IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
38,463 Commits 5,454 Branches 554 Tags 1.9 GiB
6f8fcae01b
Commit Graph

13 Commits

Author SHA1 Message Date
idafurjes
6afad51761
Move SignedInUser to user service and RoleType and Roles to org (#53445) 
* Move SignedInUser to user service and RoleType and Roles to org

* Use go naming convention for roles

* Fix some imports and leftovers

* Fix ldap debug test

* Fix lint

* Fix lint 2

* Fix lint 3

* Fix type and not needed conversion

* Clean up messages in api tests

* Clean up api tests 2
 2022-08-10 11:56:48 +02:00
Karl Persson
2738d1c557
Access Control: Move dashboard actions and create scope provider (#48618) 
* Move dashboard actions and create scope provider
 2022-05-04 16:12:09 +02:00
Yuriy Tseretyan
51114527dc
Alerting: handle folder permissions when fine-grained access enabled (#47035) 
* Use alert:create action for folder search with edit permissions. This matches the action that is used to query dashboards (the update will be addressed later)
* Update rule store to use FindDashboards instead of folder service to list folders the user has access to view alerts. Folder service does not support query type and additional filters. 
* Do not check whether the user can save to folder if FGAC is enabled because it is checked on API level.
 2022-04-01 19:33:26 -04:00
Karl Persson
a5e4a533fa
Access control: use uid for dashboard and folder scopes (#46807) 
* use uid:s for folder and dashboard permissions

* evaluate folder and dashboard permissions based on uids

* add dashboard.uid to accept list

* Check for exact suffix

* Check parent folder on create

* update test

* drop dashboard:create actions with dashboard scope

* fix typo

* AccessControl: test id 0 scope conversion

* AccessControl: store only parent folder UID

* AccessControl: extract general as a constant

* FolderServices: Prevent creation of a folder uid'd general

* FolderServices: Test folder creation prevention

* Update pkg/services/guardian/accesscontrol_guardian.go

* FolderServices: fix mock call expect

* FolderServices: remove uneeded mocks

Co-authored-by: jguer <joao.guerreiro@grafana.com>
 2022-03-30 15:14:26 +02:00
Karl Persson
7ab1ef8d6e
Access Control: Support other attributes than id for resource permissions (#46727) 
* Add option to set ResourceAttribute for a permissions service
* Use prefix in access control sql filter to parse scopes
* Use prefix in access control metadata to check access
 2022-03-21 17:58:18 +01:00
Yuriy Tseretyan
ea815d640f
Search Service to support search for folders available for alerting (#46483) 
* support new query type "alert-folder"
* move action calculation to the constructor of the filter
* update filter to support query type `dash-folder-alerting` and empty dashboard actions
* require folders:read to access alert rules
 2022-03-16 14:07:04 +00:00
Karl Persson
8688073564
Access control: Support filter on several actions (#46524) 
* Add support for several actions when creating a acccess control sql
filter
 2022-03-14 17:11:21 +01:00
Yuriy Tseretyan
314be36a7c
Move datasource scopes and actions to access control package (#46334) 
* create scope provider
* move datasource actions and scopes to datasource package + add provider
* change usages to use datasource scopes and update data source name resolver to use provider
* move folder permissions to dashboard package and update usages
 2022-03-09 11:57:50 -05:00
Karl Persson
1f3f4ebe21
Support permission filter in access control search filter (#46317) 2022-03-08 12:46:49 +01:00
Karl Persson
4982ca3b1d
Access control: Use access control for dashboard and folder (#44702) 
* Add actions and scopes

* add resource service for dashboard and folder

* Add dashboard guardian with fgac permission evaluation

* Add CanDelete function to guardian interface

* Add CanDelete property to folder and dashboard dto and set values

* change to correct function name

* Add accesscontrol to folder endpoints

* add access control to dashboard endpoints

* check access for nav links

* Add fixed roles for dashboard and folders

* use correct package

* add hack to override guardian Constructor if accesscontrol is enabled

* Add services

* Add function to handle api backward compatability

* Add permissionServices to HttpServer

* Set permission when new dashboard is created

* Add default permission when creating new dashboard

* Set default permission when creating folder and dashboard

* Add access control filter for dashboard search

* Add to accept list

* Add accesscontrol to dashboardimport

* Disable access control in tests

* Add check to see if user is allow to create a dashboard

* Use SetPermissions

* Use function to set several permissions at once

* remove permissions for folder and dashboard on delete

* update required permission

* set permission for provisioning

* Add CanCreate to dashboard guardian and set correct permisisons for
provisioning

* Dont set admin on folder / dashboard creation

* Add dashboard and folder permission migrations

* Add tests for CanCreate

* Add roles and update descriptions

* Solve uid to id for dashboard and folder permissions

* Add folder and dashboard actions to permission filter

* Handle viewer_can_edit flag

* set folder and dashboard permissions services

* Add dashboard permissions when importing a new dashboard

* Set access control permissions on provisioning

* Pass feature flags and only set permissions if access control is enabled

* only add default permissions for folders and dashboards without folders

* Batch create permissions in migrations


* Remove `dashboards:edit` action

* Remove unused function from interface

* Update pkg/services/guardian/accesscontrol_guardian_test.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
 2022-03-03 15:05:47 +01:00
Selene
bdbd199910
Remove unnecesary joins from queries (#43626) 2022-01-04 13:04:02 +01:00
Arve Knudsen
5070f7a75b
Chore: Start harmonizing linting with plugin SDK (#25854) 
* Chore: Harmonize linting with plugin SDK

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Chore: Fix linting issues

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
 2020-06-29 14:08:32 +02:00
Emil Tullstedt
55c306eb6d
Refactor search (#23550) 
Co-Authored-By: Arve Knudsen <arve.knudsen@grafana.com>
Co-Authored-By: Leonard Gram <leonard.gram@grafana.com>
 2020-04-20 16:20:45 +02:00