apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

RBAC: Default to plugins.app:access for plugin includes (#90969)

Browse Source 
* Default to app access for includes

* Check plugin type
pull/91153/head
Gabriel MABILLE 10 months ago committed by GitHub
parent 34dbfefc86
commit b982259950
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 93 additions and 72 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 22
      pkg/plugins/manager/loader/finder/local_test.go
  2. 44
      pkg/plugins/manager/loader/loader_test.go
  3. 2
      pkg/plugins/models.go
  4. 5
      pkg/plugins/plugins.go
  5. 8
      pkg/plugins/plugins_test.go
  6. 84
      pkg/services/pluginsintegration/loader/loader_test.go

22
pkg/plugins/manager/loader/finder/local_test.go
Unescape View File

@ -153,19 +153,21 @@ func TestFinder_Find(t *testing.T) {
}, },
Includes: []*plugins.Includes{ Includes: []*plugins.Includes{
{ {
Name: "Nginx Connections", Name: "Nginx Connections",
Path: "dashboards/connections.json", Path: "dashboards/connections.json",
Type: "dashboard", Type: "dashboard",
Role: "Viewer", Role: "Viewer",
Action: "plugins.app:access",
}, },
{ {
Name: "Nginx Memory", Name: "Nginx Memory",
Path: "dashboards/memory.json", Path: "dashboards/memory.json",
Type: "dashboard", Type: "dashboard",
Role: "Viewer", Role: "Viewer",
Action: "plugins.app:access",
}, },
{Name: "Nginx Panel", Type: "panel", Role: "Viewer"}, {Name: "Nginx Panel", Type: "panel", Role: "Viewer", Action: "plugins.app:access"},
{Name: "Nginx Datasource", Type: "datasource", Role: "Viewer"}, {Name: "Nginx Datasource", Type: "datasource", Role: "Viewer", Action: "plugins.app:access"},
}, },
}, },
FS: mustNewStaticFSForTests(t, filepath.Join(testData, "includes-symlinks")), FS: mustNewStaticFSForTests(t, filepath.Join(testData, "includes-symlinks")),

44
pkg/plugins/manager/loader/loader_test.go
Unescape View File

@ -198,30 +198,34 @@ func TestLoader_Load(t *testing.T) {
}, },
Includes: []*plugins.Includes{ Includes: []*plugins.Includes{
{ {
Name: "Nginx Connections", Name: "Nginx Connections",
Path: "dashboards/connections.json", Path: "dashboards/connections.json",
Type: "dashboard", Type: "dashboard",
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-connections", Action: plugins.ActionAppAccess,
Slug: "nginx-connections",
}, },
{ {
Name: "Nginx Memory", Name: "Nginx Memory",
Path: "dashboards/memory.json", Path: "dashboards/memory.json",
Type: "dashboard", Type: "dashboard",
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-memory", Action: plugins.ActionAppAccess,
Slug: "nginx-memory",
}, },
{ {
Name: "Nginx Panel", Name: "Nginx Panel",
Type: string(plugins.TypePanel), Type: string(plugins.TypePanel),
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-panel", Action: plugins.ActionAppAccess,
Slug: "nginx-panel",
}, },
{ {
Name: "Nginx Datasource", Name: "Nginx Datasource",
Type: string(plugins.TypeDataSource), Type: string(plugins.TypeDataSource),
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-datasource", Action: plugins.ActionAppAccess,
Slug: "nginx-datasource",
}, },
}, },
}, },
@ -391,8 +395,8 @@ func TestLoader_Load(t *testing.T) {
Plugins: []plugins.Dependency{}, Plugins: []plugins.Dependency{},
}, },
Includes: []*plugins.Includes{ Includes: []*plugins.Includes{
{Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Slug: "nginx-memory"}, {Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-memory"},
{Name: "Root Page (react)", Type: "page", Role: org.RoleViewer, Path: "/a/my-simple-app", DefaultNav: true, AddToNav: true, Slug: "root-page-react"}, {Name: "Root Page (react)", Type: "page", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Path: "/a/my-simple-app", DefaultNav: true, AddToNav: true, Slug: "root-page-react"},
}, },
Backend: false, Backend: false,
}, },

