return Navbar preferences in the get call
* Fix integration test by instantiating JsonData
* Address review comments
* Rename HideFromNavbar -> Hide
* add swagger:model comment
* Add patch to the preferences documentation
* Add openapi annotations
* Add a short description
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* Update unit tests
* remove unneeded url
* remove outdated comment
* Update integration tests
* update generated swagger
Co-authored-by: Alexandra Vargas <alexa1866@gmail.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* create scope provider
* move datasource actions and scopes to datasource package + add provider
* change usages to use datasource scopes and update data source name resolver to use provider
* move folder permissions to dashboard package and update usages
* adds an api endpoint for use with public dashboards that validates orgId, dashboard, and panel when running a query. This feature is in ALPHA and should not be enabled yet. Testing is based on new mock sqlstore.
Co-authored-by: Jesse Weaver <jesse.weaver@grafana.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
* Add actions and scopes
* add resource service for dashboard and folder
* Add dashboard guardian with fgac permission evaluation
* Add CanDelete function to guardian interface
* Add CanDelete property to folder and dashboard dto and set values
* change to correct function name
* Add accesscontrol to folder endpoints
* add access control to dashboard endpoints
* check access for nav links
* Add fixed roles for dashboard and folders
* use correct package
* add hack to override guardian Constructor if accesscontrol is enabled
* Add services
* Add function to handle api backward compatability
* Add permissionServices to HttpServer
* Set permission when new dashboard is created
* Add default permission when creating new dashboard
* Set default permission when creating folder and dashboard
* Add access control filter for dashboard search
* Add to accept list
* Add accesscontrol to dashboardimport
* Disable access control in tests
* Add check to see if user is allow to create a dashboard
* Use SetPermissions
* Use function to set several permissions at once
* remove permissions for folder and dashboard on delete
* update required permission
* set permission for provisioning
* Add CanCreate to dashboard guardian and set correct permisisons for
provisioning
* Dont set admin on folder / dashboard creation
* Add dashboard and folder permission migrations
* Add tests for CanCreate
* Add roles and update descriptions
* Solve uid to id for dashboard and folder permissions
* Add folder and dashboard actions to permission filter
* Handle viewer_can_edit flag
* set folder and dashboard permissions services
* Add dashboard permissions when importing a new dashboard
* Set access control permissions on provisioning
* Pass feature flags and only set permissions if access control is enabled
* only add default permissions for folders and dashboards without folders
* Batch create permissions in migrations
* Remove `dashboards:edit` action
* Remove unused function from interface
* Update pkg/services/guardian/accesscontrol_guardian_test.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* make getordbyname a method
* remove one dispatch from plugins provisioner
* remove bus from the plugins provisioner, skip test for now
* remove bus from datasource provisioning
* resolve tests in notifier provisioning
* remove bus from the dashboards provisioning service
* fix missing struct field
* fix getorgbyid method calls
* pass org store into dashboard provisioner
* fix test function prototype
* fix tests
* attempt to fix tests after the rebase
* fix integration test
* avoid using transaction
* remove comments
* Chore: Remove x from health
* Chore: Remove x from dashboard and user
* Chore: Remove x from alert notification
* Chore: Remove x from stats
* Fix: Update func signature in stats test
* Refactor: Remove x from GetDashboardTags
* Chore: Remove x from dashboard
* Chore: Remove x from Stats
* Fix: Update refs of HasAdminPermissionInFolders
* Fix: Adjust funcs in tests to be sqlStore methods
* Fix: Fix database folder test sqlstore methods
* Remove bus from datasource api
* Add DatasourcePermissionService and use it in api
* Fix wire and rename
* Fix import in wire
* Fix bug
* Rename Service to OSS service
* Roll back fix
* * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search
* Teams: Ensure that users searching for teams are only able see teams they have access to
* Teams: Require teamGuardian admin privileges to list team members
* Teams: Prevent org viewers from administering teams
* Teams: Add org_id condition to team count query
* Teams: clarify permission requirements in teams api docs
* Teams: expand scenarios for team search tests
* Teams: mock teamGuardian in tests
Co-authored-by: Dan Cech <dcech@grafana.com>
* remove duplicate WHERE statement
* Fix for CVE-2022-21702
(cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e)
* Lint and test fixes
(cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981)
* check content type properly
(cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98)
* basic csrf origin check
(cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1)
* compare origin to host
(cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42)
* simplify url parsing
(cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d)
