grafana

Commit Graph

Author	SHA1	Message	Date
Ezequiel Victorero	5039725da6	Snapshots: Add RBAC roles for creating and deleting (#96126 )	7 months ago
maicon	261be0facd	UniStore: Evaluate Folder DTO attributes (#93968 ) * UniStore: Evaluate Folder DTO attributes * Handle AccessControl * Reduce the number of parameters to newToFolderDto * Detach Metadata helpers from HTTPServer * Add tests --------- Signed-off-by: Maicon Costa <maiconscosta@gmail.com>	9 months ago
Alexander Zobnin	0e5d7633f7	Access Control: Make it possible to exclude role grants (#91647 )	11 months ago
Ieva	2e2ddc5c42	Folders: Allow folder editors and admins to create subfolders without any additional permissions (#91215 ) * separate permissions for root level folder creation and subfolder creation * fix tests * fix tests * fix tests * frontend fix * Update pkg/api/accesscontrol.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * fix frontend when action sets are disabled --------- Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>	11 months ago
Jo	0aebb9ee39	Misc: Remove unused params and impossible logic (#83756 ) * remove unused params and impossible logic * remove unused param	1 year ago
Ieva	4d53385d5f	RBAC: allow listing permissions on the root folder (#82184 ) * allow returning AC metadata for the root folder * add a test * share the reserved root folder UID with frontend	1 year ago
Ryan McKinley	1fab107e79	FeatureFlags: Avoid using cfg.IsFeatureToggleEnabled (#81407 )	1 year ago
Ieva	048d1e7c86	RBAC: Annotation permission migration (#78899 ) * add annotation permissions to dashboard managed role and add migrations for annotation permissions * fix a bug with conditional access level definitions * add tests * Update pkg/services/sqlstore/migrations/accesscontrol/dashboard_permissions.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * apply feedback * add batching, fix tests and a typo * add one more test * undo unneeded change * undo unwanted change * only check the default basic permissions for non-OSS instances * account for all wildcards and simplify the check a bit * error handling and extra conditionals to avoid test failures * fix a bug with admin permissions not appearing for folders * fix the OSS check --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	1 year ago
Jo	e77dbb63e3	AccessControl: Add group to role picker and standardize display (#79570 ) * add group to role picker and standardize display * change stuttery roles	1 year ago
Ieva	19ad788333	RBAC: change annotation scopes back (#79330 ) Change the annotation scopes back to what they were	2 years ago
Ieva	c354c7bfff	RBAC: Update fixed annotation roles (#78756 ) * update fixed annotation roles if FlagAnnotationPermissionUpdate is enabled * add dashboard type scope back in the fixed roles to make the migration easier	2 years ago
Ieva	39a30b0c01	Bug fix: add library panel permissions to basic roles (#77144 ) set library panel permissions to basic roles	2 years ago
Ieva	94fec65192	RBAC: introduce a data source admin role (#75915 ) * introduce data source admin role and fix frontend check * introduce fixed roles for data source creator and team reader * add documentation * undo an unintended change	2 years ago
kay delaney	a12cb8cbf3	LibraryPanels: Add RBAC support (#73475 )	2 years ago
Jo	26339f978b	Auth: Move access control API to SignedInUser interface (#73144 ) * move access control api to SignedInUser interface * remove unused code * add logic for reading perms from a specific org * move the specific org logic to org_user.go * add a comment --------- Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>	2 years ago
Michael Mandrus	779e0fe311	Feature Toggles: Create API for updating feature toggle state from the feature toggle admin page (#73022 ) * create roles for writing feature toggles * create update endpoint / handler * api changes * add feature toggle validations * hide toggles based on their state * make FlagFeatureToggle read only * add username log * add username string * refactor for better readability * refactor unit tests so we can do more validations * some skeletoning for the set tests * write unit tests for updater * break helper functions out * update sample ini to match defaults * add more logic to ReadOnly label * add user documentation * fix lint issue * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: J Stickler <julie.stickler@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: J Stickler <julie.stickler@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: J Stickler <julie.stickler@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: J Stickler <julie.stickler@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: J Stickler <julie.stickler@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: J Stickler <julie.stickler@grafana.com> --------- Co-authored-by: IbrahimCSAE <ibrahim.mdev@gmail.com> Co-authored-by: J Stickler <julie.stickler@grafana.com>	2 years ago
