mirror of
https://github.com/grafana/grafana.git
synced 2025-01-18 20:43:26 -06:00
60bc3e4e5c
* Only require create and permissions for new data source page * Let users with permissions to create data sources list non-core plugins * Keep the admin check as fallback when using rbac as well
48 lines
1.6 KiB
Go
48 lines
1.6 KiB
Go
package datasources
|
|
|
|
import "github.com/grafana/grafana/pkg/services/accesscontrol"
|
|
|
|
const (
|
|
ScopeRoot = "datasources"
|
|
ScopePrefix = ScopeRoot + ":uid:"
|
|
|
|
ActionRead = "datasources:read"
|
|
ActionQuery = "datasources:query"
|
|
ActionCreate = "datasources:create"
|
|
ActionWrite = "datasources:write"
|
|
ActionDelete = "datasources:delete"
|
|
ActionIDRead = "datasources.id:read"
|
|
ActionPermissionsRead = "datasources.permissions:read"
|
|
ActionPermissionsWrite = "datasources.permissions:write"
|
|
)
|
|
|
|
var (
|
|
ScopeID = accesscontrol.Scope("datasources", "id", accesscontrol.Parameter(":datasourceId"))
|
|
ScopeAll = accesscontrol.GetResourceAllScope(ScopeRoot)
|
|
ScopeProvider = accesscontrol.NewScopeProvider(ScopeRoot)
|
|
)
|
|
|
|
var (
|
|
// ConfigurationPageAccess is used to protect the "Configure > Data sources" tab access
|
|
ConfigurationPageAccess = accesscontrol.EvalAll(
|
|
accesscontrol.EvalPermission(ActionRead),
|
|
accesscontrol.EvalAny(
|
|
accesscontrol.EvalPermission(ActionCreate),
|
|
accesscontrol.EvalPermission(ActionDelete),
|
|
accesscontrol.EvalPermission(ActionWrite),
|
|
),
|
|
)
|
|
|
|
// NewPageAccess is used to protect the "Configure > Data sources > New" page access
|
|
NewPageAccess = accesscontrol.EvalAll(
|
|
accesscontrol.EvalPermission(ActionRead),
|
|
accesscontrol.EvalPermission(ActionCreate),
|
|
)
|
|
|
|
// EditPageAccess is used to protect the "Configure > Data sources > Edit" page access
|
|
EditPageAccess = accesscontrol.EvalAll(
|
|
accesscontrol.EvalPermission(ActionRead),
|
|
accesscontrol.EvalPermission(ActionWrite),
|
|
)
|
|
)
|