root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 157 Packages Projects Releases Wiki Activity
grafana/pkg/api/folder_permission.go

199 lines
6.3 KiB
Go
Raw Normal View History

folders: folder permission api routes
2018-02-20 22:25:16 +08:00
package api
import (
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2023-08-24 21:37:54 +08:00
"context"
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments
2021-11-29 17:18:01 +08:00
"net/http"
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
"time"
Migrate to Wire for dependency injection (#32289) Fixes #30144 Co-authored-by: dsotirakis <sotirakis.dim@gmail.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com> Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Leon Sorokin <leeoniya@gmail.com> Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com> Co-authored-by: spinillos <selenepinillos@gmail.com> Co-authored-by: Karl Persson <kalle.persson@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com>
2021-08-25 21:11:22 +08:00
"github.com/grafana/grafana/pkg/api/apierrors"
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
"github.com/grafana/grafana/pkg/api/dtos"
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
"github.com/grafana/grafana/pkg/api/response"
Add MFolderIDsAPICount metric to count FolderIDs in api package (#80866) * Add MFolderIDsAPICount metric to cound FolderIDs in api package * Change counter to counter vector with method names as string values
2024-01-24 19:39:11 +08:00
"github.com/grafana/grafana/pkg/infra/metrics"
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2023-08-24 21:37:54 +08:00
"github.com/grafana/grafana/pkg/services/auth/identity"
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 15:50:36 +08:00
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
chore/backend: move dashboard errors to dashboard service (#51593) * chore/backend: move dashboard errors to dashboard service Dashboard-related models are slowly moving out of the models package and into dashboard services. This commit moves dashboard-related errors; the rest will come in later commits. There are no logical code changes, this is only a structural (package) move. * lint lint lint
2022-06-30 21:31:54 +08:00
"github.com/grafana/grafana/pkg/services/dashboards"
Authz: Remove use of SignedInUser copy for permission evaluation (#78448) * remove use of SignedInUserCopies * add extra safety to not cross assign permissions unwind circular dependency dashboardacl->dashboardaccess fix missing import * correctly set teams for permissions * fix missing inits * nit: check err * exit early for api keys
2023-11-22 21:20:22 +08:00
"github.com/grafana/grafana/pkg/services/dashboards/dashboardaccess"
Nested Folders: Support getting of nested folder in folder service wh… (#58597) * Nested Folders: Support getting of nested folder in folder service when feature flag is set * Fix lint * Fix some tests * Fix ngalert test * ngalert fix * Fix API tests * Fix some tests and lint * Fix lint 2 * Fix library elements and panels * Add access control to get folder * Cleanup and minor test change
2022-11-11 21:28:24 +08:00
"github.com/grafana/grafana/pkg/services/folder"
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2023-08-24 21:37:54 +08:00
"github.com/grafana/grafana/pkg/services/org"
Chore: replace macaron with web package (#40136) * replace macaron with web package * add web.go
2021-10-11 20:30:59 +08:00
"github.com/grafana/grafana/pkg/web"
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
)
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
// swagger:route GET /folders/{folder_uid}/permissions folder_permissions getFolderPermissionList
//
// Gets all existing permissions for the folder with the given `uid`.
