apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

RBAC: Fix the check for whether an action set should be added (#89219)

Browse Source 
fox the check for whether an action set should be added
pull/89140/head^2
Ieva 12 months ago committed by GitHub
parent b2864d6dfb
commit 4e3294cd8d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 5 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 14
      pkg/services/accesscontrol/resourcepermissions/store.go

14
pkg/services/accesscontrol/resourcepermissions/store.go
Unescape View File

@ -671,7 +671,7 @@ func (s *store) createPermissions(sess *db.Session, roleID int64, cmd SetResourc
/*
Add ACTION SET of managed permissions to in-memory store
*/
if s.shouldStoreActionSet(permission) {
if s.shouldStoreActionSet(resource, permission) {
actionSetName := GetActionSetName(resource, permission)
p := managedPermission(actionSetName, resource, resourceID, resourceAttribute)
p.RoleID = roleID
@ -683,13 +683,13 @@ func (s *store) createPermissions(sess *db.Session, roleID int64, cmd SetResourc
// If there are no missing actions for the resource (in case of access level downgrade or resource removal), we don't need to insert any actions
// we still want to add the action set (when permission != "")
if len(missingActions) == 0 && !s.shouldStoreActionSet(permission) {
if len(missingActions) == 0 && !s.shouldStoreActionSet(resource, permission) {
return nil
}
// if we have actionset feature enabled and are only working with action sets
// skip adding the missing actions to the permissions table
if !(s.shouldStoreActionSet(permission) && s.cfg.OnlyStoreAccessActionSets) {
if !(s.shouldStoreActionSet(resource, permission) && s.cfg.OnlyStoreAccessActionSets) {
for action := range missingActions {
p := managedPermission(action, resource, resourceID, resourceAttribute)
p.RoleID = roleID
@ -706,8 +706,12 @@ func (s *store) createPermissions(sess *db.Session, roleID int64, cmd SetResourc
return nil
}
func (s *store) shouldStoreActionSet(permission string) bool {
return (s.features.IsEnabled(context.TODO(), featuremgmt.FlagAccessActionSets) && permission != "" && isFolderOrDashboardAction(permission))
func (s *store) shouldStoreActionSet(resource, permission string) bool {
if !(s.features.IsEnabled(context.TODO(), featuremgmt.FlagAccessActionSets) && permission != "") {
return false
}
actionSetName := GetActionSetName(resource, permission)
return isFolderOrDashboardAction(actionSetName)
}
func deletePermissions(sess *db.Session, ids []int64) error {

Write Preview
Loading…
Cancel
Save