mirror of
https://github.com/grafana/grafana.git
synced 2025-02-20 11:48:34 -06:00
4982ca3b1d
* Add actions and scopes * add resource service for dashboard and folder * Add dashboard guardian with fgac permission evaluation * Add CanDelete function to guardian interface * Add CanDelete property to folder and dashboard dto and set values * change to correct function name * Add accesscontrol to folder endpoints * add access control to dashboard endpoints * check access for nav links * Add fixed roles for dashboard and folders * use correct package * add hack to override guardian Constructor if accesscontrol is enabled * Add services * Add function to handle api backward compatability * Add permissionServices to HttpServer * Set permission when new dashboard is created * Add default permission when creating new dashboard * Set default permission when creating folder and dashboard * Add access control filter for dashboard search * Add to accept list * Add accesscontrol to dashboardimport * Disable access control in tests * Add check to see if user is allow to create a dashboard * Use SetPermissions * Use function to set several permissions at once * remove permissions for folder and dashboard on delete * update required permission * set permission for provisioning * Add CanCreate to dashboard guardian and set correct permisisons for provisioning * Dont set admin on folder / dashboard creation * Add dashboard and folder permission migrations * Add tests for CanCreate * Add roles and update descriptions * Solve uid to id for dashboard and folder permissions * Add folder and dashboard actions to permission filter * Handle viewer_can_edit flag * set folder and dashboard permissions services * Add dashboard permissions when importing a new dashboard * Set access control permissions on provisioning * Pass feature flags and only set permissions if access control is enabled * only add default permissions for folders and dashboards without folders * Batch create permissions in migrations * Remove `dashboards:edit` action * Remove unused function from interface * Update pkg/services/guardian/accesscontrol_guardian_test.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
124 lines
4.0 KiB
Go
124 lines
4.0 KiB
Go
package migrations
|
|
|
|
import (
|
|
"os"
|
|
|
|
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
|
"github.com/grafana/grafana/pkg/services/sqlstore/migrations/accesscontrol"
|
|
"github.com/grafana/grafana/pkg/services/sqlstore/migrations/ualert"
|
|
. "github.com/grafana/grafana/pkg/services/sqlstore/migrator"
|
|
)
|
|
|
|
// --- Migration Guide line ---
|
|
// 1. Never change a migration that is committed and pushed to main
|
|
// 2. Always add new migrations (to change or undo previous migrations)
|
|
// 3. Some migrations are not yet written (rename column, table, drop table, index etc)
|
|
|
|
type OSSMigrations struct {
|
|
}
|
|
|
|
func ProvideOSSMigrations() *OSSMigrations {
|
|
return &OSSMigrations{}
|
|
}
|
|
|
|
func (*OSSMigrations) AddMigration(mg *Migrator) {
|
|
addMigrationLogMigrations(mg)
|
|
addUserMigrations(mg)
|
|
addTempUserMigrations(mg)
|
|
addStarMigrations(mg)
|
|
addOrgMigrations(mg)
|
|
addDashboardMigration(mg) // Do NOT add more migrations to this function.
|
|
addDataSourceMigration(mg)
|
|
addApiKeyMigrations(mg)
|
|
addDashboardSnapshotMigrations(mg)
|
|
addQuotaMigration(mg)
|
|
addAppSettingsMigration(mg)
|
|
addSessionMigration(mg)
|
|
addPlaylistMigrations(mg)
|
|
addPreferencesMigrations(mg)
|
|
addAlertMigrations(mg)
|
|
addAnnotationMig(mg)
|
|
addTestDataMigrations(mg)
|
|
addDashboardVersionMigration(mg)
|
|
addTeamMigrations(mg)
|
|
addDashboardAclMigrations(mg) // Do NOT add more migrations to this function.