//
// Responses:
// 200: getFolderPermissionListResponse
// 401: unauthorisedError
// 403: forbiddenError
// 404: notFoundError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 15:50:36 +08:00
func (hs *HTTPServer) GetFolderPermissionList(c *contextmodel.ReqContext) response.Response {
Nested Folders: Support getting of nested folder in folder service wh… (#58597) * Nested Folders: Support getting of nested folder in folder service when feature flag is set * Fix lint * Fix some tests * Fix ngalert test * ngalert fix * Fix API tests * Fix some tests and lint * Fix lint 2 * Fix library elements and panels * Add access control to get folder * Cleanup and minor test change
2022-11-11 21:28:24 +08:00
uid := web.Params(c.Req)[":uid"]
Auth: Unfurl OrgID in pkg/api to allow using identity.Requester interface (#76108) Unfurl OrgID in pkg/api to allow using identity.Requester interface
2023-10-06 17:34:36 +08:00
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
if err != nil {
Migrate to Wire for dependency injection (#32289) Fixes #30144 Co-authored-by: dsotirakis <sotirakis.dim@gmail.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com> Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Leon Sorokin <leeoniya@gmail.com> Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com> Co-authored-by: spinillos <selenepinillos@gmail.com> Co-authored-by: Karl Persson <kalle.persson@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com>
2021-08-25 21:11:22 +08:00
return apierrors.ToFolderErrorResponse(err)
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
}
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2023-08-24 21:37:54 +08:00
acl, err := hs.getFolderACL(c.Req.Context(), c.SignedInUser, folder)
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
if err != nil {
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(500, "Failed to get folder permissions", err)
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
}
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2023-01-20 21:58:47 +08:00
filteredACLs := make([]*dashboards.DashboardACLInfoDTO, 0, len(acl))
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
for _, perm := range acl {
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2023-01-20 21:58:47 +08:00
if perm.UserID > 0 && dtos.IsHiddenUser(perm.UserLogin, c.SignedInUser, hs.Cfg) {
Add an option to hide certain users in the UI (#28942) * Add an option to hide certain users in the UI * revert changes for admin users routes * fix sqlstore function name * Improve slice management Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Hidden users: convert slice to map * filter with user logins instead of IDs * put HiddenUsers in Cfg struct * hide hidden users from dashboards/folders permissions list * Update conf/defaults.ini Co-authored-by: Torkel Ödegaard <torkel@grafana.com> * fix params order * fix tests * fix dashboard/folder update with hidden user * add team tests * add dashboard and folder permissions tests * fixes after merge * fix tests * API: add test for org users endpoints * update hidden users management for dashboard / folder permissions * improve dashboard / folder permissions tests * fixes after merge * Guardian: add hidden acl tests * API: add team members tests * fix team sql syntax for postgres * api tests update * fix linter error * fix tests errors after merge Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Torkel Ödegaard <torkel@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com>
2020-11-24 19:10:32 +08:00
continue
}
Add MFolderIDsAPICount metric to count FolderIDs in api package (#80866) * Add MFolderIDsAPICount metric to cound FolderIDs in api package * Change counter to counter vector with method names as string values
2024-01-24 19:39:11 +08:00
metrics.MFolderIDsAPICount.WithLabelValues(metrics.GetFolderPermissionList).Inc()
Chore: Deprecate FolderID from DashboardACLInfoDTO (#77652) * Chore: Deprecate FolderID from DashboardACLInfoDTO * chore: regen specs
2023-11-15 23:29:20 +08:00
// nolint:staticcheck
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2023-01-20 21:58:47 +08:00
perm.FolderID = folder.ID
perm.DashboardID = 0
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
2024-01-23 19:36:22 +08:00
perm.UserAvatarURL = dtos.GetGravatarUrl(hs.Cfg, perm.UserEmail)
permissions: return user and team avatar in folder permissions api
2018-04-04 21:51:19 +08:00
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2023-01-20 21:58:47 +08:00
if perm.TeamID > 0 {
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
2024-01-23 19:36:22 +08:00
perm.TeamAvatarURL = dtos.GetGravatarUrlWithDefault(hs.Cfg, perm.TeamEmail, perm.Team)