João Calisto	4ba83173ea	Feature toggles management: Define get feature toggles api (#72106 ) * Feature Toggle Management: Define get feature toggles api * lint	2 years ago
Ieva	d8b66d5c4b	RBAC: remove some `IsDisabled` checks (#69272 ) * remove some access contorl IsDisabled() checks * cleaning up tests * update tests * linting	2 years ago
Will Browne	31d6416157	Plugins: Migrate licensing and access control to pkg/services/pluginsintegration package (#65258 ) * migrate licensing + access control * update package name	2 years ago
Jo	6b6cf5f4b7	Cfg: Move ViewersCanEdit into cfg (#64876 ) move ViewersCanEdit into cfg	2 years ago
idafurjes	6c5a573772	Chore: Move ReqContext to contexthandler service (#62102 ) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports	2 years ago
Karl Persson	6d1bcd9f40	DataSourcePermissions: Handle licensing properly for ds permissions (#59694 ) * RBAC: add viewer grand if dspermissions enforcement is not enabled * RBAC: Change permissions based on role prefix * RBAC: Add option to for permission service to add a license middleware * RBAC: Remove actions from query struct	3 years ago
Torkel Ödegaard	09f4068849	NavTree: Refactor out the navtree building from api/index.go and into it's own service (#55552 )	3 years ago
Gabriel MABILLE	101349fe49	RBAC: Add permissions to install and configure plugins (#51829 ) * RBAC: Allow app plugins restriction Co-authored-by: Kalle Persson <kalle.persson@grafana.com> * Moving declaration to HttpServer Co-Authored-By: marefr <marcus.efraimsson@gmail.com> * Picking changes from the other branch Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com> * Rename plugins.settings to plugins Co-authored-by: Kalle Persson <kalle.persson@grafana.com> * Account for PluginAdminExternalManageEnabled Co-authored-by: Will Browne <will.browne@grafana.com> * Set metadata on instantiation Co-authored-by: Jguer <joao.guerreiro@grafana.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: marefr <marcus.efraimsson@gmail.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com> Co-authored-by: Will Browne <will.browne@grafana.com> Co-authored-by: Jguer <joao.guerreiro@grafana.com>	3 years ago
Ezequiel Victorero	bcab0194f1	PublicDashboards: disable form if user does not has permissions (#54853 )	3 years ago
Ezequiel Victorero	bfa35ff8d8	PublicDashboards: Add RBAC to secured endpoints (#54544 )	3 years ago
Karl Persson	5a1b9d2283	RBAC: Remove DeclareFixedRoles wrapper on Access control and inject service (#54153 ) * RBAC: Remove DeclareFixedRoles wrapper on Access control and inject service when needed	3 years ago
idafurjes	6afad51761	Move SignedInUser to user service and RoleType and Roles to org (#53445 ) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2	3 years ago
Ieva	b590c1c60f	Access Control: Set permissions for Grafana's test data source (#53247 ) * set permissions for Grafana's test data source * linting	3 years ago
Ieva	0d324e931d	Access Control: Allow org admins to invite new users (#52894 ) * allow org admins to invite new users to Grafana * doc updates * fix test	3 years ago
Ieva	b3a10202d4	Revert "Service accounts: Add service account to teams" (#52710 ) * Revert "Service accounts: Add service account to teams (#51536)" This reverts commit `0f919671e7`. * remove unneeded line * fix test	3 years ago
Jean-Philippe Quéméner	41790083d2	Alerting: Add file provisioning for alert rules (#51635 )	3 years ago
Gabriel MABILLE	5975c4bc6d	RBAC: Allow app plugins access restriction (#51524 ) * RBAC: Allow app plugins restriction Co-authored-by: Kalle Persson <kalle.persson@grafana.com> * Fix tests * Imports * WIP * Adding RBAC to AppPluginsRoutes * Switching middleware order * Restrict access to resources * Nit * Cosmetic changes * Fix fallback * Moving declaration to HttpServer Co-Authored-By: marefr <marcus.efraimsson@gmail.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: marefr <marcus.efraimsson@gmail.com>	3 years ago
Ieva	0c33b9f211	Access control: Allow organisation admins to add existing users to org (#51668 ) * check users with user add permission to access the invite endpoint * undo unneeded changes * tests and cleanup * linting * linting * betterer * betterer again * fix prettier issue Co-authored-by: jguer <joao.guerreiro@grafana.com>	3 years ago
