mirror of
https://github.com/grafana/grafana.git
synced 2024-12-01 21:19:28 -06:00
5975c4bc6d
* RBAC: Allow app plugins restriction Co-authored-by: Kalle Persson <kalle.persson@grafana.com> * Fix tests * Imports * WIP * Adding RBAC to AppPluginsRoutes * Switching middleware order * Restrict access to resources * Nit * Cosmetic changes * Fix fallback * Moving declaration to HttpServer Co-Authored-By: marefr <marcus.efraimsson@gmail.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: marefr <marcus.efraimsson@gmail.com>
31 lines
802 B
Go
31 lines
802 B
Go
package plugins
|
|
|
|
import (
|
|
"github.com/grafana/grafana/pkg/models"
|
|
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
|
|
)
|
|
|
|
const (
|
|
ActionAppAccess = "plugins.app:access"
|
|
)
|
|
|
|
var (
|
|
ScopeProvider = ac.NewScopeProvider("plugins")
|
|
)
|
|
|
|
func DeclareRBACRoles(acService ac.AccessControl) error {
|
|
AppPluginsReader := ac.RoleRegistration{
|
|
Role: ac.RoleDTO{
|
|
Name: ac.FixedRolePrefix + "plugins.app:reader",
|
|
DisplayName: "Application Plugins Access",
|
|
Description: "Access application plugins (still enforcing the organization role)",
|
|
Group: "Plugins",
|
|
Permissions: []ac.Permission{
|
|
{Action: ActionAppAccess, Scope: ScopeProvider.GetResourceAllScope()},
|
|
},
|
|
},
|
|
Grants: []string{string(models.ROLE_VIEWER)},
|
|
}
|
|
return acService.DeclareFixedRoles(AppPluginsReader)
|
|
}
|