IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-16 18:34:52 -06:00
Code Issues Packages Projects Releases Wiki Activity
44,956 Commits 5,454 Branches 554 Tags 1.9 GiB
8b00d7d7af
Commit Graph

71 Commits

Author SHA1 Message Date
Karl Persson
c207ea30eb
Access Control: Remove unused option (#48317) 
* Remove unused option
 2022-04-29 11:05:51 +02:00
Karl Persson
e9a93ebfc9
Access Control: Move access control middlewares to domain package (#48322) 
* Move access control middleware to domain package
 2022-04-28 10:46:18 +02:00
Jguer
90a94eab74
Dashboard/Folder permission fix session (#47174) 
* Fix inherited scopes for dashboard to use folder uid

* Add inherited evaluators

* Slight modification of the commments

* Add test for inheritance

* Nit.

* extract shared function from tests

* Nit. Extra line

* Remove unused comment

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: gamab <gabi.mabs@gmail.com>
 2022-04-05 14:28:23 +02:00
Karl Persson
7ab1ef8d6e
Access Control: Support other attributes than id for resource permissions (#46727) 
* Add option to set ResourceAttribute for a permissions service
* Use prefix in access control sql filter to parse scopes
* Use prefix in access control metadata to check access
 2022-03-21 17:58:18 +01:00
Karl Persson
4df7bf5ab2
Access control: Display inherited folder permissions in dashboards (#46421) 2022-03-17 17:08:51 +01:00
Karl Persson
0debf33c76
Access control: Always append all permissions to role admin in oss (#46282) 
* Always append all permissions to built in role admin in oss
 2022-03-07 13:28:39 +01:00
Karl Persson
4982ca3b1d
Access control: Use access control for dashboard and folder (#44702) 
* Add actions and scopes

* add resource service for dashboard and folder

* Add dashboard guardian with fgac permission evaluation

* Add CanDelete function to guardian interface

* Add CanDelete property to folder and dashboard dto and set values

* change to correct function name

* Add accesscontrol to folder endpoints

* add access control to dashboard endpoints

* check access for nav links

* Add fixed roles for dashboard and folders

* use correct package

* add hack to override guardian Constructor if accesscontrol is enabled

* Add services

* Add function to handle api backward compatability

* Add permissionServices to HttpServer

* Set permission when new dashboard is created

* Add default permission when creating new dashboard

* Set default permission when creating folder and dashboard

* Add access control filter for dashboard search

* Add to accept list

* Add accesscontrol to dashboardimport

* Disable access control in tests

* Add check to see if user is allow to create a dashboard

* Use SetPermissions

* Use function to set several permissions at once

* remove permissions for folder and dashboard on delete

* update required permission

* set permission for provisioning

* Add CanCreate to dashboard guardian and set correct permisisons for
provisioning

* Dont set admin on folder / dashboard creation

* Add dashboard and folder permission migrations

* Add tests for CanCreate

* Add roles and update descriptions

* Solve uid to id for dashboard and folder permissions

* Add folder and dashboard actions to permission filter

* Handle viewer_can_edit flag

* set folder and dashboard permissions services

* Add dashboard permissions when importing a new dashboard

* Set access control permissions on provisioning

* Pass feature flags and only set permissions if access control is enabled

* only add default permissions for folders and dashboards without folders

* Batch create permissions in migrations


* Remove `dashboards:edit` action

* Remove unused function from interface

* Update pkg/services/guardian/accesscontrol_guardian_test.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
 2022-03-03 15:05:47 +01:00
Karl Persson
18cbfba596
Access control: Filter users and teams by read permissions (#45968) 
* pass signed in user and filter based on permissions
 2022-03-01 10:58:41 +01:00
Karl Persson
cdc08105c2
Access control: Set default permissions for data sources when using access control (#45482) 
* Rename interfaces and use then with wire injection

* Set default permissions when creating new data source
 2022-02-17 14:03:45 +01:00
Karl Persson
d2b9da9dde
Access control: Support uids for resource permissions (#45226) 
* add middleware to solve uid -> id for requests
 2022-02-10 17:47:48 +01:00
Karl Persson
01d961c824
update mock (#45010) 2022-02-07 18:44:56 +01:00
Karl Persson
922b9465ec
Access Control: Add function to set several permissions on a resource in one transaction (#44768) 2022-02-07 17:04:32 +01:00
Ieva
602d62ebcc
Access control: FGAC for team sync endpoints (#44673) 
* add actions for team group sync

* extend the hook to allow specifying whether the user is external

* move user struct to type package

* interface for permission service to allow mocking it

* reuse existing permissions

* test fix

* refactor

* linting
 2022-02-03 15:27:05 +00:00
J Guerreiro
153b231521
AccessControl: Refine interface for AC store (#44536) 
* AccessControl: Refine interface for AC store

* Update pkg/services/accesscontrol/database/resource_permissions.go
 2022-01-27 16:47:24 +01:00
Katarina Yang
92ca38bedf
Refactor: Change sqlstore.inTransaction to SQLStore.WithTransactionalDBSession in misc files (#43926) 
* Refactor: Change sqlstore.inTransaction to SQLStore.WithTransactionalDBSession in misc files

* Refactor: Change .inTransaction in org.go file

* Refactor: Update init() to proper SQLStore handlers

* Refactor: Update funcs in tests to be sqlStore methods

* Refactor: Update API funcs to receive HTTPServer

* Fix: define methods on sqlstore

* Adjust GetSignedInUser calls

* Refactor: Add sqlStore to Service struct

* Chore: Add back black spaces to remove file from PR

Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
 2022-01-25 20:30:08 +01:00
Karl Persson
de2c5783fa
Access Control: Pass db session to hooks (#44428) 
* Move hook calls to database and pass session
 2022-01-25 17:12:00 +01:00
idafurjes
00c389933b
Chore: Remove bus from team (#44218) 
* Remove bus from team

* Fix api team test

* Remove bus from team members
 2022-01-24 11:52:35 +01:00
ying-jeanne
7422789ec7
Remove Macaron ParamsInt64 function from code base (#43810) 
* draft commit

* change all calls

* Compilation errors
 2022-01-15 00:55:57 +08:00
Karl Persson
0ace9695a6
Access control: Add optional hooks (#43372) 
* Add optional OnSet hooks
 2021-12-23 10:10:06 +01:00
Karl Persson
b3d5a607d4
Access Control: Add option to filter only managed permissions (#43371) 
* Add option to filter only managed permissions
 2021-12-21 14:22:54 +01:00
Karl Persson
c3ca2d214d
Access control: Refactor managed permission system to create api and frontend components (#42540) 
* Refactor resource permissions
* Add frondend components for resource permissions

Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
 2021-12-20 09:52:24 +01:00