mirror of
https://github.com/grafana/grafana.git
synced 2025-02-15 01:53:33 -06:00
52220b2470
* refactor licenseURL function to use context and export permission evaluation fction * remove provisioning file * refactor licenseURL to take in a bool to avoid circular dependencies * remove function for appending nav link, as it was only used once and move the function to create admin node * better argument names * create a function for permission checking * extend permission checking when displaying server stats * enable the use of enterprise access control actions when evaluating permissions * import ordering * move licensing FGAC action definitions to models package to allow access from oss * move evaluatePermissions for routes to context serve * change permission evaluator to take in more permissions * move licensing FGAC actions again to appease wire * avoid index out of bounds issue in case no children are passed in when creating server admin node * simplify syntax for permission checking Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * update loading state for server stats * linting * more linting * fix test * fix a frontend test * update "licensing.reports:read" action naming * UI doesn't allow reading only licensing reports and not the rest of licensing info Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
150 lines
3.9 KiB
TypeScript
150 lines
3.9 KiB
TypeScript
import config from '../../core/config';
|
|
import { extend } from 'lodash';
|
|
import coreModule from 'app/core/core_module';
|
|
import { rangeUtil } from '@grafana/data';
|
|
import { AccessControlAction, UserPermission } from 'app/types';
|
|
|
|
export class User {
|
|
id: number;
|
|
isGrafanaAdmin: any;
|
|
isSignedIn: any;
|
|
orgRole: any;
|
|
orgId: number;
|
|
orgName: string;
|
|
login: string;
|
|
orgCount: number;
|
|
timezone: string;
|
|
fiscalYearStartMonth: number;
|
|
helpFlags1: number;
|
|
lightTheme: boolean;
|
|
hasEditPermissionInFolders: boolean;
|
|
email?: string;
|
|
permissions?: UserPermission;
|
|
|
|
constructor() {
|
|
this.id = 0;
|
|
this.isGrafanaAdmin = false;
|
|
this.isSignedIn = false;
|
|
this.orgRole = '';
|
|
this.orgId = 0;
|
|
this.orgName = '';
|
|
this.login = '';
|
|
this.orgCount = 0;
|
|
this.timezone = '';
|
|
this.fiscalYearStartMonth = 0;
|
|
this.helpFlags1 = 0;
|
|
this.lightTheme = false;
|
|
this.hasEditPermissionInFolders = false;
|
|
this.email = undefined;
|
|
if (config.bootData.user) {
|
|
extend(this, config.bootData.user);
|
|
}
|
|
}
|
|
}
|
|
|
|
export class ContextSrv {
|
|
pinned: any;
|
|
version: any;
|
|
user: User;
|
|
isSignedIn: any;
|
|
isGrafanaAdmin: any;
|
|
isEditor: any;
|
|
sidemenuSmallBreakpoint = false;
|
|
hasEditPermissionInFolders: boolean;
|
|
minRefreshInterval: string;
|
|
|
|
constructor() {
|
|
if (!config.bootData) {
|
|
config.bootData = { user: {}, settings: {} };
|
|
}
|
|
|
|
this.user = new User();
|
|
this.isSignedIn = this.user.isSignedIn;
|
|
this.isGrafanaAdmin = this.user.isGrafanaAdmin;
|
|
this.isEditor = this.hasRole('Editor') || this.hasRole('Admin');
|
|
this.hasEditPermissionInFolders = this.user.hasEditPermissionInFolders;
|
|
this.minRefreshInterval = config.minRefreshInterval;
|
|
}
|
|
|
|
/**
|
|
* Indicate the user has been logged out
|
|
*/
|
|
setLoggedOut() {
|
|
this.user.isSignedIn = false;
|
|
this.isSignedIn = false;
|
|
}
|
|
|
|
hasRole(role: string) {
|
|
return this.user.orgRole === role;
|
|
}
|
|
|
|
// Checks whether user has required permission
|
|
hasPermission(action: AccessControlAction | string): boolean {
|
|
// Fallback if access control disabled
|
|
if (!config.featureToggles['accesscontrol']) {
|
|
return true;
|
|
}
|
|
|
|
return !!this.user.permissions?.[action];
|
|
}
|
|
|
|
isGrafanaVisible() {
|
|
return document.visibilityState === undefined || document.visibilityState === 'visible';
|
|
}
|
|
|
|
// checks whether the passed interval is longer than the configured minimum refresh rate
|
|
isAllowedInterval(interval: string) {
|
|
if (!config.minRefreshInterval) {
|
|
return true;
|
|
}
|
|
return rangeUtil.intervalToMs(interval) >= rangeUtil.intervalToMs(config.minRefreshInterval);
|
|
}
|
|
|
|
getValidInterval(interval: string) {
|
|
if (!this.isAllowedInterval(interval)) {
|
|
return config.minRefreshInterval;
|
|
}
|
|
return interval;
|
|
}
|
|
|
|
hasAccessToExplore() {
|
|
if (config.featureToggles['accesscontrol']) {
|
|
return this.hasPermission(AccessControlAction.DataSourcesExplore);
|
|
}
|
|
return (this.isEditor || config.viewersCanEdit) && config.exploreEnabled;
|
|
}
|
|
|
|
hasAccess(action: string, fallBack: boolean) {
|
|
if (!config.featureToggles['accesscontrol']) {
|
|
return fallBack;
|
|
}
|
|
return this.hasPermission(action);
|
|
}
|
|
|
|
// evaluates access control permissions, granting access if the user has any of them; uses fallback if access control is disabled
|
|
evaluatePermission(fallback: () => string[], actions: string[]) {
|
|
if (!config.featureToggles['accesscontrol']) {
|
|
return fallback();
|
|
}
|
|
if (actions.some((action) => this.hasPermission(action))) {
|
|
return [];
|
|
}
|
|
// Hack to reject when user does not have permission
|
|
return ['Reject'];
|
|
}
|
|
}
|
|
|
|
let contextSrv = new ContextSrv();
|
|
export { contextSrv };
|
|
|
|
export const setContextSrv = (override: ContextSrv) => {
|
|
if (process.env.NODE_ENV !== 'test') {
|
|
throw new Error('contextSrv can be only overriden in test environment');
|
|
}
|
|
contextSrv = override;
|
|
};
|
|
|
|
coreModule.factory('contextSrv', () => {
|
|
return contextSrv;
|
|
});
|