apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51311 Commits
2179 Branches
608 Tags
1.9 GiB
Tag: Branch: Tree: b8c9ae0eb7
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b8c9ae0eb7'
${ noResults }
grafana/pkg/api/folder_permission.go

199 lines
6.3 KiB
Raw Normal View History Unescape

folders: folder permission api routes
7 years ago
package api
import (
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2 years ago
"context"
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments
4 years ago
"net/http"
folders: folder permission api routes
7 years ago
"time"
Migrate to Wire for dependency injection (#32289) Fixes #30144 Co-authored-by: dsotirakis <sotirakis.dim@gmail.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com> Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Leon Sorokin <leeoniya@gmail.com> Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com> Co-authored-by: spinillos <selenepinillos@gmail.com> Co-authored-by: Karl Persson <kalle.persson@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com>
4 years ago
"github.com/grafana/grafana/pkg/api/apierrors"
folders: folder permission api routes
7 years ago
"github.com/grafana/grafana/pkg/api/dtos"
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
5 years ago
"github.com/grafana/grafana/pkg/api/response"
Add MFolderIDsAPICount metric to count FolderIDs in api package (#80866) * Add MFolderIDsAPICount metric to cound FolderIDs in api package * Change counter to counter vector with method names as string values
1 year ago
"github.com/grafana/grafana/pkg/infra/metrics"
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2 years ago
"github.com/grafana/grafana/pkg/services/auth/identity"
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2 years ago
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
chore/backend: move dashboard errors to dashboard service (#51593) * chore/backend: move dashboard errors to dashboard service Dashboard-related models are slowly moving out of the models package and into dashboard services. This commit moves dashboard-related errors; the rest will come in later commits. There are no logical code changes, this is only a structural (package) move. * lint lint lint
3 years ago
"github.com/grafana/grafana/pkg/services/dashboards"
Authz: Remove use of SignedInUser copy for permission evaluation (#78448) * remove use of SignedInUserCopies * add extra safety to not cross assign permissions unwind circular dependency dashboardacl->dashboardaccess fix missing import * correctly set teams for permissions * fix missing inits * nit: check err * exit early for api keys
2 years ago
"github.com/grafana/grafana/pkg/services/dashboards/dashboardaccess"
Nested Folders: Support getting of nested folder in folder service wh… (#58597) * Nested Folders: Support getting of nested folder in folder service when feature flag is set * Fix lint * Fix some tests * Fix ngalert test * ngalert fix * Fix API tests * Fix some tests and lint * Fix lint 2 * Fix library elements and panels * Add access control to get folder * Cleanup and minor test change
3 years ago
"github.com/grafana/grafana/pkg/services/folder"
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2 years ago
"github.com/grafana/grafana/pkg/services/org"
Chore: replace macaron with web package (#40136) * replace macaron with web package * add web.go
4 years ago
"github.com/grafana/grafana/pkg/web"
folders: folder permission api routes
7 years ago
)
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
// swagger:route GET /folders/{folder_uid}/permissions folder_permissions getFolderPermissionList
//
// Gets all existing permissions for the folder with the given `uid`.
