mirror of
https://github.com/grafana/grafana.git
synced 2024-11-26 02:40:26 -06:00
59bdff0280
* Add anonymous stats and user table - anonymous users users page - add feature toggle `anonymousAccess` - remove check for enterprise for `Device-Id` header in request - add anonusers/device count to stats * promise all, review comments * make use of promise all settled * refactoring: devices instead of users * review comments, moved countdevices to httpserver * fakeAnonService for tests and generate openapi spec * do not commit openapi3 and api-merged * add openapi * Apply suggestions from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * formatin * precise anon devices to avoid confusion --------- Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: jguer <me@jguer.space>
174 lines
4.9 KiB
Go
174 lines
4.9 KiB
Go
package api
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/grafana/grafana/pkg/api/response"
|
|
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
|
|
"github.com/grafana/grafana/pkg/services/auth/identity"
|
|
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
|
|
"github.com/grafana/grafana/pkg/services/stats"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
)
|
|
|
|
// swagger:route GET /admin/settings admin adminGetSettings
|
|
//
|
|
// Fetch settings.
|
|
//
|
|
// If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `settings:read` and scopes: `settings:*`, `settings:auth.saml:` and `settings:auth.saml:enabled` (property level).
|
|
//
|
|
// Security:
|
|
// - basic:
|
|
//
|
|
// Responses:
|
|
// 200: adminGetSettingsResponse
|
|
// 401: unauthorisedError
|
|
// 403: forbiddenError
|
|
func (hs *HTTPServer) AdminGetSettings(c *contextmodel.ReqContext) response.Response {
|
|
settings, err := hs.getAuthorizedSettings(c.Req.Context(), c.SignedInUser, hs.SettingsProvider.Current())
|
|
if err != nil {
|
|
return response.Error(http.StatusForbidden, "Failed to authorize settings", err)
|
|
}
|
|
return response.JSON(http.StatusOK, settings)
|
|
}
|
|
|
|
func (hs *HTTPServer) AdminGetVerboseSettings(c *contextmodel.ReqContext) response.Response {
|
|
bag := hs.SettingsProvider.CurrentVerbose()
|
|
if bag == nil {
|
|
return response.JSON(http.StatusNotImplemented, make(map[string]string))
|
|
}
|
|
|
|
verboseSettings, err := hs.getAuthorizedVerboseSettings(c.Req.Context(), c.SignedInUser, bag)
|
|
if err != nil {
|
|
return response.Error(http.StatusForbidden, "Failed to authorize settings", err)
|
|
}
|
|
return response.JSON(http.StatusOK, verboseSettings)
|
|
}
|
|
|
|
// swagger:route GET /admin/stats admin adminGetStats
|
|
//
|
|
// Fetch Grafana Stats.
|
|
//
|
|
// Only works with Basic Authentication (username and password). See introduction for an explanation.
|
|
// If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `server:stats:read`.
|
|
//
|
|
// Responses:
|
|
// 200: adminGetStatsResponse
|
|
// 401: unauthorisedError
|
|
// 403: forbiddenError
|
|
// 500: internalServerError
|
|
func (hs *HTTPServer) AdminGetStats(c *contextmodel.ReqContext) response.Response {
|
|
adminStats, err := hs.statsService.GetAdminStats(c.Req.Context(), &stats.GetAdminStatsQuery{})
|
|
if err != nil {
|
|
return response.Error(500, "Failed to get admin stats from database", err)
|
|
}
|
|
thirtyDays := 30 * 24 * time.Hour
|
|
devicesCount, err := hs.anonService.CountDevices(c.Req.Context(), time.Now().Add(-thirtyDays), time.Now().Add(time.Minute))
|
|
if err != nil {
|
|
return response.Error(500, "Failed to get anon stats from database", err)
|
|
}
|
|
adminStats.AnonymousStats.ActiveDevices = devicesCount
|
|
|
|
return response.JSON(http.StatusOK, adminStats)
|
|
}
|
|
|
|
func (hs *HTTPServer) getAuthorizedSettings(ctx context.Context, user identity.Requester, bag setting.SettingsBag) (setting.SettingsBag, error) {
|
|
eval := func(scope string) (bool, error) {
|
|
return hs.AccessControl.Evaluate(ctx, user, ac.EvalPermission(ac.ActionSettingsRead, scope))
|
|
}
|
|
|
|
ok, err := eval(ac.ScopeSettingsAll)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if ok {
|
|
return bag, nil
|
|
}
|
|
|
|
authorizedBag := make(setting.SettingsBag)
|
|
|
|
for section, keys := range bag {
|
|
ok, err := eval(ac.Scope("settings", section, "*"))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if ok {
|
|
authorizedBag[section] = keys
|
|
continue
|
|
}
|
|
|
|
for key := range keys {
|
|
ok, err := eval(ac.Scope("settings", section, key))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if ok {
|
|
if _, exists := authorizedBag[section]; !exists {
|
|
authorizedBag[section] = make(map[string]string)
|
|
}
|
|
authorizedBag[section][key] = bag[section][key]
|
|
}
|
|
}
|
|
}
|
|
return authorizedBag, nil
|
|
}
|
|
|
|
func (hs *HTTPServer) getAuthorizedVerboseSettings(ctx context.Context, user identity.Requester, bag setting.VerboseSettingsBag) (setting.VerboseSettingsBag, error) {
|
|
eval := func(scope string) (bool, error) {
|
|
return hs.AccessControl.Evaluate(ctx, user, ac.EvalPermission(ac.ActionSettingsRead, scope))
|
|
}
|
|
|
|
ok, err := eval(ac.ScopeSettingsAll)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if ok {
|
|
return bag, nil
|
|
}
|
|
|
|
authorizedBag := make(setting.VerboseSettingsBag)
|
|
|
|
for section, keys := range bag {
|
|
ok, err := eval(ac.Scope("settings", section, "*"))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if ok {
|
|
authorizedBag[section] = keys
|
|
continue
|
|
}
|
|
|
|
for key := range keys {
|
|
ok, err := eval(ac.Scope("settings", section, key))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if !ok {
|
|
continue
|
|
}
|
|
|
|
if _, exists := authorizedBag[section]; !exists {
|
|
authorizedBag[section] = make(map[string]map[setting.VerboseSourceType]string)
|
|
}
|
|
authorizedBag[section][key] = bag[section][key]
|
|
}
|
|
}
|
|
|
|
return authorizedBag, nil
|
|
}
|
|
|
|
// swagger:response adminGetSettingsResponse
|
|
type GetSettingsResponse struct {
|
|
// in:body
|
|
Body setting.SettingsBag `json:"body"`
|
|
}
|
|
|
|
// swagger:response adminGetStatsResponse
|
|
type GetStatsResponse struct {
|
|
// in:body
|
|
Body stats.AdminStats `json:"body"`
|
|
}
|