grafana

Commit Graph

Author	SHA1	Message	Date
Jo	48ef88aed7	Access: Fetch fresh permissions for target GlobalOrgID in AuthorizeInOrgMiddleware (#76569 ) fetch fresh permissions for global in AuthorizeInOrgMiddleware Update pkg/services/accesscontrol/authorize_in_org_test.go do not load viewer permissions in global ID	2 years ago
Ryan McKinley	025b2f3011	Chore: use any rather than interface{} (#74066 )	2 years ago
Jo	26339f978b	Auth: Move access control API to SignedInUser interface (#73144 ) * move access control api to SignedInUser interface * remove unused code * add logic for reading perms from a specific org * move the specific org logic to org_user.go * add a comment --------- Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>	2 years ago
Karl Persson	16d24a8429	RBAC: remove LoadPermissionsMiddleware (#73228 ) * PubDash: remove LoadPermissionMiddleware from tests * RBAC: Remove unused LoadPermission middleware	2 years ago
Jo	e56b2cae00	MESA: Allow using synced permissions (#71377 ) * wip * cover authorize in org behavior * revert export * fix org tests * change permissions nit	2 years ago
Ieva	a65cb4d808	RBAC: remove simple RBAC disabled checks (#71137 ) * remove simple RBAC disabled checks * fixing tests * remove old AC tests	2 years ago
Ieva	4980b64274	RBAC: Remove legacy ac from authorization middleware (#68898 ) remove legacy AC fallback from RBAC middleware, and some unused auth logic	2 years ago
Karl Persson	382b24742a	Auth: Add feature flag to move token rotation to client (#65060 ) * FeatureToggle: Add toggle to use a new way of rotating tokens * API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd * Auth: Aling not authorized handling between auth middleware and access control middleware * API: add utility function to get redirect for login * API: Handle token rotation redirect for login page * Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request * ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * Cookies: Add option NotHttpOnly * AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated * AuthN: Add function to delete session cookie and set expiry cookie Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2 years ago
Sofia Papagiannaki	fde96c91c1	Chore: Differentiate the ErrOrgNotFound error messages (#64131 ) * Better org not found error messages	2 years ago
idafurjes	6c5a573772	Chore: Move ReqContext to contexthandler service (#62102 ) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports	2 years ago
idafurjes	bb35f37b66	Chore: Delete org model duplicates (#60940 ) * Delete org model duplicates * Fix lint * Move OrgDetailsDTO to org pkg	2 years ago
Karl Persson	fef1e1d5bc	Auth: Refactor auth package (#58920 ) * Auth: move interface to its own file * Auth: move to test package * Auth: move quota consts to auth file * Auth: move service to impl package * Auth: move interfaces and related models to auth package * Auth: Create sub package and type alias to avoid circular dependency	3 years ago
Kristina	5d7d54d076	Auth: Write the redirect cookie if denied - do not write a blank redirect (#57381 ) * Write the redirect cookie if denied - do not write a blank redirect * Remove redundant code, reverse polarity	3 years ago
Emil Tullstedt	bb479e030a	RBAC: Redirect to /login when forceLogin is set (#56469 )	3 years ago
idafurjes	a863a4d95d	Chore: Copy user methods over to user store (#56000 ) * Chore: Copy user methods over to user store * Fix some tests and bugs * Add some more tests * Move tests to user store * Move back the tests * Add some tests	3 years ago
Karl Persson	bcd7afd1f5	RBAC: Remove service dependency in Evaluator component (#54910 ) * RBAC: Remove service dependency for Evaluator component * RBAC: Add service and load permissions in target org if they are not there * RBAC: Use service if we need to load permissions for org * API: remove service injection into evaluator * API: set new user for each request in tests * PublicDashboards: Use fake service to provide permissions * RBAC: Set org id for dashboard provisioning user	3 years ago
Karl Persson	55c7b8add2	RBAC: Split up service into several components (#54002 ) * RBAC: Rename interface to Store * RBAC: Move ranme scopeInjector * RBAC: Rename files to service * RBAC: Rename to service * RBAC: Split up accesscontrol into two components * RBAC: Add DeclareFixedRoles to AccessControl interface * Wire: Fix wire bindings * RBAC: Move resolvers to root * RBAC: Remove invalid test * RBAC: Inject access control service * RBAC: Implement the RoleRegistry interface in fake	3 years ago
idafurjes	fa2e74cd6e	Chore: Remove GetSignedInUserWithCacheCtx from store interface (#53734 ) * Remove delete suer from store interface * Remove get signed in user with cache ctx from store interface * Support options when setting up access control tests * Fix broken tests * Fix lint * Add user fake to middleware * Fix middleware tests, remove usertest being initialised twice Co-authored-by: Karl Persson <kalle.persson@grafana.com>	3 years ago
idafurjes	a14621fff6	Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343 ) * Chore: Add user service method SetUsingOrg * Chore: Add user service method GetSignedInUserWithCacheCtx * Use method GetSignedInUserWithCacheCtx from user service * Fix lint after rebase * Fix lint * Fix lint error * roll back some changes * Roll back changes in api and middleware * Add xorm tags to SignedInUser ID fields	3 years ago
idafurjes	6afad51761	Move SignedInUser to user service and RoleType and Roles to org (#53445 ) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2	3 years ago
Karl Persson	e9a93ebfc9	Access Control: Move access control middlewares to domain package (#48322 ) * Move access control middleware to domain package	3 years ago