//
// Responses:
// 200: getFolderPermissionListResponse
// 401: unauthorisedError
// 403: forbiddenError
// 404: notFoundError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2 years ago
func (hs *HTTPServer) GetFolderPermissionList(c *contextmodel.ReqContext) response.Response {
Nested Folders: Support getting of nested folder in folder service wh… (#58597) * Nested Folders: Support getting of nested folder in folder service when feature flag is set * Fix lint * Fix some tests * Fix ngalert test * ngalert fix * Fix API tests * Fix some tests and lint * Fix lint 2 * Fix library elements and panels * Add access control to get folder * Cleanup and minor test change
3 years ago
uid := web.Params(c.Req)[":uid"]
Auth: Unfurl OrgID in pkg/api to allow using identity.Requester interface (#76108) Unfurl OrgID in pkg/api to allow using identity.Requester interface
2 years ago
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
folders: folder permission api routes
7 years ago
if err != nil {
Migrate to Wire for dependency injection (#32289) Fixes #30144 Co-authored-by: dsotirakis <sotirakis.dim@gmail.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com> Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Leon Sorokin <leeoniya@gmail.com> Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com> Co-authored-by: spinillos <selenepinillos@gmail.com> Co-authored-by: Karl Persson <kalle.persson@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com>
4 years ago
return apierrors.ToFolderErrorResponse(err)
folders: folder permission api routes
7 years ago
}
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2 years ago
acl, err := hs.getFolderACL(c.Req.Context(), c.SignedInUser, folder)
folders: folder permission api routes
7 years ago
if err != nil {
Grafana: Replace magic number with a constant variable in response status (#80132) * Chore: Replace response status with const var * Apply suggestions from code review Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Add net/http import --------- Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
1 year ago
return response.Error(http.StatusInternalServerError, "Failed to get folder permissions", err)
folders: folder permission api routes
7 years ago
}
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2 years ago
filteredACLs := make([]*dashboards.DashboardACLInfoDTO, 0, len(acl))
folders: folder permission api routes
7 years ago
for _, perm := range acl {
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2 years ago
if perm.UserID > 0 && dtos.IsHiddenUser(perm.UserLogin, c.SignedInUser, hs.Cfg) {
Add an option to hide certain users in the UI (#28942) * Add an option to hide certain users in the UI * revert changes for admin users routes * fix sqlstore function name * Improve slice management Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Hidden users: convert slice to map * filter with user logins instead of IDs * put HiddenUsers in Cfg struct * hide hidden users from dashboards/folders permissions list * Update conf/defaults.ini Co-authored-by: Torkel Ödegaard <torkel@grafana.com> * fix params order * fix tests * fix dashboard/folder update with hidden user * add team tests * add dashboard and folder permissions tests * fixes after merge * fix tests * API: add test for org users endpoints * update hidden users management for dashboard / folder permissions * improve dashboard / folder permissions tests * fixes after merge * Guardian: add hidden acl tests * API: add team members tests * fix team sql syntax for postgres * api tests update * fix linter error * fix tests errors after merge Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Torkel Ödegaard <torkel@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com>
5 years ago
continue
}
Add MFolderIDsAPICount metric to count FolderIDs in api package (#80866) * Add MFolderIDsAPICount metric to cound FolderIDs in api package * Change counter to counter vector with method names as string values
1 year ago
metrics.MFolderIDsAPICount.WithLabelValues(metrics.GetFolderPermissionList).Inc()
Chore: Deprecate FolderID from DashboardACLInfoDTO (#77652) * Chore: Deprecate FolderID from DashboardACLInfoDTO * chore: regen specs
2 years ago
// nolint:staticcheck
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2 years ago
perm.FolderID = folder.ID
perm.DashboardID = 0
folders: folder permission api routes
7 years ago
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
1 year ago
perm.UserAvatarURL = dtos.GetGravatarUrl(hs.Cfg, perm.UserEmail)
permissions: return user and team avatar in folder permissions api
7 years ago
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2 years ago
if perm.TeamID > 0 {
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
1 year ago
perm.TeamAvatarURL = dtos.GetGravatarUrlWithDefault(hs.Cfg, perm.TeamEmail, perm.Team)
permissions: return user and team avatar in folder permissions api
7 years ago
}
folders: folder permission api routes
7 years ago
if perm.Slug != "" {
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2 years ago
perm.URL = dashboards.GetDashboardFolderURL(perm.IsFolder, perm.UID, perm.Slug)
folders: folder permission api routes
7 years ago
}
Add an option to hide certain users in the UI (#28942) * Add an option to hide certain users in the UI * revert changes for admin users routes * fix sqlstore function name * Improve slice management Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Hidden users: convert slice to map * filter with user logins instead of IDs * put HiddenUsers in Cfg struct * hide hidden users from dashboards/folders permissions list * Update conf/defaults.ini Co-authored-by: Torkel Ödegaard <torkel@grafana.com> * fix params order * fix tests * fix dashboard/folder update with hidden user * add team tests * add dashboard and folder permissions tests * fixes after merge * fix tests * API: add test for org users endpoints * update hidden users management for dashboard / folder permissions * improve dashboard / folder permissions tests * fixes after merge * Guardian: add hidden acl tests * API: add team members tests * fix team sql syntax for postgres * api tests update * fix linter error * fix tests errors after merge Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Torkel Ödegaard <torkel@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com>
5 years ago
Rename Acl to ACL (#52342) * Rename Acl to ACL * Fix yaml files * Add xorm tags and fix test
3 years ago
filteredACLs = append(filteredACLs, perm)
folders: folder permission api routes
7 years ago
}
Rename Acl to ACL (#52342) * Rename Acl to ACL * Fix yaml files * Add xorm tags and fix test
3 years ago
return response.JSON(http.StatusOK, filteredACLs)
folders: folder permission api routes
7 years ago
}
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
// swagger:route POST /folders/{folder_uid}/permissions folder_permissions updateFolderPermissions
//
// Updates permissions for a folder. This operation will remove existing permissions if they’re not included in the request.
