Commit Graph

46 Commits

Author SHA1 Message Date
idafurjes
68445a7c77
Chore: Remove dashboard ACL from models (#61749)
* Remove dashboard ACL from models

* Remove unused comment
2023-01-20 14:58:47 +01:00
Sofia Papagiannaki
c104cc7020
Chore: Split folder store and dashboard store interfaces (#61655)
* update folder store mock

* Split folder store and dashboard store interfaces
2023-01-19 18:38:07 +02:00
Serge Zaitsev
fa36591380
Chore: Remove mockstore and use dbtest instead (#61629)
* remove mockstore and use dbtest instead

* fix wire

* remove unused expected fields

* fix more tests in alerting

* fix api tests
2023-01-18 16:01:25 +01:00
idafurjes
7c2522c477
Chore: Move dashboard models to dashboard pkg (#61458)
* Copy dashboard models to dashboard pkg

* Use some models from current pkg instead of models

* Adjust api pkg

* Adjust pkg services

* Fix lint
2023-01-16 16:33:55 +01:00
Sofia Papagiannaki
11d8bcbea9
Guardian: Introduce additional constructors (#59577)
* Guardian: Use dashboard UID instead of ID

* Apply suggestions from code review

Introduce several guardian constructors and each time use
the most appropriate one.
2022-12-15 16:34:17 +02:00
idafurjes
a14621fff6
Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343)
* Chore: Add user service method SetUsingOrg

* Chore: Add user service method GetSignedInUserWithCacheCtx

* Use method GetSignedInUserWithCacheCtx from user service

* Fix lint after rebase

* Fix lint

* Fix lint error

* roll back some changes

* Roll back changes in api and middleware

* Add xorm tags to SignedInUser ID fields
2022-08-11 13:28:55 +02:00
idafurjes
6afad51761
Move SignedInUser to user service and RoleType and Roles to org (#53445)
* Move SignedInUser to user service and RoleType and Roles to org

* Use go naming convention for roles

* Fix some imports and leftovers

* Fix ldap debug test

* Fix lint

* Fix lint 2

* Fix lint 3

* Fix type and not needed conversion

* Clean up messages in api tests

* Clean up api tests 2
2022-08-10 11:56:48 +02:00
idafurjes
f5cace8bbd
Rename Acl to ACL (#52342)
* Rename Acl to ACL

* Fix yaml files

* Add xorm tags and fix test
2022-07-18 15:14:58 +02:00
owensmallwood
0b4af38bfa
Public Dashboards: Query Caching (#51403)
* passes id and uid to PublicDashboardDatasource

* betterer results

* If for a public dashboard, return the PublicDashboardDataSource first or else getDatasourceSrv.get() will fail bc of no authed user.

Added some unit tests for resolving the uid from the many possible datasource types.

* updates betterer

* Exports DashboardService. Adds method to DashboardService to build anonymous user for use with public dashboards where there is no authed user. Adds method on dashboard_queries to get all dashboard uids from a dashboard.

* refactors to get unique datasource uids

* Adds tests for getting all unique datasource uids off a dashboard

* adds test for building anonymous user with read and query actions that are scoped to each datasource uid in the dashboard

* updates casing of DashboardService

* updates test case to have additional panel with a different datasource

* gives default interval to public dashboard data source
2022-07-06 12:42:39 -06:00
Karl Persson
c4a75f9eb3
RBAC: Add scope resolvers for dashboards (#50110)
* Inject access control into dashboard service

* Add function to parse id scopes

* Add dashboard as return value

* Update mock

* Return only err to keep service interface

* Add scope resolvers for dashboard id scopes

* Add function to parse uid scopes

* Add dashboard uid scope resolver

* Register scope resolvers for dashboards

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2022-06-07 11:02:20 +02:00
Kristin Laemmert
1df340ff28
backend/services: Move GetDashboard from sqlstore to dashboard service (#48971)
* rename folder to match package name
* backend/sqlstore: move GetDashboard into DashboardService

This is a stepping-stone commit which copies the GetDashboard function - which lets us remove the sqlstore from the interfaces in dashboards - without changing any other callers.
* checkpoint: moving GetDashboard calls into dashboard service
* finish refactoring api tests for dashboardService.GetDashboard
2022-05-17 14:52:22 -04:00
Karl Persson
61772a66b6
AccessControl: Create own interface and impl for each permission service (#48871)
* Create own interfaces for team, folder, dashboard and data source permissions services
* Remove service container and inject them individually
2022-05-10 15:48:47 +02:00
Ieva
68ca5b2e05
Access control: refactor RBAC checks (#48107)
* refactor RBAC checks

