* ContextSrv: No longer try to rotate token if we are using auth_token in url
Also extract the logic to check if we should schedule the job into its own function
* FeatureToggle: Add toggle to use a new way of rotating tokens
* API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd
* Auth: Aling not authorized handling between auth middleware and access
control middleware
* API: add utility function to get redirect for login
* API: Handle token rotation redirect for login page
* Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request
* ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated
* AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated
* Cookies: Add option NotHttpOnly
* AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated
* AuthN: Add function to delete session cookie and set expiry cookie
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* move analytics identifiers to backend
* implement hash function
* grab secret from env
* expose and retrieve intercom secret from config
* concat email with appUrl to ensure uniqueness
* revert to just using email
* Revert "revert to just using email"
This reverts commit 8f10f9b1bc.
* add docstring
* simplify usePageTitle logic a bit
* use buildBreadcrumbs logic in usePageTitle
* always add home item to navTree, fix some tests
* fix remaining unit tests
* PluginDetails: Make plugin details page look good in topnav
* Minor style tweak aligning things
* minor refactoring where I moved the logic to decide the default tab into its own hook.
* refactor(plugindetails): first pass at using navmodel for usePluginDetailsTabs hook
* refactor(plugindetails): move "reset page when uninstalling plugin" to installcontrols
this prevents a user from seeing a blank page if they uninstall an app plugin whilst viewing a
config page
* refactor(plugindetails): remove usage of toIconName and reduce nested if
* Trying to fix tests
* minor fix
* test(plugindetails): update selectors causing failing tests
* chore(plugindetails): remove commented out test code
* test(plugindetails): clean up - remove unnecesary usage of waitFor
Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com>
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
* Add RBAC section to settings
* Default to RBAC enabled settings to true
* Update tests to respect RBAC
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* AccessControl: Add endpoint to get user permissions
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Fix SA tests
* Linter is wrong :p
* Wait I was wrong
* Adding the route for teams:creator too
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* AccessControl: Change teams permissions page when frontend is hit
* Implement frontend changes for group sync
* Changing the org/teams/edit permissions
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Fixing routes
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Use props straight away no need to go through the state
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Update public/app/features/teams/TeamPages.tsx
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* AccessControl: Provide scope to frontend
* Covering datasources with accesscontrol metadata
* Write benchmark tests for GetResourcesMetadata
* Add accesscontrol util and interface
* Add the hasPermissionInMetadata function in the frontend access control code
* Use IsDisabled rather that performing a feature toggle check
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Very simple role picker
* Style radio button
* Separate component for the built-in roles selector
* Custom component instead of Select
* refactor
* Custom input for role picker
* Refactor
* Able to select built-in role
* Add checkboxes for role selector
* Filter out fixed and internal roles
* Add action buttons
* Implement role search
* Fix selecting roles
* Pass custom roles to update
* User role picker
* Some UX work on role picker
* Clear search query on close
* Blur input when closed
* Add roles counter
* Refactor
* Add disabled state for picker
* Adjust disabled styles
* Replace ChangeOrgButton with role picker on admin/users page
* Remove unused code
* Apply suggestions from code review
Suggestions from the @Clarity-89
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Refactor: fix some errors after applying review suggestions
* Show fixed roles in the picker
* Show applied fixed roles
* Fix role counter
* Fix checkbox selection
* Use specific Role type for menu options
* Fix menu when roles list is empty
* Fix radio button name
* Make fixed roles from built-in role disabled
* Make whole menu scrollable
* Add BuiltInRole type
* Simplify appliedRoles
* Simplify options and props
* Do not select and disable inherited fixed roles
* Enable selecting fixed role
* Add description tooltip
* Fix role param name
* Export common input styles from grafana/ui
* Add ValueContainer
* Use value container
* Refactor appliedRoles logic
* Optimise role rendering
* Display selected roles
* Fix tooltip position
* Use OrgRole type
* Optimise role rendering
* Use radio button from grafana UI
* Submenu WIP