//
// Responses:
// 200: okResponse
// 401: unauthorisedError
// 403: forbiddenError
// 404: notFoundError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2 years ago
func (hs *HTTPServer) UpdateFolderPermissions(c *contextmodel.ReqContext) response.Response {
Rename Acl to ACL (#52342) * Rename Acl to ACL * Fix yaml files * Add xorm tags and fix test
3 years ago
apiCmd := dtos.UpdateDashboardACLCommand{}
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments
4 years ago
if err := web.Bind(c.Req, &apiCmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
Permissions: Validate against Team/User permission role update (#29101) * validate against role field update * lowercase error string * make all msgs consistent style * fix wording Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * sayonara simple json Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
5 years ago
if err := validatePermissionsUpdate(apiCmd); err != nil {
Grafana: Replace magic number with a constant variable in response status (#80132) * Chore: Replace response status with const var * Apply suggestions from code review Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Add net/http import --------- Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
1 year ago
return response.Error(http.StatusBadRequest, err.Error(), err)
Permissions: Validate against Team/User permission role update (#29101) * validate against role field update * lowercase error string * make all msgs consistent style * fix wording Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * sayonara simple json Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
5 years ago
}
Nested Folders: Support getting of nested folder in folder service wh… (#58597) * Nested Folders: Support getting of nested folder in folder service when feature flag is set * Fix lint * Fix some tests * Fix ngalert test * ngalert fix * Fix API tests * Fix some tests and lint * Fix lint 2 * Fix library elements and panels * Add access control to get folder * Cleanup and minor test change
3 years ago
uid := web.Params(c.Req)[":uid"]
Auth: Unfurl OrgID in pkg/api to allow using identity.Requester interface (#76108) Unfurl OrgID in pkg/api to allow using identity.Requester interface
2 years ago
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
folders: folder permission api routes
7 years ago
if err != nil {
Migrate to Wire for dependency injection (#32289) Fixes #30144 Co-authored-by: dsotirakis <sotirakis.dim@gmail.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com> Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Leon Sorokin <leeoniya@gmail.com> Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com> Co-authored-by: spinillos <selenepinillos@gmail.com> Co-authored-by: Karl Persson <kalle.persson@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com>
4 years ago
return apierrors.ToFolderErrorResponse(err)
folders: folder permission api routes
7 years ago
}
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2 years ago
items := make([]*dashboards.DashboardACL, 0, len(apiCmd.Items))
folders: folder permission api routes
7 years ago
for _, item := range apiCmd.Items {
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2 years ago
items = append(items, &dashboards.DashboardACL{
Auth: Unfurl OrgID in pkg/api to allow using identity.Requester interface (#76108) Unfurl OrgID in pkg/api to allow using identity.Requester interface
2 years ago
OrgID: c.SignedInUser.GetOrgID(),
Chore: Deprecate ID from Folder (#78281) * Chore: Deprecate ID from Folder * chore: add more linter comments * chore: add missing lint comment
2 years ago
DashboardID: folder.ID, // nolint:staticcheck
Backend: Rename variables for style conformance (#29097) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
5 years ago
UserID: item.UserID,
TeamID: item.TeamID,
folders: folder permission api routes
7 years ago
Role: item.Role,
Permission: item.Permission,
Created: time.Now(),
Updated: time.Now(),
})
Add MFolderIDsAPICount metric to count FolderIDs in api package (#80866) * Add MFolderIDsAPICount metric to cound FolderIDs in api package * Change counter to counter vector with method names as string values
1 year ago
metrics.MFolderIDsAPICount.WithLabelValues(metrics.UpdateFolderPermissions).Inc()
folders: folder permission api routes
7 years ago
}
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2 years ago
acl, err := hs.getFolderACL(c.Req.Context(), c.SignedInUser, folder)