* check csrf for GET requests, only compare origin
(cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709)
* parse content type properly
(cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0)
* mentioned get in the comment
(cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345)
* add content-type: application/json to test HTTP requests
* fix pluginproxy test
* Fix linter when comparing errors
Co-authored-by: Kevin Minehart <kmineh0151@gmail.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
* add SQL migrations
* dashboard previews from sql: poc
* added todos
* refactor: use the same enums where possible
* use useEffect, always return json
* added todo
* refactor + delete files after use
* refactor + fix manual thumbnail upload
* refactor: move all interactions with sqlStore to thumbnail repo
* refactor: remove file operations in thumb crawler/service
* refactor: fix dashboard_thumbs sql store
* refactor: extracted thumbnail fetching/updating to a hook
* refactor: store thumbnails in redux store
* refactor: store thumbnails in redux store
* refactor: private'd repo methods
* removed redux storage, saving images as blobs
* allow for configurable rendering timeouts
* added 1) query for dashboards with stale thumbnails, 2) command for marking thumbnails as stale
* use sql-based queue in crawler
* ui for marking thumbnails as stale
* replaced `stale` boolean prop with `state` enum
* introduce rendering session
* compilation errors
* fix crawler stop button
* rename thumbnail state frozen to locked
* #44449: fix merge conflicts
* #44449: remove thumb methods from `Store` interface
* #44449: clean filepath, defer file closing
* #44449: fix rendering.Theme cyclic import
* #44449: linting
* #44449: linting
* #44449: mutex'd crawlerStatus access
* #44449: added integration tests for `sqlstore.dashboard_thumbs`
* #44449: added comments to explain the `ThumbnailState` enum
* #44449: use os.ReadFile rather then os.Open
* #44449: always enable dashboardPreviews feature during integration tests
* #44449: remove sleep time, adjust number of threads
* #44449: review fix: add `orgId` to `DashboardThumbnailMeta`
* #44449: review fix: automatic parsing of thumbnailState
* #44449: lint fixes
* #44449: review fix: prefer `WithDbSession` over `WithTransactionalDbSession`
* #44449: review fix: add a comment explaining source of the filepath
* #44449: review fix: added filepath validation
* #44449: review fixes https://github.com/grafana/grafana/pull/45063/files @fzambia
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Co-authored-by: Alexander Emelin <frvzmb@gmail.com>
* API: Using go-swagger for extracting OpenAPI specification from source code
* Merge Grafana Alerting spec
* Include enterprise endpoints (if enabled)
* Serve SwaggerUI under feature flag
* Fix building dev docker images
* Configure swaggerUI
* Add missing json tags
Co-authored-by: Ying WANG <ying.wang@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* ServiceAccounts: move token handlers to specific file
* ServiceAccounts: move Add API key to Service account
* APIKeys: api keys can still be used even when service accounts are enabled
* APIKeys: legacy endpoint can't be used to add SA tokens
* ServiceAccount: add tests for creation with nil and non-nil service account ids
* ServiceAccounts: fix unnasigned cfg and AC typo
* Test: test service account token adding
* fix linting error
* ServiceAccounts: Handle Token deletion
* rename token funcs
* rename token funcs and api wrapping
* add token deletion tests
* review
Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
* remove bus
* Update pkg/api/apikey.go
Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
* Remove bus from dashboard api
* Polish api dashboard tests
* Remove Delete Slug method
* Fix sqlstore dashboard test
* Remove bus from dashboard permission
* Remove GetDashboardsBySlug from sqlstore
* Chore: Remove bus from admin users
* Mock authinfoservice
* Update user id
* attempt to fix the tests in admin users api
* fix type cast
* revert skipped tests
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
* assign handlers to httpserver
* turn sqlstore mock in to a pointer
* add search service interface
* fix tests for alerting and other apis
* once again, make linter happy
* AccessControl: Change teams permissions page when frontend is hit
* Implement frontend changes for group sync
* Changing the org/teams/edit permissions
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Fixing routes
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Use props straight away no need to go through the state
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Update public/app/features/teams/TeamPages.tsx
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Chore: Remove bus from password
* Refactor: Remove bus from password.go and adjust tests
* remove sqlstore dependency from notifications
* Chore: Remove bus from password
* Refactor: Remove bus from password.go and adjust tests
* remove sqlstore dependency (again)
* remove fmt printf
* fix dependencies in http server
* fix renamed method in tests
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
* AccessControl: Add AC to team preferences
* Apply suggestions from code review
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Moves/refactor Grafana specific functionality related to plugin dashboards
out to specific services for importing dashboards and keep app plugin dashboards
up-to-date.
