mirror of
https://github.com/grafana/grafana.git
synced 2024-11-29 12:14:08 -06:00
18f5f763a9
* protect /connection url paths with permissions These permissions match the original ones at /datasources and /plugins * add Connections section to navtree only if user has permissions This commit works only when the easystart plugin is not present. I'll see what I can do when it is present in the next commit(s). * update datasources page permissions The datasources page have Explore buttons on datasource entries, therefore it makes sense to show this page for those, who can't edit or create datasources but have explore permissions. This applies for the traditional Editor role. * DataSourcesList: link to edit page only if has right to write If the user doesn't have rights to write datasources, then it's better to not create a link from cards to the edit page. This way they won't see the configuration of the data sources either, which is a desirable outcome. Also, I moved the query for DataSourcesExplore permission out from the DataSourcesListView component in the DataSourcesList component, next to the other permission queries - for the sake of consistency. * fix permissions for connect data This way it matches the permissions of the "Plugins" page. * fix applinks test
51 lines
1.7 KiB
Go
51 lines
1.7 KiB
Go
package datasources
|
|
|
|
import "github.com/grafana/grafana/pkg/services/accesscontrol"
|
|
|
|
const (
|
|
ScopeRoot = "datasources"
|
|
ScopePrefix = ScopeRoot + ":uid:"
|
|
|
|
ActionRead = "datasources:read"
|
|
ActionQuery = "datasources:query"
|
|
ActionCreate = "datasources:create"
|
|
ActionWrite = "datasources:write"
|
|
ActionDelete = "datasources:delete"
|
|
ActionIDRead = "datasources.id:read"
|
|
ActionPermissionsRead = "datasources.permissions:read"
|
|
ActionPermissionsWrite = "datasources.permissions:write"
|
|
)
|
|
|
|
var (
|
|
ScopeID = accesscontrol.Scope("datasources", "id", accesscontrol.Parameter(":datasourceId"))
|
|
ScopeAll = accesscontrol.GetResourceAllScope(ScopeRoot)
|
|
ScopeProvider = accesscontrol.NewScopeProvider(ScopeRoot)
|
|
)
|
|
|
|
var (
|
|
// ConfigurationPageAccess is used to protect the "Configure > Data sources" tab access
|
|
ConfigurationPageAccess = accesscontrol.EvalAny(
|
|
accesscontrol.EvalPermission(accesscontrol.ActionDatasourcesExplore),
|
|
accesscontrol.EvalAll(
|
|
accesscontrol.EvalPermission(ActionRead),
|
|
accesscontrol.EvalAny(
|
|
accesscontrol.EvalPermission(ActionCreate),
|
|
accesscontrol.EvalPermission(ActionDelete),
|
|
accesscontrol.EvalPermission(ActionWrite),
|
|
),
|
|
),
|
|
)
|
|
|
|
// NewPageAccess is used to protect the "Configure > Data sources > New" page access
|
|
NewPageAccess = accesscontrol.EvalAll(
|
|
accesscontrol.EvalPermission(ActionRead),
|
|
accesscontrol.EvalPermission(ActionCreate),
|
|
)
|
|
|
|
// EditPageAccess is used to protect the "Configure > Data sources > Edit" page access
|
|
EditPageAccess = accesscontrol.EvalAll(
|
|
accesscontrol.EvalPermission(ActionRead),
|
|
accesscontrol.EvalPermission(ActionWrite),
|
|
)
|
|
)
|