IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
fb1c31e1b6
grafana/pkg/api/roles.go
Gabriel MABILLE 9f29241a0c
AccessControl: add one-dimensional permissions to datasources (#38070) 
* AccessControl: add one-dimensional permissions to datasources in the backend

* AccessControl: add one-dimensional permissions to datasources in the frontend (#38080)

Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
2021-09-01 15:18:17 +02:00

93 lines
2.6 KiB
Go
Raw Blame History

package api
import (
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/accesscontrol"
)
// API related actions
const (
ActionProvisioningReload = "provisioning:reload"
ActionDatasourcesRead = "datasources:read"
ActionDatasourcesCreate = "datasources:create"
ActionDatasourcesWrite = "datasources:write"
ActionDatasourcesDelete = "datasources:delete"
ActionDatasourcesIDRead = "datasources:id:read"
)
// API related scopes
const (
ScopeProvisionersAll = "provisioners:*"
ScopeProvisionersDashboards = "provisioners:dashboards"
ScopeProvisionersPlugins = "provisioners:plugins"
ScopeProvisionersDatasources = "provisioners:datasources"
ScopeProvisionersNotifications = "provisioners:notifications"
ScopeDatasourcesAll = `datasources:*`
ScopeDatasourceID = `datasources:id:{{ index . ":id" }}`
ScopeDatasourceUID = `datasources:uid:{{ index . ":uid" }}`
ScopeDatasourceName = `datasources:name:{{ index . ":name" }}`
)
// declareFixedRoles declares to the AccessControl service fixed roles and their
// grants to organization roles ("Viewer", "Editor", "Admin") or "Grafana Admin"
// that HTTPServer needs
func (hs *HTTPServer) declareFixedRoles() error {
registrations := []accesscontrol.RoleRegistration{
{
Role: accesscontrol.RoleDTO{
Version: 1,
Name: "fixed:provisioning:admin",
Description: "Reload provisioning configurations",
Permissions: []accesscontrol.Permission{
{
Action: ActionProvisioningReload,
Scope: ScopeProvisionersAll,
},
},
},
Grants: []string{accesscontrol.RoleGrafanaAdmin},
},
{
Role: accesscontrol.RoleDTO{
Version: 1,
Name: "fixed:datasources:admin",
Description: "Gives access to create, read, update, delete datasources",
Permissions: []accesscontrol.Permission{
{
Action: ActionDatasourcesRead,
Scope: ScopeDatasourcesAll,
},
{
Action: ActionDatasourcesWrite,
Scope: ScopeDatasourcesAll,
},
{Action: ActionDatasourcesCreate},
{
Action: ActionDatasourcesDelete,
Scope: ScopeDatasourcesAll,
},
},
},
Grants: []string{string(models.ROLE_ADMIN)},
},
{
Role: accesscontrol.RoleDTO{
Version: 1,
Name: "fixed:datasources:id:viewer",
Description: "Gives access to read datasources ID",
Permissions: []accesscontrol.Permission{
{
Action: ActionDatasourcesIDRead,
Scope: ScopeDatasourcesAll,
},
},
},
Grants: []string{string(models.ROLE_VIEWER)},
},
}
return hs.AccessControl.DeclareFixedRoles(registrations...)
}
Reference in New Issue View Git Blame Copy Permalink