permissions: return user and team avatar in folder permissions api
2018-04-04 21:51:19 +08:00
}
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
if perm.Slug != "" {
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2023-01-20 21:58:47 +08:00
perm.URL = dashboards.GetDashboardFolderURL(perm.IsFolder, perm.UID, perm.Slug)
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
}
Add an option to hide certain users in the UI (#28942) * Add an option to hide certain users in the UI * revert changes for admin users routes * fix sqlstore function name * Improve slice management Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Hidden users: convert slice to map * filter with user logins instead of IDs * put HiddenUsers in Cfg struct * hide hidden users from dashboards/folders permissions list * Update conf/defaults.ini Co-authored-by: Torkel Ödegaard <torkel@grafana.com> * fix params order * fix tests * fix dashboard/folder update with hidden user * add team tests * add dashboard and folder permissions tests * fixes after merge * fix tests * API: add test for org users endpoints * update hidden users management for dashboard / folder permissions * improve dashboard / folder permissions tests * fixes after merge * Guardian: add hidden acl tests * API: add team members tests * fix team sql syntax for postgres * api tests update * fix linter error * fix tests errors after merge Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Torkel Ödegaard <torkel@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com>
2020-11-24 19:10:32 +08:00
Rename Acl to ACL (#52342) * Rename Acl to ACL * Fix yaml files * Add xorm tags and fix test
2022-07-18 21:14:58 +08:00
filteredACLs = append(filteredACLs, perm)
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
}
Rename Acl to ACL (#52342) * Rename Acl to ACL * Fix yaml files * Add xorm tags and fix test
2022-07-18 21:14:58 +08:00
return response.JSON(http.StatusOK, filteredACLs)
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
}
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
// swagger:route POST /folders/{folder_uid}/permissions folder_permissions updateFolderPermissions
//
// Updates permissions for a folder. This operation will remove existing permissions if theyre not included in the request.
//
// Responses:
// 200: okResponse
// 401: unauthorisedError
// 403: forbiddenError
// 404: notFoundError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 15:50:36 +08:00
func (hs *HTTPServer) UpdateFolderPermissions(c *contextmodel.ReqContext) response.Response {
Rename Acl to ACL (#52342) * Rename Acl to ACL * Fix yaml files * Add xorm tags and fix test
2022-07-18 21:14:58 +08:00
apiCmd := dtos.UpdateDashboardACLCommand{}
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments
2021-11-29 17:18:01 +08:00
if err := web.Bind(c.Req, &apiCmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
Permissions: Validate against Team/User permission role update (#29101) * validate against role field update * lowercase error string * make all msgs consistent style * fix wording Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * sayonara simple json Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-18 22:36:41 +08:00
if err := validatePermissionsUpdate(apiCmd); err != nil {
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(400, err.Error(), err)
Permissions: Validate against Team/User permission role update (#29101) * validate against role field update * lowercase error string * make all msgs consistent style * fix wording Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * sayonara simple json Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-18 22:36:41 +08:00
}
Nested Folders: Support getting of nested folder in folder service wh… (#58597) * Nested Folders: Support getting of nested folder in folder service when feature flag is set * Fix lint * Fix some tests * Fix ngalert test * ngalert fix * Fix API tests * Fix some tests and lint * Fix lint 2 * Fix library elements and panels * Add access control to get folder * Cleanup and minor test change
2022-11-11 21:28:24 +08:00
uid := web.Params(c.Req)[":uid"]
Auth: Unfurl OrgID in pkg/api to allow using identity.Requester interface (#76108) Unfurl OrgID in pkg/api to allow using identity.Requester interface
2023-10-06 17:34:36 +08:00
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
if err != nil {
Migrate to Wire for dependency injection (#32289) Fixes #30144 Co-authored-by: dsotirakis <sotirakis.dim@gmail.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com> Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Leon Sorokin <leeoniya@gmail.com> Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com> Co-authored-by: spinillos <selenepinillos@gmail.com> Co-authored-by: Karl Persson <kalle.persson@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com>
