* WIP: working as expected, has to be tested
* Rename query param, small changes
* Remove unused code
* Address feedback
* Cleanup
* Use the feature toggle to control the behaviour
* Use the toggle on the FE too
* Prevent the extra redirect/reload
Co-authored-by: Josh Hunt <joshhunt@users.noreply.github.com>
* Return to login if user is not authenticated
* Add tracking issue
* Align BE redirect constructor to locationSvc
* feat(grafana-data): create rbac functions for checking permissions
* feat(grafana-runtime): pass current user to runtime
* feat(grafana-runtime): expose rbac functions to check permissions against current user
* refactor(contextsrv): use functions from grafana/data to check rbac permissions against user
* Apply suggestions from code review
Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com>
* chore(rbac): fix missing types imports
* refactor(rbac): make exposed functions return boolean
---------
Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com>
* ContextSrv: No longer try to rotate token if we are using auth_token in url
Also extract the logic to check if we should schedule the job into its own function
* FeatureToggle: Add toggle to use a new way of rotating tokens
* API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd
* Auth: Aling not authorized handling between auth middleware and access
control middleware
* API: add utility function to get redirect for login
* API: Handle token rotation redirect for login page
* Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request
* ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated
* AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated
* Cookies: Add option NotHttpOnly
* AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated
* AuthN: Add function to delete session cookie and set expiry cookie
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* move analytics identifiers to backend
* implement hash function
* grab secret from env
* expose and retrieve intercom secret from config
* concat email with appUrl to ensure uniqueness
* revert to just using email
* Revert "revert to just using email"
This reverts commit 8f10f9b1bc.
* add docstring
* simplify usePageTitle logic a bit
* use buildBreadcrumbs logic in usePageTitle
* always add home item to navTree, fix some tests
* fix remaining unit tests
* PluginDetails: Make plugin details page look good in topnav
* Minor style tweak aligning things
* minor refactoring where I moved the logic to decide the default tab into its own hook.
* refactor(plugindetails): first pass at using navmodel for usePluginDetailsTabs hook
* refactor(plugindetails): move "reset page when uninstalling plugin" to installcontrols
this prevents a user from seeing a blank page if they uninstall an app plugin whilst viewing a
config page
* refactor(plugindetails): remove usage of toIconName and reduce nested if
* Trying to fix tests
* minor fix
* test(plugindetails): update selectors causing failing tests
* chore(plugindetails): remove commented out test code
* test(plugindetails): clean up - remove unnecesary usage of waitFor
Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com>
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
* Add RBAC section to settings
* Default to RBAC enabled settings to true
* Update tests to respect RBAC
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* AccessControl: Provide scope to frontend
* Covering datasources with accesscontrol metadata
* Write benchmark tests for GetResourcesMetadata
* Add accesscontrol util and interface
* Add the hasPermissionInMetadata function in the frontend access control code
* Use IsDisabled rather that performing a feature toggle check
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Very simple role picker
* Style radio button
* Separate component for the built-in roles selector
* Custom component instead of Select
* refactor
* Custom input for role picker
* Refactor
* Able to select built-in role
* Add checkboxes for role selector
* Filter out fixed and internal roles
* Add action buttons
* Implement role search
* Fix selecting roles
* Pass custom roles to update
* User role picker
* Some UX work on role picker
* Clear search query on close
* Blur input when closed
* Add roles counter
* Refactor
* Add disabled state for picker
* Adjust disabled styles
* Replace ChangeOrgButton with role picker on admin/users page
* Remove unused code
* Apply suggestions from code review
Suggestions from the @Clarity-89
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Refactor: fix some errors after applying review suggestions
* Show fixed roles in the picker
* Show applied fixed roles
* Fix role counter
* Fix checkbox selection
* Use specific Role type for menu options
* Fix menu when roles list is empty
* Fix radio button name
* Make fixed roles from built-in role disabled
* Make whole menu scrollable
* Add BuiltInRole type
* Simplify appliedRoles
* Simplify options and props
* Do not select and disable inherited fixed roles
* Enable selecting fixed role
* Add description tooltip
* Fix role param name
* Export common input styles from grafana/ui
* Add ValueContainer
* Use value container
* Refactor appliedRoles logic
* Optimise role rendering
* Display selected roles
* Fix tooltip position
* Use OrgRole type
* Optimise role rendering
* Use radio button from grafana UI
* Submenu WIP
* Role picker submenu WIP
* Hide role description
* Tweak styles
* Implement submenu selection
* Disable role selection if it's inherited
* Show new role picker only in Enterprise
* Fix types
* Use orgid when fetching/updating roles
* Use orgId in all access control requests
* Styles for partially checked checkbox
* Tweak group option styles
* Role picker menu: refactor
* Reorganize roles in menu
* Fix input behaviour
* Hide groups on search
* Remove unused components
* Refactor
* Fix group selection
* Remove icons from role tags
* Add spacing for menu sections
* Rename clear all to clear in submenu
* Tweak menu width
* Show changes in the input when selecting roles
* Exclude inherited roles from selection
* Increase menu height
* Change built-in role in input on select
* Include inherited roles to the built-in role selection
* refcator import
* Refactor role picker to be able to pass roles and builtin roles getters
* Add role picker to the org users page
* Show inherited builtin roles in the popup
* Filter out managed roles
* Fix displaying initial builtin roles
* Show tooltip only for non-builtin roles
* Set min width for focused input
* Do not disable inherited roles (by design)
* Only show picker if access control enabled
* Fix tests
* Only close menu on click outside or on indicator click
* Open submenu on hover
* Don't search on empty query
* Do not open/close menu on click
* Refactor
* Apply suggestions from code review
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* Fix formatting
* Apply suggestions
* Add more space for close menu sign
* Tune tooltip styles
* Move tooltip to the right side of option
* Use info sign instead of question
Co-authored-by: Clarity-89 <homes89@ukr.net>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* refactor licenseURL function to use context and export permission evaluation fction
* remove provisioning file
* refactor licenseURL to take in a bool to avoid circular dependencies
* remove function for appending nav link, as it was only used once and move the function to create admin node
* better argument names
* create a function for permission checking
* extend permission checking when displaying server stats
* enable the use of enterprise access control actions when evaluating permissions
* import ordering
* move licensing FGAC action definitions to models package to allow access from oss
* move evaluatePermissions for routes to context serve
* change permission evaluator to take in more permissions
* move licensing FGAC actions again to appease wire
* avoid index out of bounds issue in case no children are passed in when creating server admin node
* simplify syntax for permission checking
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* update loading state for server stats
* linting
* more linting
* fix test
* fix a frontend test
* update "licensing.reports:read" action naming
* UI doesn't allow reading only licensing reports and not the rest of licensing info
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
* add fixed role for datasource read operations
* Add action for datasource explore
* add authorize middleware to explore index route
* add fgac support for explore navlink
* update hasAccessToExplore to check if accesscontrol is enable and evalute action if it is
* add getExploreRoles to evalute roles based onaccesscontrol, viewersCanEdit and default
* create function to evaluate permissions or using fallback if accesscontrol is disabled
* change hasAccess to prop and derive the value in mapStateToProps
* add test case to ensure buttons is not rendered when user does not have access
* Only hide return with changes button
* remove internal links if user does not have access to explorer
Co-authored-by: Ivana Huckova <30407135+ivanahuckova@users.noreply.github.com>
