Commit Graph

17 Commits

Author SHA1 Message Date
Vardan Torosyan
1d15686bdf
Access control: Add a role for provisioning admins (#33787) 2021-05-10 11:46:42 +02:00
Emil Tullstedt
4496ae496e
Access control: Clean up users scopes (#33532)
Following discussion in grafana/grafana-enterprise#1292, removing
org-scoped users scopes to make it clear that the local organization is
the default and the alternative to that is a global scope (for a select
few endpoints)
2021-05-03 10:27:12 +02:00
Emil Tullstedt
840828b5d2
Access control: Allow empty scope requirement lists (#33518) 2021-04-29 13:22:13 +02:00
Vardan Torosyan
5bf6d7dad8
Access control: Update evaluator to authorize when at least one of the scopes is a match (#33393) 2021-04-27 18:22:18 +02:00
Vardan Torosyan
bf83fb80b7
Access control: Combine permissions through predefined roles (#33275)
* Access control: Combine permissions through predefined roles

When certain permission is required for built-in role, instead of adding those permissions to the existing predefined roles, we need to have granular predefined roles with those permissions.

* Better copy...

* Adding and fixing tests

* Remove duplicated permission
2021-04-23 15:44:42 +02:00
Alexander Zobnin
dd9f701cd9
Access control: Fix predefined roles (#33260) 2021-04-22 12:49:24 +02:00
Alexander Zobnin
a7e721e987
Access control: Make Admin/Users UI working with the permissions (#33176)
* API: authorize admin/users views

* Render admin/users components based on user's permissions

* Add LDAP permissions (required by admin/user page)

* Extend default admin role by LDAP permissions

* Show/hide LDAP debug views

* Render LDAP debug page if user has access

* Authorize LDAP debug view

* fix permissions definitions

* Add LDAP page permissions

* remove ambiguous permissions check

* Hide logout buttons in sessions table

* Add org/users permissions

* Use org permissions for managing user roles in orgs

* Apply permissions to org/users

* Apply suggestions from review

* Fix tests

* remove scopes from the frontend

* Tweaks according to review

* Handle /invites endpoints
2021-04-22 13:19:41 +03:00
Alexander Zobnin
41f6af96c4
Access control: Build navigation links with access control (#33024)
* Build nav links with access control

* Break up getNavTree (reduce cyclomatic complexity)

* Fix tests

* Use only ActionUsersRead permissions

* Remove unused permissions definitions

* Chore: remove unused fallbacks

* Fix linter error
2021-04-19 12:23:29 +03:00
Alexander Zobnin
8b843eb0a6
Access control: expose permissions to the frontend (#32954)
* Expose user permissions to the frontend

* Do not include empty scope

* Extend ContextSrv with hasPermission() method

* Add access control types

* Fix type error (make permissions optional)

* Fallback if access control disabled

* Move UserPermission to types

* Simplify hasPermission()
2021-04-16 16:02:16 +03:00
Vardan Torosyan
9f82eac833
Access control: Add access control based permissions to admins/users (#32409)
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2021-04-14 16:31:27 +02:00
Alexander Zobnin
7ea58f9cf5
Access Control: Move database-related models to enterprise (#32907)
* Move database-related models to enterprise

* Chore: use GetUserBuiltInRoles() method

* Rename permission to action
2021-04-13 16:28:11 +03:00
Alexander Zobnin
7a68852aa7
Chore: move errors to enterprise (#32753) 2021-04-07 17:33:08 +03:00
Alexander Zobnin
823f0bc460
Access Control: move features to Enterprise (#32640)
* Move db package WIP

* Implement OSS access control

* Register OSS access control

* Fix linter error in tests

* Fix linter error in evaluator

* Simplify OSS tests

* Optimize builtin roles

* Chore: add comments to the exported functions

* Remove init from ossaccesscontrol package (moved to ext)

* Add access control as a dependency for http server

* Modify middleware to receive fallback function

* Middleware: refactor fallback function call

* Move unused models to enterprise

* Simplify AccessControl type

* Chore: use bool IsDisabled() method instead of CanBeDisabled interface
2021-04-06 16:49:09 +03:00
Alexander Zobnin
4af817de2e
Fix access control store init (#32594) 2021-04-01 14:31:56 +02:00
Alexander Zobnin
784425c2ee
Fix access control service init (#32492)
* Fix access control service init

* Chore: use assert from testify package
2021-03-30 15:14:43 +02:00
Alexander Zobnin
20f6ba5ba4
Access-control: use role UID when adding/removing roles (#32438) 2021-03-29 17:36:48 +02:00
Alexander Zobnin
20bd591bea
Access control: Basic structure and functionality behind feature toggle (#31893)
Co-authored-by: Alexander Zobnin <alexander.zobnin@grafana.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Arve Knudsen <arve.knudsen@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@grafana.com>
2021-03-22 13:22:48 +01:00