* fix a test

* another test fix

* and another
2022-04-25 10:42:09 +02:00
Selene
b2af18f129
Chore: Remove bus from dashboard service (#46829)
* Move DeleteDashboard funtion into dashboards store service, remove bus and update tests

* Remove bus from folder service and update more tests

* Fix mock
2022-03-22 14:36:50 +01:00
Serge Zaitsev
fec634a091
Chore: Remove bus.Dispatch from guardian package (#46711)
* replace bus in guardian with sqlstore

* fix a couple of tests

* replace bus in the rest of the tests

* allow init guardian from other packages

* make linter happy

* init guardian in library elements

* fix another test in libraryelements

* fix more tests

* move guardian mock one level deeper

* fix more tests

* rename init functions
2022-03-21 10:49:49 +01:00
Yuriy Tseretyan
d076cabb60
Folder name scope resolver (#46380)
* move dashboard store mock to parent package to avoid cycle of dependencies
* add scope resolver for folders that resolves names to id
2022-03-10 12:19:50 -05:00
Karl Persson
52decfaebc
Access control: Move call to create default permissions into folder and dashboard service (#46186)
* Move call to create permissions into folder service

* Inject cfg, feature toggles and permissions services into dashboard
service

* Move logic to set default permissions on create dashboard from api to
service

* Move call to set default permissions on import dashboard to dashboard
service

* Set permissions for provisioned dashboard and folders in service
2022-03-10 12:58:18 +01:00
Karl Persson
4982ca3b1d
Access control: Use access control for dashboard and folder (#44702)
* Add actions and scopes

* add resource service for dashboard and folder

* Add dashboard guardian with fgac permission evaluation

* Add CanDelete function to guardian interface

* Add CanDelete property to folder and dashboard dto and set values

* change to correct function name

* Add accesscontrol to folder endpoints

* add access control to dashboard endpoints

* check access for nav links

* Add fixed roles for dashboard and folders

* use correct package

* add hack to override guardian Constructor if accesscontrol is enabled

* Add services

* Add function to handle api backward compatability

* Add permissionServices to HttpServer

* Set permission when new dashboard is created

* Add default permission when creating new dashboard

* Set default permission when creating folder and dashboard

* Add access control filter for dashboard search

* Add to accept list

* Add accesscontrol to dashboardimport

* Disable access control in tests

* Add check to see if user is allow to create a dashboard

* Use SetPermissions

* Use function to set several permissions at once

* remove permissions for folder and dashboard on delete

* update required permission

* set permission for provisioning

* Add CanCreate to dashboard guardian and set correct permisisons for
provisioning

* Dont set admin on folder / dashboard creation

* Add dashboard and folder permission migrations

* Add tests for CanCreate

* Add roles and update descriptions

* Solve uid to id for dashboard and folder permissions

* Add folder and dashboard actions to permission filter

* Handle viewer_can_edit flag

* set folder and dashboard permissions services

* Add dashboard permissions when importing a new dashboard

* Set access control permissions on provisioning

* Pass feature flags and only set permissions if access control is enabled

* only add default permissions for folders and dashboards without folders

* Batch create permissions in migrations


* Remove `dashboards:edit` action

* Remove unused function from interface

* Update pkg/services/guardian/accesscontrol_guardian_test.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-03-03 15:05:47 +01:00
Selene
2c90dcf3c0
Dashboard Alert Extractor: Create service for dashboard extractor and remove bus (#45518)
* Create DashAlertService service

* Remove no used dashboard service from plugin's manager that generates dependency cycle in Enterprise

* Remove bus for dashboard permissions

* Remove bus from dashboard extractor service

* Add missing argument

* Fix wire

* Fix lint

* More goimports

* Use datasource service instead sql calls

* Fix integration test
2022-02-28 09:54:56 +01:00
Selene
d5b98772ed
Dashboards: Refactor service to make it injectable by wire (#44588)
* Add providers to folder and dashboard services

* Refactor folder and dashboard services

* Move store implementation to its own file due wire cannot allow us to cast to SQLStore