2021-08-25 21:11:22 +08:00
return apierrors.ToFolderErrorResponse(err)
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
}
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2023-01-20 21:58:47 +08:00
items := make([]*dashboards.DashboardACL, 0, len(apiCmd.Items))
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
for _, item := range apiCmd.Items {
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2023-01-20 21:58:47 +08:00
items = append(items, &dashboards.DashboardACL{
Auth: Unfurl OrgID in pkg/api to allow using identity.Requester interface (#76108) Unfurl OrgID in pkg/api to allow using identity.Requester interface
2023-10-06 17:34:36 +08:00
OrgID: c.SignedInUser.GetOrgID(),
Chore: Deprecate ID from Folder (#78281) * Chore: Deprecate ID from Folder * chore: add more linter comments * chore: add missing lint comment
2023-11-21 04:44:51 +08:00
DashboardID: folder.ID, // nolint:staticcheck
Backend: Rename variables for style conformance (#29097) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-18 00:09:14 +08:00
UserID: item.UserID,
TeamID: item.TeamID,
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
Role: item.Role,
Permission: item.Permission,
Created: time.Now(),
Updated: time.Now(),
})
Add MFolderIDsAPICount metric to count FolderIDs in api package (#80866) * Add MFolderIDsAPICount metric to cound FolderIDs in api package * Change counter to counter vector with method names as string values
2024-01-24 19:39:11 +08:00
metrics.MFolderIDsAPICount.WithLabelValues(metrics.UpdateFolderPermissions).Inc()
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
}
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2023-08-24 21:37:54 +08:00
acl, err := hs.getFolderACL(c.Req.Context(), c.SignedInUser, folder)
Add an option to hide certain users in the UI (#28942) * Add an option to hide certain users in the UI * revert changes for admin users routes * fix sqlstore function name * Improve slice management Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Hidden users: convert slice to map * filter with user logins instead of IDs * put HiddenUsers in Cfg struct * hide hidden users from dashboards/folders permissions list * Update conf/defaults.ini Co-authored-by: Torkel Ödegaard <torkel@grafana.com> * fix params order * fix tests * fix dashboard/folder update with hidden user * add team tests * add dashboard and folder permissions tests * fixes after merge * fix tests * API: add test for org users endpoints * update hidden users management for dashboard / folder permissions * improve dashboard / folder permissions tests * fixes after merge * Guardian: add hidden acl tests * API: add team members tests * fix team sql syntax for postgres * api tests update * fix linter error * fix tests errors after merge Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Torkel Ödegaard <torkel@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com>
2020-11-24 19:10:32 +08:00
if err != nil {
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2023-08-24 21:37:54 +08:00
return response.Error(http.StatusInternalServerError, "Error while checking folder permissions", err)
Add an option to hide certain users in the UI (#28942) * Add an option to hide certain users in the UI * revert changes for admin users routes * fix sqlstore function name * Improve slice management Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Hidden users: convert slice to map * filter with user logins instead of IDs * put HiddenUsers in Cfg struct * hide hidden users from dashboards/folders permissions list * Update conf/defaults.ini Co-authored-by: Torkel Ödegaard <torkel@grafana.com> * fix params order * fix tests * fix dashboard/folder update with hidden user * add team tests * add dashboard and folder permissions tests * fixes after merge * fix tests * API: add test for org users endpoints * update hidden users management for dashboard / folder permissions * improve dashboard / folder permissions tests * fixes after merge * Guardian: add hidden acl tests * API: add team members tests * fix team sql syntax for postgres * api tests update * fix linter error * fix tests errors after merge Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Torkel Ödegaard <torkel@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com>
2020-11-24 19:10:32 +08:00
}
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2023-08-24 21:37:54 +08:00
items = append(items, hs.filterHiddenACL(c.SignedInUser, acl)...)
