Commit Graph

57 Commits

Author SHA1 Message Date
Marcus Efraimsson
7e6db1ee7e
Permissions: Fix inherited folder permissions can prevent new permissions being added to a dashboard (#33329)
In the case permissions has been added on dashboard(s). Later permissions for the 
parent folder of the dashboard is edited in such a way that dashboard in that folder 
has a permission that is a duplicate of an inherited one. This PR changes so that 
duplicate permissions are now filtered out from /api/dashboards/id/<dashboard id>/permissions.
Duplicate permission are not filtered out if the permission on dashboard is higher 
than on the inherited folder.

Fixes #33296

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-04-28 14:42:18 +02:00
Arve Knudsen
f55818ca70
Chore: Enable exhaustive linter (#29458)
* Chore: Enable exhaustive linter

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-12-01 09:53:27 +01:00
Agnès Toulet
22788d1d86
Add an option to hide certain users in the UI (#28942)
* Add an option to hide certain users in the UI

* revert changes for admin users routes

* fix sqlstore function name

* Improve slice management

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* Hidden users: convert slice to map

* filter with user logins instead of IDs

* put HiddenUsers in Cfg struct

* hide hidden users from dashboards/folders permissions list

* Update conf/defaults.ini

Co-authored-by: Torkel Ödegaard <torkel@grafana.com>

* fix params order

* fix tests

* fix dashboard/folder update with hidden user

* add team tests

* add dashboard and folder permissions tests

* fixes after merge

* fix tests

* API: add test for org users endpoints

* update hidden users management for dashboard / folder permissions

* improve dashboard / folder permissions tests

* fixes after merge

* Guardian: add hidden acl tests

* API: add team members tests

* fix team sql syntax for postgres

* api tests update

* fix linter error

* fix tests errors after merge

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
2020-11-24 12:10:32 +01:00
Arve Knudsen
4c47fc56bb
Guardian: Rewrite tests from goconvey (#29292)
* Guardian: Rewrite tests from goconvey

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/services/guardian/guardian_test.go

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-24 11:36:00 +01:00
Arve Knudsen
9593d57914
Chore: Enable errorlint linter (#29227)
* Enable errorlint linter
* Handle wrapped errors

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2020-11-19 14:47:17 +01:00
Arve Knudsen
52c154a221
Backend: Rename variables for style conformance (#29097)
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-17 17:09:14 +01:00
Arve Knudsen
4dd7b7a82d
Chore: Remove unused Go code (#28852)
* Chore: Remove more unused Go code

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-17 11:51:31 +01:00
Arve Knudsen
676d393ec9
Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866)
* Chore: Fix issues reported by staticcheck

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Apply suggestions from code review

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2020-11-05 15:37:11 +01:00
Arve Knudsen
7897c6b7d5
Chore: Fix staticcheck issues (#28854)
* Chore: Fix issues reported by staticcheck

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Undo changes

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-05 11:57:20 +01:00
Arve Knudsen
d4e4cb4c71
Chore: Enable Go linter gocritic (#26224)
* Chore: Enable gocritic linter

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-07-16 14:39:01 +02:00
Arve Knudsen
3651a8e976
Chore: Disable scopelint for tests (#25923)
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-06-30 11:05:47 +02:00
Arve Knudsen
d1e6214a4a
Chore: Enable scopelint Go linter (#25896)
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-06-29 17:04:38 +02:00
Arve Knudsen
07582a8e85
Chore: Fix various spelling errors in back-end code (#25241)
* Chore: Fix various spelling errors in back-end code
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>>
2020-06-01 17:11:25 +02:00
Carl Bergquist
f9962eabff
chore: avoid aliasing imports in services (#22499) 2020-02-29 13:35:15 +01:00
zhulongcheng
2fff8f77dc move log package to /infra (#17023)
ref #14679