* Add store in some places and more missing dependencies

* Bad merge fix

* Remove old functions from tests and few fixes

* Fix provisioning

* Remove store from http server and some test fixes

* Test fixes

* Fix dashboard and folder tests

* Fix library tests

* Fix provisioning tests

* Fix plugins manager tests

* Fix alert and org users tests

* Refactor service package and more test fixes

* Fix dashboard_test tets

* Fix api tests

* Some lint fixes

* Fix lint

* More lint :/

* Move dashboard integration tests to dashboards service and fix dependencies

* Lint + tests

* More integration tests fixes

* Lint

* Lint again

* Fix tests again and again anda again

* Update searchstore_test

* Fix goimports

* More go imports

* More imports fixes

* Fix lint

* Move UnprovisionDashboard function into dashboard service and remove bus

* Use search service instead of bus

* Fix test

* Fix go imports

* Use nil in tests
2022-02-16 14:15:44 +01:00
Dimitris Sotirakis
605d056136
Security: Sync security changes on main (#45083)
* * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search
* Teams: Ensure that users searching for teams are only able see teams they have access to
* Teams: Require teamGuardian admin privileges to list team members
* Teams: Prevent org viewers from administering teams
* Teams: Add org_id condition to team count query
* Teams: clarify permission requirements in teams api docs
* Teams: expand scenarios for team search tests
* Teams: mock teamGuardian in tests

Co-authored-by: Dan Cech <dcech@grafana.com>

* remove duplicate WHERE statement

* Fix for CVE-2022-21702

(cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e)

* Lint and test fixes

(cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981)

* check content type properly

(cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98)

* basic csrf origin check

(cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1)

* compare origin to host

(cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42)

* simplify url parsing

(cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d)

* check csrf for GET requests, only compare origin

(cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709)

* parse content type properly

(cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0)

* mentioned get in the comment

(cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345)

* add content-type: application/json to test HTTP requests

* fix pluginproxy test

* Fix linter when comparing errors

Co-authored-by: Kevin Minehart <kmineh0151@gmail.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
2022-02-09 13:44:38 +01:00
idafurjes
caa5f356be
Remove bus from dashboard api (#44923)
* Remove bus from dashboard api

* Polish api dashboard tests

* Remove Delete Slug method

* Fix sqlstore dashboard test

* Remove bus from dashboard permission

* Remove GetDashboardsBySlug from sqlstore
2022-02-07 12:43:43 +01:00
idafurjes
1b286e6bb5
Remove bus from quota, preferences, plugins, user_token (#44762)
* Remove bus from quota, preferences, plugins, user_token

* Bind sqlstore.Store to *sqlstore.SQLStore

* Fix test

* Fix sqlstore wire injection, dependency
2022-02-03 09:20:20 +01:00
ying-jeanne
7422789ec7
Remove Macaron ParamsInt64 function from code base (#43810)
* draft commit

* change all calls

* Compilation errors
2022-01-15 00:55:57 +08:00
idafurjes
7936c4c522
Rename AddHandlerCtx to AddHandler (#43557) 2021-12-28 16:08:07 +01:00
idafurjes
e6123bc3ef
Replace AddHandler with AddHandlerCtx in tests (#42585) 2021-12-01 15:43:31 +01:00
Serge Zaitsev
d9cdcb550e
Chore: Refactor api handlers to use web.Bind (#42199)
* Chore: Refactor api handlers to use web.Bind

* fix comments

* fix comment

* trying to fix most of the tests and force routing.Wrap type check

* fix library panels tests

* fix frontend logging tests

* allow passing nil as a response to skip writing

* return nil instead of the response

* rewrite login handler function types

* remove handlerFuncCtx

* make linter happy

* remove old bindings from the libraryelements

* restore comments
2021-11-29 10:18:01 +01:00
Jesse Weaver
5af96544f3
Forbid creation of dashboard permissions with both a user and a team (#40104)
These permissions could be created through the API but would not show
correctly in the UI.
2021-10-13 12:16:58 -06:00
Marcus Efraimsson
518a0d0458
Chore: Propagate context for dashboard guardian (#39201)
Require guardian.New to take context.Context as first argument. 
Migrates the GetDashboardAclInfoListQuery to be dispatched using context.

