apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Auth: Lockdown non-editables in frontend when external auth is configured (#52160)

Browse Source 
* Auth: Lockdown user profile edit if external synced

* Auth: use builtin isExternal

* Auth: When user is synced, orgs will be overriden on next login
pull/52313/head
Jo 3 years ago committed by GitHub
parent 85309f4e63
commit 13b23fd512
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 9 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      public/app/features/admin/UserOrgs.tsx
  2. 22
      public/app/features/profile/UserProfileEditForm.tsx

3
public/app/features/admin/UserOrgs.tsx
Unescape View File

@ -60,7 +60,8 @@ export class UserOrgs extends PureComponent<Props, State> {
const addToOrgContainerClass = css`
margin-top: 0.8rem;
`;
const canAddToOrg = contextSrv.hasPermission(AccessControlAction.OrgUsersAdd);
const canAddToOrg = contextSrv.hasPermission(AccessControlAction.OrgUsersAdd) && !isExternalUser;
return (
<>
<h3 className="page-heading">Organizations</h3>

22
public/app/features/profile/UserProfileEditForm.tsx
Unescape View File

@ -21,16 +21,22 @@ export const UserProfileEditForm: FC<Props> = ({ user, isSavingUser, updateProfi
updateProfile(data);
};
// check if authLabels is longer than 0 otherwise false
const isExternalUser: boolean = (user && user.isExternal) ?? false;
const authSource = isExternalUser && user && user.authLabels ? user.authLabels[0] : '';
const lockMessage = authSource ? ` (Synced via ${authSource})` : '';
const disabledEdit = disableLoginForm || isExternalUser;
return (
<Form onSubmit={onSubmitProfileUpdate} validateOn="onBlur">
{({ register, errors }) => {
return (
<FieldSet label={<Trans id="user-profile.title">Edit profile</Trans>}>
<Field
label={t({ id: 'user-profile.fields.name-label', message: 'Name' })}
label={t({ id: 'user-profile.fields.name-label', message: 'Name' }) + lockMessage}
invalid={!!errors.name}
error={<Trans id="user-profile.fields.name-error">Name is required</Trans>}
disabled={disableLoginForm}
disabled={disabledEdit}
>
<Input
{...register('name', { required: true })}
@ -42,10 +48,10 @@ export const UserProfileEditForm: FC<Props> = ({ user, isSavingUser, updateProfi
</Field>
<Field
label={t({ id: 'user-profile.fields.email-label', message: 'Email' })}
label={t({ id: 'user-profile.fields.email-label', message: 'Email' }) + lockMessage}
invalid={!!errors.email}
error={<Trans id="user-profile.fields.email-error">Email is required</Trans>}
disabled={disableLoginForm}
disabled={disabledEdit}
>
<Input
{...register('email', { required: true })}
@ -57,14 +63,14 @@ export const UserProfileEditForm: FC<Props> = ({ user, isSavingUser, updateProfi
</Field>
<Field
label={t({ id: 'user-profile.fields.username-label', message: 'Username' })}
disabled={disableLoginForm}
label={t({ id: 'user-profile.fields.username-label', message: 'Username' }) + lockMessage}
disabled={disabledEdit}
>
<Input
{...register('login')}
id="edit-user-profile-username"
defaultValue={user?.login ?? ''}
placeholder={t({ id: 'user-profile.fields.username-label', message: 'Username' })}
placeholder={t({ id: 'user-profile.fields.username-label', message: 'Username' }) + lockMessage}
suffix={<InputSuffix />}
/>
</Field>
@ -72,7 +78,7 @@ export const UserProfileEditForm: FC<Props> = ({ user, isSavingUser, updateProfi
<div className="gf-form-button-row">
<Button
variant="primary"
disabled={isSavingUser}
disabled={isSavingUser || disabledEdit}
data-testid={selectors.components.UserProfile.profileSaveButton}
type="submit"
>

Write Preview
Loading…
Cancel
Save