2
pkg/plugins/models.go
Unescape View File

@ -9,6 +9,8 @@ import (
const ( const (
TypeDashboard = "dashboard" TypeDashboard = "dashboard"
ActionAppAccess = "plugins.app:access"
) )
var ( var (

5
pkg/plugins/plugins.go
Unescape View File

@ -175,6 +175,11 @@ func ReadPluginJSON(reader io.Reader) (JSONData, error) {
if include.Role == "" { if include.Role == "" {
include.Role = org.RoleViewer include.Role = org.RoleViewer
} }
// Default to app access for app plugins
if plugin.Type == TypeApp && include.Role == org.RoleViewer && include.Action == "" {
include.Action = ActionAppAccess
}
} }
return plugin, nil return plugin, nil

8
pkg/plugins/plugins_test.go
Unescape View File

@ -60,10 +60,10 @@ func Test_ReadPluginJSON(t *testing.T) {
}, },
}, },
Includes: []*Includes{ Includes: []*Includes{
{Name: "Nginx Connections", Path: "dashboards/connections.json", Type: "dashboard", Role: org.RoleViewer}, {Name: "Nginx Connections", Path: "dashboards/connections.json", Type: "dashboard", Role: org.RoleViewer, Action: ActionAppAccess},
{Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer}, {Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Action: ActionAppAccess},
{Name: "Nginx Panel", Type: "panel", Role: org.RoleViewer}, {Name: "Nginx Panel", Type: "panel", Role: org.RoleViewer, Action: ActionAppAccess},
{Name: "Nginx Datasource", Type: "datasource", Role: org.RoleViewer}, {Name: "Nginx Datasource", Type: "datasource", Role: org.RoleViewer, Action: ActionAppAccess},
}, },
Backend: false, Backend: false,
}, },