Ref #36734

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: sam boyer <sam.boyer@grafana.com>
2021-09-23 17:43:32 +02:00
Carl Bergquist
b40e78a943
Instrumentation: add context.Context to the dashboard get flow. (#34955)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2021-06-15 16:08:27 +02:00
Arve Knudsen
87c3a2b790
PluginManager: Make Plugins, Renderer and DataSources non-global (#31866)
* PluginManager: Make Plugins and DataSources non-global

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix integration tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Replace outdated command

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* DashboardService: Ensure it gets constructed with necessary parameters

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix build

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* DashboardService: Ensure it gets constructed with necessary parameters

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Remove dead code

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix test

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix test

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Remove FocusConvey

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix test

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Remove dead code

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Undo interface changes

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Backend: Move tsdbifaces.RequestHandler to plugins.DataRequestHandler

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Rename to DataSourceCount

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Consolidate dashboard interfaces into one

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix test

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix dashboard integration tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-03-17 16:06:10 +01:00
Hugo Häggmark
3d41267fc4
Chore: Moves common and response into separate packages (#30298)
* Chore: moves common and response into separate packages

* Chore: moves common and response into separate packages

* Update pkg/api/utils/common.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Chore: changes after PR comments

* Chore: move wrap to routing package

* Chore: move functions in common to response package

* Chore: move functions in common to response package

* Chore: formats imports

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 14:43:20 +01:00
Agnès Toulet
22788d1d86
Add an option to hide certain users in the UI (#28942)
* Add an option to hide certain users in the UI

* revert changes for admin users routes

* fix sqlstore function name

* Improve slice management

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* Hidden users: convert slice to map

* filter with user logins instead of IDs

* put HiddenUsers in Cfg struct

* hide hidden users from dashboards/folders permissions list

* Update conf/defaults.ini

Co-authored-by: Torkel Ödegaard <torkel@grafana.com>

* fix params order

* fix tests

* fix dashboard/folder update with hidden user

* add team tests

* add dashboard and folder permissions tests

* fixes after merge

* fix tests

* API: add test for org users endpoints

* update hidden users management for dashboard / folder permissions

* improve dashboard / folder permissions tests

* fixes after merge

* Guardian: add hidden acl tests

* API: add team members tests

* fix team sql syntax for postgres

* api tests update

* fix linter error

* fix tests errors after merge

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
2020-11-24 12:10:32 +01:00
Arve Knudsen
006868339d
Backend: Fix build (#29206)
* Backend: Fix build

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-18 16:16:58 +01:00
Will Browne
2939caf9a2
Permissions: Validate against Team/User permission role update (#29101)
* validate against role field update

* lowercase error string

* make all msgs consistent style

* fix wording

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* sayonara simple json

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-18 15:36:41 +01:00
Arve Knudsen
52c154a221
Backend: Rename variables for style conformance (#29097)
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-17 17:09:14 +01:00
Arve Knudsen
cb62e69997
Chore: Convert API tests to standard Go lib (#29009)
* Chore: Convert tests to standard Go lib

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 09:52:38 +01:00
Carl Bergquist
3fdd2648b1
Chore: Avoid aliasing importing models in api package (#22492) 2020-03-04 12:57:20 +01:00
Leonard Gram
5e08bf5130 test: fixed usage of wrap in tests. 2018-07-02 17:13:59 +02:00
Daniel Lee
32264c61c4 Merge branch 'master' into dashboard-acl-ux2 2018-03-29 11:32:24 +02:00
Dan Cech
c0ecdee375
rename Context to ReqContext 2018-03-07 11:54:50 -05:00
Dan Cech
338655dd37
move Context and session out of middleware 2018-03-06 18:16:49 -05:00
Marcus Efraimsson
f76b98d252 dashboards: change dashboard/folder permission error messages 2018-02-27 16:04:45 +01:00
Marcus Efraimsson
03f8eff880 dashboards: handle new guardian error responses and update tests
Using a mocked guardian instead and relies on the actual guardian tests for verifying
permission handling correctness
2018-02-27 16:04:45 +01:00
Marcus Efraimsson
9889c92083 fix typos in api, acl to permissions 2018-02-21 11:50:32 +01:00
Marcus Efraimsson
d68099bc4a dashboards: change api route for dashboard permissions
From /api/dashboards/id/:id/acl to /api/dashboards/id/:id/permissions
2018-02-21 11:42:54 +01:00