Commit Graph

44 Commits

Author SHA1 Message Date
idafurjes
68445a7c77
Chore: Remove dashboard ACL from models (#61749)
* Remove dashboard ACL from models

* Remove unused comment
2023-01-20 14:58:47 +01:00
idafurjes
b573b19ca3
Chore: Remove dashboards from models pkg (#61578)
* Copy dashboard models to dashboard pkg

* Use some models from current pkg instead of models

* Adjust api pkg

* Adjust pkg services

* Fix lint

* Chore: Remove dashboards models

* Remove dashboards from models pkg

* Fix lint in tests

* Fix lint in tests 2

* Fix for import in auth

* Remove newline

* Revert unused fix
2023-01-18 13:52:41 +01:00
idafurjes
7c2522c477
Chore: Move dashboard models to dashboard pkg (#61458)
* Copy dashboard models to dashboard pkg

* Use some models from current pkg instead of models

* Adjust api pkg

* Adjust pkg services

* Fix lint
2023-01-16 16:33:55 +01:00
Sofia Papagiannaki
11d8bcbea9
Guardian: Introduce additional constructors (#59577)
* Guardian: Use dashboard UID instead of ID

* Apply suggestions from code review

Introduce several guardian constructors and each time use
the most appropriate one.
2022-12-15 16:34:17 +02:00
Denis Limarev
b814c66c1d
Perfomance: add preallocation for some slices (#59263)
add preallocation for some slices
2022-11-28 13:10:24 +01:00
idafurjes
a14621fff6
Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343)
* Chore: Add user service method SetUsingOrg

* Chore: Add user service method GetSignedInUserWithCacheCtx

* Use method GetSignedInUserWithCacheCtx from user service

* Fix lint after rebase

* Fix lint

* Fix lint error

* roll back some changes

* Roll back changes in api and middleware

* Add xorm tags to SignedInUser ID fields
2022-08-11 13:28:55 +02:00
Sofia Papagiannaki
7ba076de10
Chore: Move swagger definitions to the handlers (#52643) 2022-07-27 09:54:37 -04:00
idafurjes
f5cace8bbd
Rename Acl to ACL (#52342)
* Rename Acl to ACL

* Fix yaml files

* Add xorm tags and fix test
2022-07-18 15:14:58 +02:00
owensmallwood
0b4af38bfa
Public Dashboards: Query Caching (#51403)
* passes id and uid to PublicDashboardDatasource

* betterer results

* If for a public dashboard, return the PublicDashboardDataSource first or else getDatasourceSrv.get() will fail bc of no authed user.

Added some unit tests for resolving the uid from the many possible datasource types.

* updates betterer

* Exports DashboardService. Adds method to DashboardService to build anonymous user for use with public dashboards where there is no authed user. Adds method on dashboard_queries to get all dashboard uids from a dashboard.

* refactors to get unique datasource uids

* Adds tests for getting all unique datasource uids off a dashboard

* adds test for building anonymous user with read and query actions that are scoped to each datasource uid in the dashboard

* updates casing of DashboardService

* updates test case to have additional panel with a different datasource

* gives default interval to public dashboard data source
2022-07-06 12:42:39 -06:00
Karl Persson
61772a66b6
AccessControl: Create own interface and impl for each permission service (#48871)
* Create own interfaces for team, folder, dashboard and data source permissions services
* Remove service container and inject them individually
2022-05-10 15:48:47 +02:00
Karl Persson
9e84e20ade
Pass dash id (#48269) 2022-04-29 10:23:07 +02:00
Ieva
68ca5b2e05
Access control: refactor RBAC checks (#48107)
* refactor RBAC checks

* fix a test

* another test fix

* and another
2022-04-25 10:42:09 +02:00
idafurjes
d99d095ac6
Add endpoint with UID for dashboard permissions (#47753)
* Replace sequential IDs with UID for dashboard permossion