84
pkg/services/pluginsintegration/loader/loader_test.go
Unescape View File

@ -198,30 +198,34 @@ func TestLoader_Load(t *testing.T) {
}, },
Includes: []*plugins.Includes{ Includes: []*plugins.Includes{
{ {
Name: "Nginx Connections", Name: "Nginx Connections",
Path: "dashboards/connections.json", Path: "dashboards/connections.json",
Type: "dashboard", Type: "dashboard",
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-connections", Action: plugins.ActionAppAccess,
Slug: "nginx-connections",
}, },
{ {
Name: "Nginx Memory", Name: "Nginx Memory",
Path: "dashboards/memory.json", Path: "dashboards/memory.json",
Type: "dashboard", Type: "dashboard",
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-memory", Action: plugins.ActionAppAccess,
Slug: "nginx-memory",
}, },
{ {
Name: "Nginx Panel", Name: "Nginx Panel",
Type: string(plugins.TypePanel), Type: string(plugins.TypePanel),
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-panel", Action: plugins.ActionAppAccess,
Slug: "nginx-panel",
}, },
{ {
Name: "Nginx Datasource", Name: "Nginx Datasource",
Type: string(plugins.TypeDataSource), Type: string(plugins.TypeDataSource),
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-datasource", Action: plugins.ActionAppAccess,
Slug: "nginx-datasource",
}, },
}, },
}, },
@ -421,8 +425,8 @@ func TestLoader_Load(t *testing.T) {
Plugins: []plugins.Dependency{}, Plugins: []plugins.Dependency{},
}, },
Includes: []*plugins.Includes{ Includes: []*plugins.Includes{
{Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Slug: "nginx-memory"}, {Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-memory"},
{Name: "Root Page (react)", Type: "page", Role: org.RoleViewer, Path: "/a/my-simple-app", DefaultNav: true, AddToNav: true, Slug: "root-page-react"}, {Name: "Root Page (react)", Type: "page", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Path: "/a/my-simple-app", DefaultNav: true, AddToNav: true, Slug: "root-page-react"},
}, },
Backend: false, Backend: false,
}, },
@ -911,10 +915,10 @@ func TestLoader_Load_DuplicatePlugins(t *testing.T) {
}, },
}, },
Includes: []*plugins.Includes{ Includes: []*plugins.Includes{
{Name: "Nginx Connections", Path: "dashboards/connections.json", Type: "dashboard", Role: org.RoleViewer, Slug: "nginx-connections"}, {Name: "Nginx Connections", Path: "dashboards/connections.json", Type: "dashboard", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-connections"},
{Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Slug: "nginx-memory"}, {Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-memory"},
{Name: "Nginx Panel", Type: "panel", Role: org.RoleViewer, Slug: "nginx-panel"}, {Name: "Nginx Panel", Type: "panel", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-panel"},
{Name: "Nginx Datasource", Type: "datasource", Role: org.RoleViewer, Slug: "nginx-datasource"}, {Name: "Nginx Datasource", Type: "datasource", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-datasource"},
}, },
Backend: false, Backend: false,
}, },
@ -992,10 +996,10 @@ func TestLoader_Load_SkipUninitializedPlugins(t *testing.T) {
}, },
}, },
Includes: []*plugins.Includes{ Includes: []*plugins.Includes{
{Name: "Nginx Connections", Path: "dashboards/connections.json", Type: "dashboard", Role: org.RoleViewer, Slug: "nginx-connections"}, {Name: "Nginx Connections", Path: "dashboards/connections.json", Type: "dashboard", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-connections"},
{Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Slug: "nginx-memory"}, {Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-memory"},
{Name: "Nginx Panel", Type: "panel", Role: org.RoleViewer, Slug: "nginx-panel"}, {Name: "Nginx Panel", Type: "panel", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-panel"},
{Name: "Nginx Datasource", Type: "datasource", Role: org.RoleViewer, Slug: "nginx-datasource"}, {Name: "Nginx Datasource", Type: "datasource", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-datasource"},
}, },
Backend: false, Backend: false,
}, },
@ -1339,6 +1343,7 @@ func TestLoader_Load_NestedPlugins(t *testing.T) {
Path: "/a/myorgid-simple-app", Path: "/a/myorgid-simple-app",
Type: "page", Type: "page",
Role: org.RoleViewer, Role: org.RoleViewer,
Action: plugins.ActionAppAccess,
AddToNav: true, AddToNav: true,
DefaultNav: true, DefaultNav: true,
Slug: "root-page-react", Slug: "root-page-react",
@ -1348,6 +1353,7 @@ func TestLoader_Load_NestedPlugins(t *testing.T) {
Path: "/a/myorgid-simple-app/?tab=b", Path: "/a/myorgid-simple-app/?tab=b",
Type: "page", Type: "page",
Role: org.RoleViewer, Role: org.RoleViewer,
Action: plugins.ActionAppAccess,
AddToNav: true, AddToNav: true,
Slug: "root-page-tab-b", Slug: "root-page-tab-b",
}, },
@ -1360,18 +1366,20 @@ func TestLoader_Load_NestedPlugins(t *testing.T) {
Slug: "react-config", Slug: "react-config",
}, },
{ {
Name: "Streaming Example", Name: "Streaming Example",
Path: "dashboards/streaming.json", Path: "dashboards/streaming.json",
Type: "dashboard", Type: "dashboard",
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "streaming-example", Action: plugins.ActionAppAccess,
Slug: "streaming-example",
}, },
{ {
Name: "Lots of Stats", Name: "Lots of Stats",
Path: "dashboards/stats.json", Path: "dashboards/stats.json",
Type: "dashboard", Type: "dashboard",
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "lots-of-stats", Action: plugins.ActionAppAccess,
Slug: "lots-of-stats",
}, },
}, },
Backend: false, Backend: false,

Write Preview
Loading…
Cancel
Save