Add an option to hide certain users in the UI (#28942) * Add an option to hide certain users in the UI * revert changes for admin users routes * fix sqlstore function name * Improve slice management Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Hidden users: convert slice to map * filter with user logins instead of IDs * put HiddenUsers in Cfg struct * hide hidden users from dashboards/folders permissions list * Update conf/defaults.ini Co-authored-by: Torkel Ödegaard <torkel@grafana.com> * fix params order * fix tests * fix dashboard/folder update with hidden user * add team tests * add dashboard and folder permissions tests * fixes after merge * fix tests * API: add test for org users endpoints * update hidden users management for dashboard / folder permissions * improve dashboard / folder permissions tests * fixes after merge * Guardian: add hidden acl tests * API: add team members tests * fix team sql syntax for postgres * api tests update * fix linter error * fix tests errors after merge Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Torkel Ödegaard <torkel@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com>
5 years ago
if err != nil {
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2 years ago
return response.Error(http.StatusInternalServerError, "Error while checking folder permissions", err)
Add an option to hide certain users in the UI (#28942) * Add an option to hide certain users in the UI * revert changes for admin users routes * fix sqlstore function name * Improve slice management Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Hidden users: convert slice to map * filter with user logins instead of IDs * put HiddenUsers in Cfg struct * hide hidden users from dashboards/folders permissions list * Update conf/defaults.ini Co-authored-by: Torkel Ödegaard <torkel@grafana.com> * fix params order * fix tests * fix dashboard/folder update with hidden user * add team tests * add dashboard and folder permissions tests * fixes after merge * fix tests * API: add test for org users endpoints * update hidden users management for dashboard / folder permissions * improve dashboard / folder permissions tests * fixes after merge * Guardian: add hidden acl tests * API: add team members tests * fix team sql syntax for postgres * api tests update * fix linter error * fix tests errors after merge Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Torkel Ödegaard <torkel@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com>
5 years ago
}
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2 years ago
items = append(items, hs.filterHiddenACL(c.SignedInUser, acl)...)
folders: folder permission api routes
7 years ago
Auth: Unfurl OrgID in pkg/api to allow using identity.Requester interface (#76108) Unfurl OrgID in pkg/api to allow using identity.Requester interface
2 years ago
if err := hs.updateDashboardAccessControl(c.Req.Context(), c.SignedInUser.GetOrgID(), folder.UID, true, items, acl); err != nil {
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2 years ago
return response.Error(http.StatusInternalServerError, "Failed to create permission", err)
folders: folder permission api routes
7 years ago
}
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2 years ago
return response.Success("Folder permissions updated")
}
Authz: Remove use of SignedInUser copy for permission evaluation (#78448) * remove use of SignedInUserCopies * add extra safety to not cross assign permissions unwind circular dependency dashboardacl->dashboardaccess fix missing import * correctly set teams for permissions * fix missing inits * nit: check err * exit early for api keys
2 years ago
var folderPermissionMap = map[string]dashboardaccess.PermissionType{
"View": dashboardaccess.PERMISSION_VIEW,
"Edit": dashboardaccess.PERMISSION_EDIT,
"Admin": dashboardaccess.PERMISSION_ADMIN,
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2 years ago
}
func (hs *HTTPServer) getFolderACL(ctx context.Context, user identity.Requester, folder *folder.Folder) ([]*dashboards.DashboardACLInfoDTO, error) {
permissions, err := hs.folderPermissionsService.GetPermissions(ctx, user, folder.UID)
AC: Remove legacy AC from folders permissions API (#71526) * Remove legacy AC from folder permissions API * Update pkg/api/folder_permission.go --------- Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2 years ago
if err != nil {
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2 years ago
return nil, err
