In the case permissions has been added on dashboard(s). Later permissions for the
parent folder of the dashboard is edited in such a way that dashboard in that folder
has a permission that is a duplicate of an inherited one. This PR changes so that
duplicate permissions are now filtered out from /api/dashboards/id/<dashboard id>/permissions.
Duplicate permission are not filtered out if the permission on dashboard is higher
than on the inherited folder.
Fixes#33296
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Add an option to hide certain users in the UI
* revert changes for admin users routes
* fix sqlstore function name
* Improve slice management
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Hidden users: convert slice to map
* filter with user logins instead of IDs
* put HiddenUsers in Cfg struct
* hide hidden users from dashboards/folders permissions list
* Update conf/defaults.ini
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
* fix params order
* fix tests
* fix dashboard/folder update with hidden user
* add team tests
* add dashboard and folder permissions tests
* fixes after merge
* fix tests
* API: add test for org users endpoints
* update hidden users management for dashboard / folder permissions
* improve dashboard / folder permissions tests
* fixes after merge
* Guardian: add hidden acl tests
* API: add team members tests
* fix team sql syntax for postgres
* api tests update
* fix linter error
* fix tests errors after merge
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
* Rewriting team pages in react
* teams to react progress
* teams: getting team by id returns same DTO as search, needed for AvatarUrl
* teams: progress on new team pages
* fix: team test
* listing team members and removing team members now works
* teams: team member page now works
* ux: fixed adding team member issue
* refactoring TeamPicker to conform to react coding styles better
* teams: very close to being done with team page rewrite
* minor style tweak
* ux: polish to team pages
* feature: team pages in react & everything working
* fix: removed flickering when changing tabs by always rendering PageHeader
Before in CheckPermissionBeforeUpdate, access was verified for updated
permissions. Now access is verified for existing permissions.
Refactored guardian tests to cover more test cases for org admin, editor
and viewer roles
If a dashboard inherits permissions from a folder, don't allow same permission to be added
to the dashboard with a lower permission.
Add backend validation so that you cannot add same permission to folder/dashboard, for example
same user/team with different permissions
* dashboards: new command for validating dashboard before update
Removes validation logic from saveDashboard and later on use the new command for validating
dashboard before saving a dashboard. This due to the fact that we need to validate permissions
for overwriting other dashboards by uid and title.
* dashboards: use the new command for validating dashboard before saving
Had to refactor dashboard provisioning a bit to be able to sidetrack the permission validation
in a somewhat reasonable way.
Adds some initial tests of the dashboard repository, but needs to be extended later. At least
now you can mock the dashboard guardian
* dashboards: removes validation logic in the save dashboard api layer
Use the dashboard repository solely for create/update dashboards and let it do all
the validation. One exception regarding quota validation which still is in api layer
since that logic is in a macaron middleware.
Need to move out-commented api tests later.
* dashboards: fix database tests for validate and saving dashboards
* dashboards: rename dashboard repository to dashboard service
Split the old dashboard repository interface in two new interfaces, IDashboardService and
IDashboardProvisioningService. Makes it more explicit when using it from the provisioning package
and there's no possibility of calling an incorrect method for saving a dashboard.
* database: make the InitTestDB function available to use from other packages
* dashboards: rename ValidateDashboardForUpdateCommand and some refactoring
* dashboards: integration tests of dashboard service
* dashboard: fix sqlstore test due to folder exist validation
* dashboards: move dashboard service integration tests to sqlstore package
Had to move it to the sqlstore package due to concurrency problems when running
against mysql and postgres. Using InitTestDB from two packages added conflicts
when clearing and running migrations on the test database
* dashboards: refactor how to find id to be used for save permission check
* dashboards: remove duplicated dashboard tests
* dashboards: cleanup dashboard service integration tests
* dashboards: handle save dashboard errors and return correct http status
* fix: remove log statement
* dashboards: import dashboard should use dashboard service
Had to move alerting commands to models package due to problems with import cycles of packages.
* dashboards: cleanup dashboard api tests and add some tests for post dashboard
* dashboards: rename dashboard service interfaces
* dashboards: rename dashboard guardian interface
The dropdown for selecting permission is a new component built on
react-select that includes a description for the permission for
every option in the select.