apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
54288 Commits
2296 Branches
613 Tags
1.8 GiB
 
 
 
 
 
 
Tag: Branch: Tree: academo/test-levitate-comment-to-slack
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'academo/test-levitate-comment-to-slack'
${ noResults }
grafana/pkg/setting/settings_rbac.go

61 lines
2.2 KiB
Raw Permalink Blame History

package setting
import (
"github.com/grafana/grafana/pkg/util"
)
type RBACSettings struct {
// Enable permission cache
PermissionCache bool
// Enable Permission validation during role creation and provisioning
PermissionValidationEnabled bool
// Reset basic roles permissions on start-up
ResetBasicRoles bool
// RBAC single organization. This configuration option is subject to change.
SingleOrganization bool
OnlyStoreAccessActionSets bool
// set of resources that should generate managed permissions when created
resourcesWithPermissionsOnCreation map[string]struct{}
// set of resources that should we should seed wildcard scopes for
resourcesWithWildcardSeed map[string]struct{}
}
func (cfg *Cfg) readRBACSettings() {
s := RBACSettings{}
rbac := cfg.Raw.Section("rbac")
s.PermissionCache = rbac.Key("permission_cache").MustBool(true)
s.PermissionValidationEnabled = rbac.Key("permission_validation_enabled").MustBool(false)
s.ResetBasicRoles = rbac.Key("reset_basic_roles").MustBool(false)
s.SingleOrganization = rbac.Key("single_organization").MustBool(false)
s.OnlyStoreAccessActionSets = rbac.Key("only_store_access_action_sets").MustBool(false)
// List of resources to generate managed permissions for upon resource creation (dashboard, folder, service-account, datasource)
resources := util.SplitString(rbac.Key("resources_with_managed_permissions_on_creation").MustString("dashboard, folder, service-account, datasource"))
s.resourcesWithPermissionsOnCreation = map[string]struct{}{}
for _, resource := range resources {
s.resourcesWithPermissionsOnCreation[resource] = struct{}{}
}
// List of resources to seed managed permission wildcards for (dashboard, folder, datasource)
resources = util.SplitString(rbac.Key("resources_with_seeded_wildcard_access").MustString(""))
s.resourcesWithWildcardSeed = map[string]struct{}{}
for _, resource := range resources {
s.resourcesWithWildcardSeed[resource] = struct{}{}
}
cfg.RBAC = s
}
func (r RBACSettings) PermissionsOnCreation(resource string) bool {
_, ok := r.resourcesWithPermissionsOnCreation[resource]
return ok
}
func (r RBACSettings) PermissionsWildcardSeed(resource string) bool {
_, ok := r.resourcesWithWildcardSeed[resource]
return ok
}