* Role picker submenu WIP
* Hide role description
* Tweak styles
* Implement submenu selection
* Disable role selection if it's inherited
* Show new role picker only in Enterprise
* Fix types
* Use orgid when fetching/updating roles
* Use orgId in all access control requests
* Styles for partially checked checkbox
* Tweak group option styles
* Role picker menu: refactor
* Reorganize roles in menu
* Fix input behaviour
* Hide groups on search
* Remove unused components
* Refactor
* Fix group selection
* Remove icons from role tags
* Add spacing for menu sections
* Rename clear all to clear in submenu
* Tweak menu width
* Show changes in the input when selecting roles
* Exclude inherited roles from selection
* Increase menu height
* Change built-in role in input on select
* Include inherited roles to the built-in role selection
* refcator import
* Refactor role picker to be able to pass roles and builtin roles getters
* Add role picker to the org users page
* Show inherited builtin roles in the popup
* Filter out managed roles
* Fix displaying initial builtin roles
* Show tooltip only for non-builtin roles
* Set min width for focused input
* Do not disable inherited roles (by design)
* Only show picker if access control enabled
* Fix tests
* Only close menu on click outside or on indicator click
* Open submenu on hover
* Don't search on empty query
* Do not open/close menu on click
* Refactor
* Apply suggestions from code review
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Fix formatting
* Apply suggestions
* Add more space for close menu sign
* Tune tooltip styles
* Move tooltip to the right side of option
* Use info sign instead of question
Co-authored-by: Clarity-89 <homes89@ukr.net>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* refactor licenseURL function to use context and export permission evaluation fction
* remove provisioning file
* refactor licenseURL to take in a bool to avoid circular dependencies
* remove function for appending nav link, as it was only used once and move the function to create admin node
* better argument names
* create a function for permission checking
* extend permission checking when displaying server stats
* enable the use of enterprise access control actions when evaluating permissions
* import ordering
* move licensing FGAC action definitions to models package to allow access from oss
* move evaluatePermissions for routes to context serve
* change permission evaluator to take in more permissions
* move licensing FGAC actions again to appease wire
* avoid index out of bounds issue in case no children are passed in when creating server admin node
* simplify syntax for permission checking
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* update loading state for server stats
* linting
* more linting
* fix test
* fix a frontend test
* update "licensing.reports:read" action naming
* UI doesn't allow reading only licensing reports and not the rest of licensing info
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* add fixed role for datasource read operations
* Add action for datasource explore
* add authorize middleware to explore index route
* add fgac support for explore navlink
* update hasAccessToExplore to check if accesscontrol is enable and evalute action if it is
* add getExploreRoles to evalute roles based onaccesscontrol, viewersCanEdit and default
* create function to evaluate permissions or using fallback if accesscontrol is disabled
* change hasAccess to prop and derive the value in mapStateToProps
* add test case to ensure buttons is not rendered when user does not have access
* Only hide return with changes button
* remove internal links if user does not have access to explorer
Co-authored-by: Ivana Huckova <30407135+ivanahuckova@users.noreply.github.com>
* Performance: Standardize lodash imports to use destructured members
Changes lodash imports of the form `import x from 'lodash/x'` to
`import { x } from 'lodash'` to reduce bundle size.
* Remove unnecessary _ import from Graph component
* Enforce lodash import style
* Fix remaining lodash imports
* Expose user permissions to the frontend
* Do not include empty scope
* Extend ContextSrv with hasPermission() method
* Add access control types
* Fix type error (make permissions optional)
* Fallback if access control disabled
* Move UserPermission to types
* Simplify hasPermission()
* Chore: reduces strict error in OptionPicker tests
* Chore: reduces strict errors in FormDropdownCtrl
* Chore: reduces has no initializer and is not definitely assigned in the constructor errors
* Chore: reduces has no initializer and is not definitely assigned in the constructor errors
* Chore: lowers strict count limit
* Tests: updates snapshots
* Tests: updates snapshots
* Chore: updates after PR comments
* Refactor: removes throw and changes signature for DashboardSrv.getCurrent
When the user session expires, and the 401 triggers a page reload to get the user to the login page, ChangeTracker will interfer. By setting the user as logged out in the context when the session is timed out, we can ignore the changes in ChangeTracker.
