mirror of
https://github.com/grafana/grafana.git
synced 2025-02-16 18:34:52 -06:00
cac6936015
* Add ResourceAttribute * Add ResourceAttribute option * Set ResourceAttribute option * Change resolvers to return uid based scopes * update swagger to correct scope * use ResourceAttribute for endpoint scope * bump role version * Add support for different attributes for access control metadata * evaluate data source metadata based on uid * Fix test * uncomment benchmarks * Use resourceID * use evaluator for access control metadata * update comment * Set default permissions based on uid * Add attribute to accesscontrol filter * validate that scopes has correct attribute * lint * Update comment * remove attribute parameter and extend prefix * refactor to use scope prefix * Get metadata with prefix * fix test * fix comparision * remove unused type * fix attribute index * fix typo * restructure logic * Get metadata by uid * fix imports Co-authored-by: jguer <joao.guerreiro@grafana.com>
49 lines
1.6 KiB
Go
49 lines
1.6 KiB
Go
package datasources
|
|
|
|
import "github.com/grafana/grafana/pkg/services/accesscontrol"
|
|
|
|
const (
|
|
ScopeRoot = "datasources"
|
|
ScopePrefix = ScopeRoot + ":uid:"
|
|
|
|
ActionRead = "datasources:read"
|
|
ActionQuery = "datasources:query"
|
|
ActionCreate = "datasources:create"
|
|
ActionWrite = "datasources:write"
|
|
ActionDelete = "datasources:delete"
|
|
ActionIDRead = "datasources.id:read"
|
|
ActionPermissionsRead = "datasources.permissions:read"
|
|
ActionPermissionsWrite = "datasources.permissions:write"
|
|
)
|
|
|
|
var (
|
|
ScopeID = accesscontrol.Scope("datasources", "id", accesscontrol.Parameter(":datasourceId"))
|
|
ScopeAll = accesscontrol.GetResourceAllScope(ScopeRoot)
|
|
ScopeProvider = accesscontrol.NewScopeProvider(ScopeRoot)
|
|
)
|
|
|
|
var (
|
|
// ConfigurationPageAccess is used to protect the "Configure > Data sources" tab access
|
|
ConfigurationPageAccess = accesscontrol.EvalAll(
|
|
accesscontrol.EvalPermission(ActionRead),
|
|
accesscontrol.EvalAny(
|
|
accesscontrol.EvalPermission(ActionCreate),
|
|
accesscontrol.EvalPermission(ActionDelete),
|
|
accesscontrol.EvalPermission(ActionWrite),
|
|
),
|
|
)
|
|
|
|
// NewPageAccess is used to protect the "Configure > Data sources > New" page access
|
|
NewPageAccess = accesscontrol.EvalAll(
|
|
accesscontrol.EvalPermission(ActionRead),
|
|
accesscontrol.EvalPermission(ActionCreate),
|
|
accesscontrol.EvalPermission(ActionWrite),
|
|
)
|
|
|
|
// EditPageAccess is used to protect the "Configure > Data sources > Edit" page access
|
|
EditPageAccess = accesscontrol.EvalAll(
|
|
accesscontrol.EvalPermission(ActionRead),
|
|
accesscontrol.EvalPermission(ActionWrite),
|
|
)
|
|
)
|