Access control: Use access control for dashboard and folder (#44702) * Add actions and scopes * add resource service for dashboard and folder * Add dashboard guardian with fgac permission evaluation * Add CanDelete function to guardian interface * Add CanDelete property to folder and dashboard dto and set values * change to correct function name * Add accesscontrol to folder endpoints * add access control to dashboard endpoints * check access for nav links * Add fixed roles for dashboard and folders * use correct package * add hack to override guardian Constructor if accesscontrol is enabled * Add services * Add function to handle api backward compatability * Add permissionServices to HttpServer * Set permission when new dashboard is created * Add default permission when creating new dashboard * Set default permission when creating folder and dashboard * Add access control filter for dashboard search * Add to accept list * Add accesscontrol to dashboardimport * Disable access control in tests * Add check to see if user is allow to create a dashboard * Use SetPermissions * Use function to set several permissions at once * remove permissions for folder and dashboard on delete * update required permission * set permission for provisioning * Add CanCreate to dashboard guardian and set correct permisisons for provisioning * Dont set admin on folder / dashboard creation * Add dashboard and folder permission migrations * Add tests for CanCreate * Add roles and update descriptions * Solve uid to id for dashboard and folder permissions * Add folder and dashboard actions to permission filter * Handle viewer_can_edit flag * set folder and dashboard permissions services * Add dashboard permissions when importing a new dashboard * Set access control permissions on provisioning * Pass feature flags and only set permissions if access control is enabled * only add default permissions for folders and dashboards without folders * Batch create permissions in migrations * Remove `dashboards:edit` action * Remove unused function from interface * Update pkg/services/guardian/accesscontrol_guardian_test.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
3 years ago
}
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2 years ago
acl := make([]*dashboards.DashboardACLInfoDTO, 0, len(permissions))
for _, p := range permissions {
if !p.IsManaged {
continue
}
var role *org.RoleType
if p.BuiltInRole != "" {
tmp := org.RoleType(p.BuiltInRole)
role = &tmp
}
permission := folderPermissionMap[hs.folderPermissionsService.MapActions(p)]
acl = append(acl, &dashboards.DashboardACLInfoDTO{
OrgID: folder.OrgID,
Chore: Deprecate ID from Folder (#78281) * Chore: Deprecate ID from Folder * chore: add more linter comments * chore: add missing lint comment
2 years ago
DashboardID: folder.ID, // nolint:staticcheck
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2 years ago
FolderUID: folder.ParentUID,
Created: p.Created,
Updated: p.Updated,
UserID: p.UserId,
UserLogin: p.UserLogin,
UserEmail: p.UserEmail,
TeamID: p.TeamId,
TeamEmail: p.TeamEmail,
Team: p.Team,
Role: role,
Permission: permission,
PermissionName: permission.String(),
UID: folder.UID,
Title: folder.Title,
URL: folder.WithURL().URL,
IsFolder: true,
Inherited: false,
})
Add MFolderIDsAPICount metric to count FolderIDs in api package (#80866) * Add MFolderIDsAPICount metric to cound FolderIDs in api package * Change counter to counter vector with method names as string values
1 year ago
metrics.MFolderIDsAPICount.WithLabelValues(metrics.GetFolderPermissionList).Inc()
folders: folder permission api routes
7 years ago
}
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2 years ago
return acl, nil
folders: folder permission api routes
7 years ago
}
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
// swagger:parameters getFolderPermissionList
type GetFolderPermissionListParams struct {
// in:path
// required:true
FolderUID string `json:"folder_uid"`
}
// swagger:parameters updateFolderPermissions
type UpdateFolderPermissionsParams struct {
// in:path
// required:true
FolderUID string `json:"folder_uid"`
// in:body
// required:true
Body dtos.UpdateDashboardACLCommand
}
// swagger:response getFolderPermissionListResponse
type GetFolderPermissionsResponse struct {
// in: body
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2 years ago
Body []*dashboards.DashboardACLInfoDTO `json:"body"`
Chore: Move swagger definitions to the handlers (#52643)
3 years ago
}