Ieva	d85df0a560	Service Accounts: Managed permissions for service accounts (#51818 ) * backend changes * frontend changes * linting * nit * import order * allow SA creator to access the SA page * fix merge * tests * fix frontend tests Co-authored-by: alexanderzobnin alexanderzobnin@gmail.com	3 years ago
Eric Leijonmarck	0f919671e7	Service accounts: Add service account to teams (#51536 ) * Revert "Serviceaccounts: #48995 Do not display service accounts assigned to team (#48995)" This reverts commit `cbf71fbd7f`. * fix: test to not include more actions than necessary * adding service accounts to teams - backend and frontend changes * also support SA addition through the old team membership endpoints * fix tests * tests * serviceaccounts permission tests * serviceaccounts permission service tests run * added back test that was removed by accident * lint * refactor: add testoptionsTeams * fix a bug * service account picker change * explicitly set SA managed permissions to false for dash and folders * lint * allow team creator to list service accounts Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>	3 years ago
Karl Persson	b9bb0513e3	Remove version property from fixed roles (#51298 )	3 years ago
Karl Persson	1796a1d277	AccessControl: Grant data source reader to all users when running oss (#49514 ) * grant data source reader to all users when running oss or enterprise without license * fix asserts in alerting tests * add oss licensing service for test setup * fix tests to pass in enterprise * lint * fix tests * set setting.IsEnterprise flag for tests Co-authored-by: Yuriy Tseretyan <yuriy.tseretyan@grafana.com>	3 years ago
Karl Persson	2738d1c557	Access Control: Move dashboard actions and create scope provider (#48618 ) * Move dashboard actions and create scope provider	3 years ago
Vardan Torosyan	cbd2d09d70	Update API Keys UI to adjust based on users permissions (#47802 ) * Update API Keys UI to adjust based on users permissions Since API Keys support now RBAC we need to ensure that UI is adjusted based on the user permissions. * Applying PR suggestions	3 years ago
Vardan Torosyan	782ec05d8c	Create fixed roles for reading API Keys and service accounts and fix listing of service account tokens (#47767 ) * Create fixed roles for reading API Keys and service accounts * Handle PR comments and fix the listing of token	3 years ago
Ieva	e50bd5cac8	Access control: expose SA frontend to users with the right permissions (#47727 ) * expose frontend to users with permissions * cover the ui endpoints * fix permissions	3 years ago
Ieva	bc9b5325a0	update docs, simplify actions and scopes (#47067 )	3 years ago
Karl Persson	a5e4a533fa	Access control: use uid for dashboard and folder scopes (#46807 ) * use uid:s for folder and dashboard permissions * evaluate folder and dashboard permissions based on uids * add dashboard.uid to accept list * Check for exact suffix * Check parent folder on create * update test * drop dashboard:create actions with dashboard scope * fix typo * AccessControl: test id 0 scope conversion * AccessControl: store only parent folder UID * AccessControl: extract general as a constant * FolderServices: Prevent creation of a folder uid'd general * FolderServices: Test folder creation prevention * Update pkg/services/guardian/accesscontrol_guardian.go * FolderServices: fix mock call expect * FolderServices: remove uneeded mocks Co-authored-by: jguer <joao.guerreiro@grafana.com>	3 years ago
Gabriel MABILLE	3440e7c8f7	AccessControl: Fix locked role picker in orgs/edit page (#46539 ) * AccessControl: Fix locked role picker in orgs/edit page * Use correct org when computing metadata	3 years ago
Ezequiel Victorero	c5f295b5b3	Access Control: adding FGAC validation to mass delete annotation endpoint (#46846 ) * Access Control: adding FGAC validation to mass delete annotation endpoint	3 years ago
Ezequiel Victorero	c717320942	Adding FGAC annotations validation for creation and deletion (#46736 ) Access Control: Adding FGAC annotations validation for creation and deletion Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>	3 years ago
Karl Persson	7ab1ef8d6e	Access Control: Support other attributes than id for resource permissions (#46727 ) * Add option to set ResourceAttribute for a permissions service * Use prefix in access control sql filter to parse scopes * Use prefix in access control metadata to check access	3 years ago
Ieva	f2450575b3	Access control: FGAC for annotation updates (#46462 ) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>	3 years ago
Karl Persson	d27ff42376	Access control: Move data source actions and scopes to datasource package (#46594 ) * Add permission actions and id scope * Remove scope and actions variable prefix * Move page evaluators and rename them	3 years ago

1 2

55 Commits (3cad9331fa311621648090ae706d0b98ea67a9a7)