RBAC: Hide root level folder creation button if the user doesn't have the right permissions (#91502)

* hide root level folder creation button if the user doesn't have the right permissions * linting
11 months ago · 134b9f731f
parent 8d36111420
commit 134b9f731f
2 changed files with 21 additions and 7 deletions
--- a/public/app/features/browse-dashboards/BrowseDashboardsPage.tsx
+++ b/public/app/features/browse-dashboards/BrowseDashboardsPage.tsx
@ -87,7 +87,9 @@ const BrowseDashboardsPage = memo(({ match }: Props) => {

  const hasSelection = useHasSelection();

-  const { canEditFolders, canEditDashboards, canCreateDashboards, canCreateFolders } = getFolderPermissions(folderDTO);
+  const { data: rootFolder } = useGetFolderQuery('general');
+  let folder = folderDTO ? folderDTO : rootFolder;
+  const { canEditFolders, canEditDashboards, canCreateDashboards, canCreateFolders } = getFolderPermissions(folder);

  const showEditTitle = canEditFolders && folderUID;
  const canSelect = canEditFolders || canEditDashboards;
--- a/public/app/features/browse-dashboards/permissions.ts
+++ b/public/app/features/browse-dashboards/permissions.ts
@ -3,22 +3,34 @@ import { contextSrv } from 'app/core/core';
 import { AccessControlAction, FolderDTO } from 'app/types';

 function checkFolderPermission(action: AccessControlAction, folderDTO?: FolderDTO) {
-  return folderDTO ? contextSrv.hasPermissionInMetadata(action, folderDTO) : contextSrv.hasPermission(action);
+  // Only some permissions are assigned in the root folder (aka "general" folder), so we can ignore them in most cases
+  return folderDTO && folderDTO.uid !== 'general'
+    ? contextSrv.hasPermissionInMetadata(action, folderDTO)
+    : contextSrv.hasPermission(action);
 }

 function checkCanCreateFolders(folderDTO?: FolderDTO) {
+  // Can only create a folder if we have permissions and either we're at root or nestedFolders is enabled
  if (folderDTO && !config.featureToggles.nestedFolders) {
    return false;
  }

-  return config.featureToggles.accessActionSets
-    ? checkFolderPermission(AccessControlAction.FoldersCreate, folderDTO)
-    : checkFolderPermission(AccessControlAction.FoldersCreate) &&
-        checkFolderPermission(AccessControlAction.FoldersWrite, folderDTO);
+  if (!config.featureToggles.accessActionSets) {
+    if (!folderDTO || folderDTO.uid === 'general') {
+      return checkFolderPermission(AccessControlAction.FoldersCreate);
+    }
+    return (
+      checkFolderPermission(AccessControlAction.FoldersCreate) &&
+      checkFolderPermission(AccessControlAction.FoldersWrite, folderDTO)
+    );
+  }
+
+  return folderDTO
+    ? contextSrv.hasPermissionInMetadata(AccessControlAction.FoldersCreate, folderDTO)
+    : contextSrv.hasPermission(AccessControlAction.FoldersCreate);
 }

 export function getFolderPermissions(folderDTO?: FolderDTO) {
-  // Can only create a folder if we have permissions and either we're at root or nestedFolders is enabled
  const canCreateDashboards = checkFolderPermission(AccessControlAction.DashboardsCreate, folderDTO);
  const canCreateFolders = checkCanCreateFolders(folderDTO);
  const canDeleteFolders = checkFolderPermission(AccessControlAction.FoldersDelete, folderDTO);