* Add back endpoint with id

* Rename parameter from dashboarUid->uid and add swagger definitions for endpoints

* Generate swagger json

* Add deprecated to swagger and docs

* Add deprecated comment in the api.go

* Add model for POST body

* Fix model post body for endpoint

* Generate spec with enterprise
2022-04-21 16:24:03 +02:00
ying-jeanne
7ddae870e7
fix status code 200 (#47818) 2022-04-15 08:01:58 -04:00
Karl Persson
a5e4a533fa
Access control: use uid for dashboard and folder scopes (#46807)
* use uid:s for folder and dashboard permissions

* evaluate folder and dashboard permissions based on uids

* add dashboard.uid to accept list

* Check for exact suffix

* Check parent folder on create

* update test

* drop dashboard:create actions with dashboard scope

* fix typo

* AccessControl: test id 0 scope conversion

* AccessControl: store only parent folder UID

* AccessControl: extract general as a constant

* FolderServices: Prevent creation of a folder uid'd general

* FolderServices: Test folder creation prevention

* Update pkg/services/guardian/accesscontrol_guardian.go

* FolderServices: fix mock call expect

* FolderServices: remove uneeded mocks

Co-authored-by: jguer <joao.guerreiro@grafana.com>
2022-03-30 15:14:26 +02:00
Karl Persson
4982ca3b1d
Access control: Use access control for dashboard and folder (#44702)
* Add actions and scopes

* add resource service for dashboard and folder

* Add dashboard guardian with fgac permission evaluation

* Add CanDelete function to guardian interface

* Add CanDelete property to folder and dashboard dto and set values

* change to correct function name

* Add accesscontrol to folder endpoints

* add access control to dashboard endpoints

* check access for nav links

* Add fixed roles for dashboard and folders

* use correct package

* add hack to override guardian Constructor if accesscontrol is enabled

* Add services

* Add function to handle api backward compatability

* Add permissionServices to HttpServer

* Set permission when new dashboard is created

* Add default permission when creating new dashboard

* Set default permission when creating folder and dashboard

* Add access control filter for dashboard search

* Add to accept list

* Add accesscontrol to dashboardimport

* Disable access control in tests

* Add check to see if user is allow to create a dashboard

* Use SetPermissions

* Use function to set several permissions at once

* remove permissions for folder and dashboard on delete

* update required permission

* set permission for provisioning

* Add CanCreate to dashboard guardian and set correct permisisons for
provisioning

* Dont set admin on folder / dashboard creation

* Add dashboard and folder permission migrations

* Add tests for CanCreate

* Add roles and update descriptions

* Solve uid to id for dashboard and folder permissions

* Add folder and dashboard actions to permission filter

* Handle viewer_can_edit flag

* set folder and dashboard permissions services

* Add dashboard permissions when importing a new dashboard

* Set access control permissions on provisioning

* Pass feature flags and only set permissions if access control is enabled

* only add default permissions for folders and dashboards without folders

* Batch create permissions in migrations


* Remove `dashboards:edit` action

* Remove unused function from interface

* Update pkg/services/guardian/accesscontrol_guardian_test.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-03-03 15:05:47 +01:00
Selene
d5b98772ed
Dashboards: Refactor service to make it injectable by wire (#44588)
* Add providers to folder and dashboard services

* Refactor folder and dashboard services

* Move store implementation to its own file due wire cannot allow us to cast to SQLStore

* Add store in some places and more missing dependencies

* Bad merge fix

* Remove old functions from tests and few fixes

* Fix provisioning

* Remove store from http server and some test fixes

* Test fixes

* Fix dashboard and folder tests

* Fix library tests

* Fix provisioning tests

* Fix plugins manager tests

* Fix alert and org users tests

* Refactor service package and more test fixes

* Fix dashboard_test tets

* Fix api tests

* Some lint fixes

* Fix lint

* More lint :/

* Move dashboard integration tests to dashboards service and fix dependencies

* Lint + tests

* More integration tests fixes

* Lint

* Lint again

* Fix tests again and again anda again

* Update searchstore_test

* Fix goimports

* More go imports

* More imports fixes

* Fix lint

* Move UnprovisionDashboard function into dashboard service and remove bus

* Use search service instead of bus

* Fix test

* Fix go imports

* Use nil in tests
2022-02-16 14:15:44 +01:00
idafurjes
caa5f356be
Remove bus from dashboard api (#44923)
* Remove bus from dashboard api