|
|
addTagMigration(mg)
|
|
addLoginAttemptMigrations(mg)
|
|
addUserAuthMigrations(mg)
|
|
addServerlockMigrations(mg)
|
|
addUserAuthTokenMigrations(mg)
|
|
addCacheMigration(mg)
|
|
addShortURLMigrations(mg)
|
|
// TODO Delete when unified alerting is enabled by default unconditionally (Grafana v9)
|
|
if err := ualert.CheckUnifiedAlertingEnabledByDefault(mg); err != nil { // this should always go before any other ualert migration
|
|
mg.Logger.Error("failed to determine the status of alerting engine. Enable either legacy or unified alerting explicitly and try again", "err", err)
|
|
os.Exit(1)
|
|
}
|
|
ualert.AddTablesMigrations(mg)
|
|
ualert.AddDashAlertMigration(mg)
|
|
addLibraryElementsMigrations(mg)
|
|
if mg.Cfg != nil && mg.Cfg.IsFeatureToggleEnabled != nil {
|
|
if mg.Cfg.IsFeatureToggleEnabled(featuremgmt.FlagLiveConfig) {
|
|
addLiveChannelMigrations(mg)
|
|
}
|
|
if mg.Cfg.IsFeatureToggleEnabled(featuremgmt.FlagDashboardPreviews) {
|
|
addDashboardThumbsMigrations(mg)
|
|
}
|
|
}
|
|
|
|
ualert.RerunDashAlertMigration(mg)
|
|
addSecretsMigration(mg)
|
|
addKVStoreMigrations(mg)
|
|
ualert.AddDashboardUIDPanelIDMigration(mg)
|
|
accesscontrol.AddMigration(mg)
|
|
addQueryHistoryMigrations(mg)
|
|
|
|
if mg.Cfg != nil && mg.Cfg.IsFeatureToggleEnabled != nil {
|
|
if mg.Cfg.IsFeatureToggleEnabled(featuremgmt.FlagAccesscontrol) {
|
|
accesscontrol.AddTeamMembershipMigrations(mg)
|
|
accesscontrol.AddDashboardPermissionsMigrator(mg)
|
|
}
|
|
}
|
|
addQueryHistoryStarMigrations(mg)
|
|
|
|
if mg.Cfg != nil && mg.Cfg.IsFeatureToggleEnabled != nil {
|
|
if mg.Cfg.IsFeatureToggleEnabled(featuremgmt.FlagDashboardComments) || mg.Cfg.IsFeatureToggleEnabled(featuremgmt.FlagAnnotationComments) {
|
|
addCommentGroupMigrations(mg)
|
|
addCommentMigrations(mg)
|
|
}
|
|
}
|
|
}
|
|
|
|
func addMigrationLogMigrations(mg *Migrator) {
|
|
migrationLogV1 := Table{
|
|
Name: "migration_log",
|
|
Columns: []*Column{
|
|
{Name: "id", Type: DB_BigInt, IsPrimaryKey: true, IsAutoIncrement: true},
|
|
{Name: "migration_id", Type: DB_NVarchar, Length: 255},
|
|
{Name: "sql", Type: DB_Text},
|
|
{Name: "success", Type: DB_Bool},
|
|
{Name: "error", Type: DB_Text},
|
|
{Name: "timestamp", Type: DB_DateTime},
|
|
},
|
|
}
|
|
|
|
mg.AddMigration("create migration_log table", NewAddTableMigration(migrationLogV1))
|
|
}
|
|
|
|
func addStarMigrations(mg *Migrator) {
|
|
starV1 := Table{
|
|
Name: "star",
|
|
Columns: []*Column{
|
|
{Name: "id", Type: DB_BigInt, IsPrimaryKey: true, IsAutoIncrement: true},
|
|
{Name: "user_id", Type: DB_BigInt, Nullable: false},
|
|
{Name: "dashboard_id", Type: DB_BigInt, Nullable: false},
|
|
},
|
|
Indices: []*Index{
|
|
{Cols: []string{"user_id", "dashboard_id"}, Type: UniqueIndex},
|
|
},
|
|
}
|
|
|
|
mg.AddMigration("create star table", NewAddTableMigration(starV1))
|
|
mg.AddMigration("add unique index star.user_id_dashboard_id", NewAddIndexMigration(starV1, starV1.Indices[0]))
|
|
}
|