AccessControl: introduce a different accesscontrol check (licensed or not) (#44777)

Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
3 years ago · 86756ee3e5
parent 602d62ebcc
commit 86756ee3e5
5 changed files with 17 additions and 13 deletions
--- a/public/app/core/services/context_srv.ts
+++ b/public/app/core/services/context_srv.ts
@ -1,8 +1,8 @@
 import config from '../../core/config';
 import { extend } from 'lodash';
 import { rangeUtil, WithAccessControlMetadata } from '@grafana/data';
-import { featureEnabled } from '@grafana/runtime';
 import { AccessControlAction, UserPermission } from 'app/types';
+import { featureEnabled } from '@grafana/runtime';

 export class User {
  id: number;
@ -83,13 +83,17 @@ export class ContextSrv {
  }

  accessControlEnabled(): boolean {
+    return Boolean(config.featureToggles['accesscontrol']);
+  }
+
+  licensedAccessControlEnabled(): boolean {
    return featureEnabled('accesscontrol') && Boolean(config.featureToggles['accesscontrol']);
  }

  // Checks whether user has required permission
  hasPermissionInMetadata(action: AccessControlAction | string, object: WithAccessControlMetadata): boolean {
    // Fallback if access control disabled
-    if (!config.featureToggles['accesscontrol']) {
+    if (!this.accessControlEnabled()) {
      return true;
    }

@ -99,7 +103,7 @@ export class ContextSrv {
  // Checks whether user has required permission
  hasPermission(action: AccessControlAction | string): boolean {
    // Fallback if access control disabled
-    if (!config.featureToggles['accesscontrol']) {
+    if (!this.accessControlEnabled()) {
      return true;
    }

@ -126,14 +130,14 @@ export class ContextSrv {
  }

  hasAccessToExplore() {
-    if (config.featureToggles['accesscontrol']) {
+    if (this.accessControlEnabled()) {
      return this.hasPermission(AccessControlAction.DataSourcesExplore);
    }
    return (this.isEditor || config.viewersCanEdit) && config.exploreEnabled;
  }

  hasAccess(action: string, fallBack: boolean) {
-    if (!config.featureToggles['accesscontrol']) {
+    if (!this.accessControlEnabled()) {
      return fallBack;
    }
    return this.hasPermission(action);
@ -141,7 +145,7 @@ export class ContextSrv {

  // evaluates access control permissions, granting access if the user has any of them; uses fallback if access control is disabled
  evaluatePermission(fallback: () => string[], actions: string[]) {
-    if (!config.featureToggles['accesscontrol']) {
+    if (!this.accessControlEnabled()) {
      return fallback();
    }
    if (actions.some((action) => this.hasPermission(action))) {
--- a/public/app/features/admin/UserOrgs.tsx
+++ b/public/app/features/admin/UserOrgs.tsx
@ -176,7 +176,7 @@ class UnThemedOrgRow extends PureComponent<OrgRowProps> {
        <td className={labelClass}>
          <label htmlFor={inputId}>{org.name}</label>
        </td>
-        {contextSrv.accessControlEnabled() ? (
+        {contextSrv.licensedAccessControlEnabled() ? (
          <td>
            <div className={styles.rolePickerWrapper}>
              <div className={styles.rolePicker}>
--- a/public/app/features/teams/TeamList.tsx
+++ b/public/app/features/teams/TeamList.tsx
@ -43,7 +43,7 @@ export class TeamList extends PureComponent<Props, State> {

  componentDidMount() {
    this.fetchTeams();
-    if (contextSrv.accessControlEnabled()) {
+    if (contextSrv.licensedAccessControlEnabled()) {
      this.fetchRoleOptions();
    }
  }
@ -89,7 +89,7 @@ export class TeamList extends PureComponent<Props, State> {
        <td className="link-td">
          <a href={teamUrl}>{team.memberCount}</a>
        </td>
-        {contextSrv.accessControlEnabled() && (
+        {contextSrv.licensedAccessControlEnabled() && (
          <td>
            <TeamRolePicker teamId={team.id} getRoleOptions={async () => this.state.roleOptions} />
          </td>
@ -155,7 +155,7 @@ export class TeamList extends PureComponent<Props, State> {
                  <th>Name</th>
                  <th>Email</th>
                  <th>Members</th>
-                  {contextSrv.accessControlEnabled() && <th>Roles</th>}
+                  {contextSrv.licensedAccessControlEnabled() && <th>Roles</th>}
                  <th style={{ width: '1%' }} />
                </tr>
              </thead>
--- a/public/app/features/users/UsersTable.test.tsx
+++ b/public/app/features/users/UsersTable.test.tsx
@ -9,7 +9,7 @@ jest.mock('app/core/core', () => ({
  contextSrv: {
    hasPermission: () => true,
    hasPermissionInMetadata: () => true,
-    accessControlEnabled: () => false,
+    licensedAccessControlEnabled: () => false,
  },
 }));

--- a/public/app/features/users/UsersTable.tsx
+++ b/public/app/features/users/UsersTable.tsx
@ -40,7 +40,7 @@ const UsersTable: FC<Props> = (props) => {
        console.error('Error loading options');
      }
    }
-    if (contextSrv.accessControlEnabled()) {
+    if (contextSrv.licensedAccessControlEnabled()) {
      fetchOptions();
    }
  }, [orgId]);
@ -88,7 +88,7 @@ const UsersTable: FC<Props> = (props) => {
                <td className="width-1">{user.lastSeenAtAge}</td>

                <td className="width-8">
-                  {contextSrv.accessControlEnabled() ? (
+                  {contextSrv.licensedAccessControlEnabled() ? (
                    <UserRolePicker
                      userId={user.userId}
                      orgId={orgId}