Signed-off-by: zhulongcheng <zhulongcheng.me@gmail.com>
2019-05-13 08:45:54 +02:00
Marcus Efraimsson
b371f2d91f
add debug logging of folder/dashbord permission checks 2018-10-23 11:08:57 +02:00
Torkel Ödegaard
c03764ff8a
Refactor team pages to react & design change (#12574)
* Rewriting team pages in react

* teams to react progress

* teams: getting team by id returns same DTO as search, needed for AvatarUrl

* teams: progress on new team pages

* fix: team test

* listing team members and removing team members now works

* teams: team member page now works

* ux: fixed adding team member issue

* refactoring TeamPicker to conform to react coding styles better

* teams: very close to being done with team page rewrite

* minor style tweak

* ux: polish to team pages

* feature: team pages in react & everything working

* fix: removed flickering when changing tabs by always rendering PageHeader
2018-07-11 11:23:07 -07:00
Marcus Efraimsson
5377ad4e96
remove unused argument in default scenario of guardian test 2018-06-19 12:34:34 +02:00
Torkel Ödegaard
24d0b43e62 fix: fixed permission issue with api key with viewer role in dashboards with default permissions 2018-06-19 11:10:17 +02:00
Mario Trangoni
6eb00000fe pkg/services: fix ineffassign issues 2018-04-23 19:28:54 +02:00
Marcus Efraimsson
d86ed679b1
return inherited property for permissions 2018-04-23 09:23:14 +02:00
Daniel Lee
b3acbb9995
Merge pull request #11526 from grafana/11173_folder_admin
A folder admin should be able to add permissions for folder/its dashboards
2018-04-17 13:42:38 +02:00
Mario Trangoni
91fb2e07ce pkg: fix codespell issues 2018-04-13 20:31:29 +02:00
Marcus Efraimsson
f3e1557761
guardian: when updating permissions should verify existing permissions
Before in CheckPermissionBeforeUpdate, access was verified for updated
permissions. Now access is verified for existing permissions.
Refactored guardian tests to cover more test cases for org admin, editor
and viewer roles
2018-04-08 15:06:22 +02:00
Marcus Efraimsson
f44e476580 permissions: fix validation of permissions before update
Did a bad pointer comparison so extended the tests for duplicate permissions.
2018-02-28 08:48:28 +01:00
Marcus Efraimsson
f76b98d252 dashboards: change dashboard/folder permission error messages 2018-02-27 16:04:45 +01:00
Marcus Efraimsson
955dfcc8fe dashboards: don't allow override of permissions with a lower precedence
If a dashboard inherits permissions from a folder, don't allow same permission to be added
to the dashboard with a lower permission.
Add backend validation so that you cannot add same permission to folder/dashboard, for example
same user/team with different permissions
2018-02-27 16:04:45 +01:00
Marcus Efraimsson
02278f90a7 dashboards: make fake dashboard guardian available to other packages 2018-02-20 18:08:19 +01:00
Marcus Efraimsson
53cd39fde5 Shouldn't be able to overwrite a dashboard if you don't have permissions (#10900)
* dashboards: new command for validating dashboard before update

Removes validation logic from saveDashboard and later on use the new command for validating
dashboard before saving a dashboard. This due to the fact that we need to validate permissions
for overwriting other dashboards by uid and title.

* dashboards: use the new command for validating dashboard before saving

Had to refactor dashboard provisioning a bit to be able to sidetrack the permission validation
in a somewhat reasonable way.
Adds some initial tests of the dashboard repository, but needs to be extended later. At least
now you can mock the dashboard guardian

* dashboards: removes validation logic in the save dashboard api layer

Use the dashboard repository solely for create/update dashboards and let it do all
the validation. One exception regarding quota validation which still is in api layer
since that logic is in a macaron middleware.
Need to move out-commented api tests later.

* dashboards: fix database tests for validate and saving dashboards

* dashboards: rename dashboard repository to dashboard service

Split the old dashboard repository interface in two new interfaces, IDashboardService and
IDashboardProvisioningService. Makes it more explicit when using it from the provisioning package
and there's no possibility of calling an incorrect method for saving a dashboard.

