apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Access Control: Make it possible to exclude role grants (#91647)

Browse Source
pull/91688/head
Alexander Zobnin 11 months ago committed by GitHub
parent 89ee970ec3
commit 0e5d7633f7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      pkg/api/accesscontrol.go
  2. 5
      pkg/services/accesscontrol/models.go

2
pkg/api/accesscontrol.go
Unescape View File

@ -442,6 +442,8 @@ func (hs *HTTPServer) declareFixedRoles() error {
},
},
Grants: []string{"Editor"},
// Don't grant fixed:folders:creator to Admin
Exclude: []string{"Admin"},
}
foldersReaderRole := ac.RoleRegistration{

5
pkg/services/accesscontrol/models.go
Unescape View File

@ -26,8 +26,9 @@ var (
// RoleRegistration stores a role and its assignments to built-in roles
// (Viewer, Editor, Admin, Grafana Admin)
type RoleRegistration struct {
Role RoleDTO
Grants []string
Role RoleDTO
Grants []string
Exclude []string
}
// Role is the model for Role in RBAC.

Write Preview
Loading…
Cancel
Save