* Polish api dashboard tests

* Remove Delete Slug method

* Fix sqlstore dashboard test

* Remove bus from dashboard permission

* Remove GetDashboardsBySlug from sqlstore
2022-02-07 12:43:43 +01:00
ying-jeanne
7422789ec7
Remove Macaron ParamsInt64 function from code base (#43810)
* draft commit

* change all calls

* Compilation errors
2022-01-15 00:55:57 +08:00
Serge Zaitsev
d9cdcb550e
Chore: Refactor api handlers to use web.Bind (#42199)
* Chore: Refactor api handlers to use web.Bind

* fix comments

* fix comment

* trying to fix most of the tests and force routing.Wrap type check

* fix library panels tests

* fix frontend logging tests

* allow passing nil as a response to skip writing

* return nil instead of the response

* rewrite login handler function types

* remove handlerFuncCtx

* make linter happy

* remove old bindings from the libraryelements

* restore comments
2021-11-29 10:18:01 +01:00
Jesse Weaver
5af96544f3
Forbid creation of dashboard permissions with both a user and a team (#40104)
These permissions could be created through the API but would not show
correctly in the UI.
2021-10-13 12:16:58 -06:00
Marcus Efraimsson
518a0d0458
Chore: Propagate context for dashboard guardian (#39201)
Require guardian.New to take context.Context as first argument. 
Migrates the GetDashboardAclInfoListQuery to be dispatched using context.

Ref #36734

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: sam boyer <sam.boyer@grafana.com>
2021-09-23 17:43:32 +02:00
Carl Bergquist
b40e78a943
Instrumentation: add context.Context to the dashboard get flow. (#34955)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2021-06-15 16:08:27 +02:00
Dimitris Sotirakis
1c49986b2f
Chore: Remove endpoints that contain the slug field (#35104)
* Chore: Remove endpoints that contain the slug field

* More cleanups

* Lint fixes

* Remove unnecessary funcs

* Cleanup frontend code

* Remove deprecated endpoints from docs

* Revert change according to reviewer's comments
2021-06-03 16:20:13 +03:00
Marcus Efraimsson
7e6db1ee7e
Permissions: Fix inherited folder permissions can prevent new permissions being added to a dashboard (#33329)
In the case permissions has been added on dashboard(s). Later permissions for the 
parent folder of the dashboard is edited in such a way that dashboard in that folder 
has a permission that is a duplicate of an inherited one. This PR changes so that 
duplicate permissions are now filtered out from /api/dashboards/id/<dashboard id>/permissions.
Duplicate permission are not filtered out if the permission on dashboard is higher 
than on the inherited folder.

Fixes #33296

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-04-28 14:42:18 +02:00
Arve Knudsen
87c3a2b790
PluginManager: Make Plugins, Renderer and DataSources non-global (#31866)
* PluginManager: Make Plugins and DataSources non-global

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix integration tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Replace outdated command

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* DashboardService: Ensure it gets constructed with necessary parameters

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix build

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* DashboardService: Ensure it gets constructed with necessary parameters

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Remove dead code

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix test

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix test

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Remove FocusConvey

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix test

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Remove dead code

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Undo interface changes

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Backend: Move tsdbifaces.RequestHandler to plugins.DataRequestHandler

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Rename to DataSourceCount

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Consolidate dashboard interfaces into one