* database: make the InitTestDB function available to use from other packages

* dashboards: rename ValidateDashboardForUpdateCommand and some refactoring

* dashboards: integration tests of dashboard service

* dashboard: fix sqlstore test due to folder exist validation

* dashboards: move dashboard service integration tests to sqlstore package

Had to move it to the sqlstore package due to concurrency problems when running
against mysql and postgres. Using InitTestDB from two packages added conflicts
when clearing and running migrations on the test database

* dashboards: refactor how to find id to be used for save permission check

* dashboards: remove duplicated dashboard tests

* dashboards: cleanup dashboard service integration tests

* dashboards: handle save dashboard errors and return correct http status

* fix: remove log statement

* dashboards: import dashboard should use dashboard service

Had to move alerting commands to models package due to problems with import cycles of packages.

* dashboards: cleanup dashboard api tests and add some tests for post dashboard

* dashboards: rename dashboard service interfaces

* dashboards: rename dashboard guardian interface
2018-02-19 11:12:56 +01:00
Torkel Ödegaard
fcaa8227a6
Dashboard acl query fixes (#10909)
* initial fixes for dashboard permission acl list query, fixes #10864

* permissions: refactoring of acl api and query
2018-02-14 15:04:26 +01:00
Marcus Efraimsson
e1e0b5f951 teams: use orgId in all team and team member operations (#10862)
Also fixes issue in org users tests for postgres
2018-02-09 17:26:15 +01:00
Daniel Lee
5ee2d1de05 dashfolders: select with description for permissions
The dropdown for selecting permission is a new component built on
react-select that includes a description for the permission for
every option in the select.
2018-01-29 13:56:12 +01:00
Daniel Lee
f64637c2c5 dashfolders: stop user locking themselves out of a folder 2018-01-18 14:30:04 +01:00
Torkel Ödegaard
a8a5f8181b fix: viewers can edit now works correctly 2017-12-15 14:19:49 +01:00
Torkel Ödegaard
a7645b710d Merge remote-tracking branch 'origin/master' into develop 2017-12-13 19:18:10 +01:00
Alexander Zobnin
d8612380e9 refactor: rename User Groups to Teams 2017-12-08 18:25:45 +03:00
Torkel Ödegaard
aa634402d9 dashboard acl fixes 2017-06-22 17:43:55 -04:00
Torkel Ödegaard
545b02139d Merge branch 'dashboard_folders' of github.com:grafana/grafana into dashboard_folders 2017-06-22 17:11:39 -04:00
Torkel Ödegaard
9c6c8c0f3f acl fixes 2017-06-22 17:10:43 -04:00
Daniel Lee
1d43bfbf3f dashfolders: new admin permission needed to view/change acl 2017-06-22 23:01:04 +02:00
Torkel Ödegaard
659a59107e dashboard acl stuff 2017-06-21 19:23:24 -04:00
Torkel Ödegaard
fcc8557dbb dashboard acl work 2017-06-21 14:11:16 -04:00
Torkel Ödegaard
43ffe826fa dashboard acl work 2017-06-20 17:18:20 -04:00
Torkel Ödegaard
74840178cf refactoring dashboard folder security checks 2017-06-19 15:22:42 -04:00
Torkel Ödegaard
f7194878fe dashboard guardian refactoring starting to work 2017-06-19 13:47:44 -04:00
Torkel Ödegaard
d6341162cb refactoring dashboad folder acl checks 2017-06-19 11:54:37 -04:00
Torkel Ödegaard
b494fd7689 dashboard folders acl work 2017-06-19 11:03:54 -04:00
Torkel Ödegaard
cbbbccf12a refactoring dashoard folder guardian 2017-06-17 18:24:38 -04:00
Torkel Ödegaard
3fe031d25d refactoring: Dashboard guardian 2017-06-16 21:25:24 -04:00
Daniel Lee
5cf63e3726 WIP: remove unused test file 2017-06-17 03:21:08 +02:00