Gabriel MABILLE	3440e7c8f7	AccessControl: Fix locked role picker in orgs/edit page (#46539 ) * AccessControl: Fix locked role picker in orgs/edit page * Use correct org when computing metadata	3 years ago
Gabriel MABILLE	6fbf346747	AccessControl: Add endpoint to get user permissions (#45309 ) * AccessControl: Add endpoint to get user permissions Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com> * Fix SA tests * Linter is wrong :p * Wait I was wrong * Adding the route for teams:creator too Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>	3 years ago
idafurjes	1b286e6bb5	Remove bus from quota, preferences, plugins, user_token (#44762 ) * Remove bus from quota, preferences, plugins, user_token * Bind sqlstore.Store to sqlstore.SQLStore Fix test * Fix sqlstore wire injection, dependency	3 years ago
J Guerreiro	2894f07f05	AccessControl: improve denied message (#44551 ) * AccessControl: improve denied message * AccessControl: tweak permission denied	3 years ago
Gabriel MABILLE	54280fc9d7	AccessControl: Resolve `attribute` based scopes to `id` based scopes (#40742 ) * AccessControl: POC scope attribute resolution Refactor based on ScopeMutators test errors and calls to cache Add comments to tests Rename logger Create keywordMutator only once * AccessControl: Add AttributeScopeResolver registration Co-authored-by: gamab <gabriel.mabille@grafana.com> * AccessControl: Add AttributeScopeResolver to datasources Co-authored-by: gamab <gabriel.mabille@grafana.com> * Test evaluation with translation * fix imports * AccessControl: Test attribute resolver * Fix trailing white space * Make ScopeResolver public for enterprise redefine * Handle wildcard Co-authored-by: Jguer <joao.guerreiro@grafana.com> Co-authored-by: jguer <joao.guerreiro@grafana.com>	3 years ago
ying-jeanne	7422789ec7	Remove Macaron ParamsInt64 function from code base (#43810 ) * draft commit * change all calls * Compilation errors	3 years ago
J Guerreiro	a0cf57b5b8	AccessControl: Reduce tone of access error (#43601 )	3 years ago
Karl Persson	c3ca2d214d	Access control: Refactor managed permission system to create api and frontend components (#42540 ) * Refactor resource permissions * Add frondend components for resource permissions Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	3 years ago
Karl Persson	9558c09a7c	Access Control: Store permissions on SignedInUser (#43040 ) * add permission structure to signedinuser * add middleware to load user permissions into signedinuser struct * apply LoadPermissionsMiddleware to http server * check for permissions in signedinuser struct Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	4 years ago
Gabriel MABILLE	818b8739c0	AccessControl: Remove scopes from orgs endpoints (#41709 ) * AccessControl: Check permissions in target org * Remove org scopes and add an authorizeInOrg middleware * Use query result org id and perform users permission check globally for GetOrgByName * Remove scope translation for orgs current * Suggestion from Ieva	4 years ago
Emil Tullstedt	3b637f4b44	Access control: Redirect non-API calls (#41100 )	4 years ago
Serge Zaitsev	57fcfd578d	Chore: replace macaron with web package (#40136 ) * replace macaron with web package * add web.go	4 years ago
Gabriel MABILLE	458371c8eb	AccessControl: Extend scope parameters with extra params from context (#39722 ) * AccessControl: Extend scope parameters with extra params from context Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	4 years ago
Serge Zaitsev	063160aae2	Chore: pass url parameters through context.Context (#38826 ) * pass url parameters through context.Context * fix url param names without colon prefix * change context params to vars * replace url vars in tests using new api * rename vars to params * add some comments * rename seturlvars to seturlparams	4 years ago
Karl Persson	7ebf4027a7	Access Control: refactor permission evaluator to be more flexible (#35996 ) * add a more flexible way to create permissions * update interface for accesscontrol to use new eval interface * use new eval interface * update middleware to use new eval interface * remove evaluator function and move metrics to service * add tests for accesscontrol middleware * Remove failed function from interface and update inejct to create a new evaluator * Change name * Support Several sopes for a permission * use evaluator and update fakeAccessControl * Implement String that will return string representation of permissions for an evaluator Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	4 years ago
Emil Tullstedt	c2e761f28e	Access control: Attach ID to error message (#33472 )	4 years ago
Vardan Torosyan	9f82eac833	Access control: Add access control based permissions to admins/users (#32409 ) Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	4 years ago
Alexander Zobnin	823f0bc460	Access Control: move features to Enterprise (#32640 ) * Move db package WIP * Implement OSS access control * Register OSS access control * Fix linter error in tests * Fix linter error in evaluator * Simplify OSS tests * Optimize builtin roles * Chore: add comments to the exported functions * Remove init from ossaccesscontrol package (moved to ext) * Add access control as a dependency for http server * Modify middleware to receive fallback function * Middleware: refactor fallback function call * Move unused models to enterprise * Simplify AccessControl type * Chore: use bool IsDisabled() method instead of CanBeDisabled interface	4 years ago
Alexander Zobnin	20bd591bea	Access control: Basic structure and functionality behind feature toggle (#31893 ) Co-authored-by: Alexander Zobnin <alexander.zobnin@grafana.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Arve Knudsen <arve.knudsen@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@grafana.com>	4 years ago

21 Commits (3a2e96b0dbe6a26ed340764957c141834bb6aef0)