Fixes#44257
* AccessControl: Add access control actions and scopes to team update and delete
* AccessControl: Add tests for AC guards in update/delete
* AccessControl: add fixed role for team writer
* AccessControl: ensure team related AC is deleted with team
* Update pkg/api/team_test.go
* Chore: Remove bus from user api
* Adu authinfoservice interface
* User authinfoservice.Service instead of authinfoservice.Implementation in HTTPServer
* Rename Implementation to authInfoService
* AccessControl: cover team permissions
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Add background service as a consumer to resource_services
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Define actions in roles.go
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Remove action from accesscontrol model
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* As suggested by kalle
* move some changes from branch to the skeleton PR
* Add background service as a consumer to resource_services
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* moving resourceservice to the main wire file pt2
* move team related actions so that they can be reused
* PR feedback
* fix
* typo
* Access Control: adding hooks for team member endpoints (#43991)
* AccessControl: cover team permissions
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Add background service as a consumer to resource_services
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Define actions in roles.go
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Remove action from accesscontrol model
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* As suggested by kalle
* add access control to list and add team member endpoint, and hooks for adding team members
* member permission type is 0
* add ID scope for team permission checks
* add more team actions, use Member for member permission name
* protect team member update endpoint with FGAC permissions
* update SQL functions for teams and the corresponding tests
* also protect team member removal endpoint with FGAC permissions and add a hook to permission service
* a few small fixes, provide team permission service to test setup
* AccessControl: cover team permissions
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Add background service as a consumer to resource_services
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Define actions in roles.go
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Remove action from accesscontrol model
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* As suggested by kalle
* move some changes from branch to the skeleton PR
* remove resource services from wireexts
* remove unneeded actions
* linting fix
* remove comments
* feedback fixes
* feedback
* simplifying
* remove team member within the same transaction
* fix a mistake with the error
* call the correct sql fction
* linting
* Access control: tests for team member endpoints (#44177)
* tests for team member endpoints
* clean up and fix the tests
* fixing tests take 2
* don't import enterprise test license
* don't import enterprise test license
* remove unused variable
Co-authored-by: gamab <gabi.mabs@gmail.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Refactor: Change sqlstore.inTransaction to SQLStore.WithTransactionalDBSession in misc files
* Refactor: Change .inTransaction in org.go file
* Refactor: Update init() to proper SQLStore handlers
* Refactor: Update funcs in tests to be sqlStore methods
* Refactor: Update API funcs to receive HTTPServer
* Fix: define methods on sqlstore
* Adjust GetSignedInUser calls
* Refactor: Add sqlStore to Service struct
* Chore: Add back black spaces to remove file from PR
Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
* refactor: use server admin listing serviceaccounts
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* setup route for specifc service account
* add routes to index
* main issue with spelling mistakes
* feat: make routes /serviceacconts/id for navModel
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Update pkg/services/serviceaccounts/manager/service.go
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* AccessControl: Add user metadata to user detail view
* AccessControl: Do not present delete or disable buttons based on ac metadata in admin/users
* AccessControl: do not allow password changing or user editing without permission
* AccessControl: Fetch global:users scope for admin
* AccessControl: optimize org.user metadata fetch
* Chore: early return if ac metadata is not available
* AccessControl: Provide scope to frontend
* Covering datasources with accesscontrol metadata
* Write benchmark tests for GetResourcesMetadata
* Add accesscontrol util and interface
* Add the hasPermissionInMetadata function in the frontend access control code
* Use IsDisabled rather that performing a feature toggle check
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Chore: Refactor api handlers to use web.Bind
* fix comments
* fix comment
* trying to fix most of the tests and force routing.Wrap type check
* fix library panels tests
* fix frontend logging tests
* allow passing nil as a response to skip writing
* return nil instead of the response
* rewrite login handler function types
* remove handlerFuncCtx
* make linter happy
* remove old bindings from the libraryelements
* restore comments
* update AlertingEnabled and UnifiedAlertingSettings.Enabled to be pointers
* add a pseudo migration to fix the AlertingEnabled and UnifiedAlertingSettings.Enabled if the latter is not defined
* update the default configuration file to make default value for both 'enabled' flags be undefined
Misc
* update Migrator to expose DB engine. This is needed for a ualert migration to access the database while the list of migrations is created.
* add more verbose failure when migrations do not match
Co-authored-by: gotjosh <josue@grafana.com>
Co-authored-by: Yuriy Tseretyan <yuriy.tseretyan@grafana.com>
Co-authored-by: gillesdemey <gilles.de.mey@gmail.com>
* AccessControl: FGAC permissions for orgs endpoint on frontend
Protect org update endpoints
add or refactor missing right messages
cover org page
* removing scopes from orgs
* Perform permission control with global org
* Perform the error handling in case of 403
* Simplify frontend code by requiring read access for sure
* Remove roles I added to decrease the number of changes
* Remove the check for server admin to reduce the number of changes
* change error message
* Cleaning todos
* Remove unecessary changes
* Fix tests
* Update test snapshot
* Update pkg/api/roles.go
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
* Update public/app/features/admin/AdminEditOrgPage.tsx
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
* Format AdminEditOrgPage for linting
* Update public/app/features/admin/AdminEditOrgPage.tsx
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
* Update public/app/features/admin/AdminEditOrgPage.tsx
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Update public/app/features/admin/AdminListOrgsPage.tsx
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Commit suggestions
* Commit suggestion canRead canWrite
* fix typo
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