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix test

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Fix dashboard integration tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-03-17 16:06:10 +01:00
Agnès Toulet
7f1f559929
Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132)
* Cfg: fix hidden users initialization

* add tests

* do not call isHiddenUser function for non-user permission

* do not call isHiddenUser function for non-user permission
2021-02-12 16:08:18 +01:00
Hugo Häggmark
3d41267fc4
Chore: Moves common and response into separate packages (#30298)
* Chore: moves common and response into separate packages

* Chore: moves common and response into separate packages

* Update pkg/api/utils/common.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Chore: changes after PR comments

* Chore: move wrap to routing package

* Chore: move functions in common to response package

* Chore: move functions in common to response package

* Chore: formats imports

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 14:43:20 +01:00
Agnès Toulet
22788d1d86
Add an option to hide certain users in the UI (#28942)
* Add an option to hide certain users in the UI

* revert changes for admin users routes

* fix sqlstore function name

* Improve slice management

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* Hidden users: convert slice to map

* filter with user logins instead of IDs

* put HiddenUsers in Cfg struct

* hide hidden users from dashboards/folders permissions list

* Update conf/defaults.ini

Co-authored-by: Torkel Ödegaard <torkel@grafana.com>

* fix params order

* fix tests

* fix dashboard/folder update with hidden user

* add team tests

* add dashboard and folder permissions tests

* fixes after merge

* fix tests

* API: add test for org users endpoints

* update hidden users management for dashboard / folder permissions

* improve dashboard / folder permissions tests

* fixes after merge

* Guardian: add hidden acl tests

* API: add team members tests

* fix team sql syntax for postgres

* api tests update

* fix linter error

* fix tests errors after merge

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
2020-11-24 12:10:32 +01:00
Arve Knudsen
294770f411
Chore: Handle wrapped errors (#29223)
* Chore: Handle wrapped errors

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2020-11-19 13:34:28 +01:00
Arve Knudsen
006868339d
Backend: Fix build (#29206)
* Backend: Fix build

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-18 16:16:58 +01:00
Will Browne
2939caf9a2
Permissions: Validate against Team/User permission role update (#29101)
* validate against role field update

* lowercase error string

* make all msgs consistent style

* fix wording

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* sayonara simple json

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-18 15:36:41 +01:00
Arve Knudsen
52c154a221
Backend: Rename variables for style conformance (#29097)
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-17 17:09:14 +01:00
Carl Bergquist
3fdd2648b1
Chore: Avoid aliasing importing models in api package (#22492) 2020-03-04 12:57:20 +01:00
Marcus Efraimsson
ebad863f95 permission: generate team avatar url with default 2018-04-04 15:50:45 +02:00
Daniel Lee
32264c61c4 Merge branch 'master' into dashboard-acl-ux2 2018-03-29 11:32:24 +02:00
Julian Kornberger
0a415c50d0 Make golint happier 2018-03-22 22:38:44 +01:00
Julian Kornberger
7aab6a8887 Make golint happier 2018-03-22 12:40:21 +01:00
Dan Cech
c0ecdee375
rename Context to ReqContext 2018-03-07 11:54:50 -05:00
Dan Cech
338655dd37
move Context and session out of middleware 2018-03-06 18:16:49 -05:00
Marcus Efraimsson
f76b98d252 dashboards: change dashboard/folder permission error messages 2018-02-27 16:04:45 +01:00
Marcus Efraimsson
03f8eff880 dashboards: handle new guardian error responses and update tests
Using a mocked guardian instead and relies on the actual guardian tests for verifying
permission handling correctness
2018-02-27 16:04:45 +01:00
Marcus Efraimsson
9889c92083 fix typos in api, acl to permissions 2018-02-21 11:50:32 +01:00
Marcus Efraimsson
d68099bc4a dashboards: change api route for dashboard permissions
From /api/dashboards/id/:id/acl to /api/dashboards/id/:id/permissions
2018-02-21 11:42:54 +01:00