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
Auth: Unfurl OrgID in pkg/api to allow using identity.Requester interface (#76108) Unfurl OrgID in pkg/api to allow using identity.Requester interface
2023-10-06 17:34:36 +08:00
if err := hs.updateDashboardAccessControl(c.Req.Context(), c.SignedInUser.GetOrgID(), folder.UID, true, items, acl); err != nil {
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2023-08-24 21:37:54 +08:00
return response.Error(http.StatusInternalServerError, "Failed to create permission", err)
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
}
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2023-08-24 21:37:54 +08:00
return response.Success("Folder permissions updated")
}
Authz: Remove use of SignedInUser copy for permission evaluation (#78448) * remove use of SignedInUserCopies * add extra safety to not cross assign permissions unwind circular dependency dashboardacl->dashboardaccess fix missing import * correctly set teams for permissions * fix missing inits * nit: check err * exit early for api keys
2023-11-22 21:20:22 +08:00
var folderPermissionMap = map[string]dashboardaccess.PermissionType{
"View": dashboardaccess.PERMISSION_VIEW,
"Edit": dashboardaccess.PERMISSION_EDIT,
"Admin": dashboardaccess.PERMISSION_ADMIN,
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2023-08-24 21:37:54 +08:00
}
func (hs *HTTPServer) getFolderACL(ctx context.Context, user identity.Requester, folder *folder.Folder) ([]*dashboards.DashboardACLInfoDTO, error) {
permissions, err := hs.folderPermissionsService.GetPermissions(ctx, user, folder.UID)
AC: Remove legacy AC from folders permissions API (#71526) * Remove legacy AC from folder permissions API * Update pkg/api/folder_permission.go --------- Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-07-18 00:21:01 +08:00
if err != nil {
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2023-08-24 21:37:54 +08:00
return nil, err
Access control: Use access control for dashboard and folder (#44702) * Add actions and scopes * add resource service for dashboard and folder * Add dashboard guardian with fgac permission evaluation * Add CanDelete function to guardian interface * Add CanDelete property to folder and dashboard dto and set values * change to correct function name * Add accesscontrol to folder endpoints * add access control to dashboard endpoints * check access for nav links * Add fixed roles for dashboard and folders * use correct package * add hack to override guardian Constructor if accesscontrol is enabled * Add services * Add function to handle api backward compatability * Add permissionServices to HttpServer * Set permission when new dashboard is created * Add default permission when creating new dashboard * Set default permission when creating folder and dashboard * Add access control filter for dashboard search * Add to accept list * Add accesscontrol to dashboardimport * Disable access control in tests * Add check to see if user is allow to create a dashboard * Use SetPermissions * Use function to set several permissions at once * remove permissions for folder and dashboard on delete * update required permission * set permission for provisioning * Add CanCreate to dashboard guardian and set correct permisisons for provisioning * Dont set admin on folder / dashboard creation * Add dashboard and folder permission migrations * Add tests for CanCreate * Add roles and update descriptions * Solve uid to id for dashboard and folder permissions * Add folder and dashboard actions to permission filter * Handle viewer_can_edit flag * set folder and dashboard permissions services * Add dashboard permissions when importing a new dashboard * Set access control permissions on provisioning * Pass feature flags and only set permissions if access control is enabled * only add default permissions for folders and dashboards without folders * Batch create permissions in migrations * Remove `dashboards:edit` action * Remove unused function from interface * Update pkg/services/guardian/accesscontrol_guardian_test.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-03-03 22:05:47 +08:00
}
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2023-08-24 21:37:54 +08:00
acl := make([]*dashboards.DashboardACLInfoDTO, 0, len(permissions))
for _, p := range permissions {
if !p.IsManaged {
continue
}
var role *org.RoleType
if p.BuiltInRole != "" {
tmp := org.RoleType(p.BuiltInRole)
role = &tmp
}
permission := folderPermissionMap[hs.folderPermissionsService.MapActions(p)]
acl = append(acl, &dashboards.DashboardACLInfoDTO{
OrgID: folder.OrgID,
Chore: Deprecate ID from Folder (#78281) * Chore: Deprecate ID from Folder * chore: add more linter comments * chore: add missing lint comment
2023-11-21 04:44:51 +08:00
DashboardID: folder.ID, // nolint:staticcheck
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2023-08-24 21:37:54 +08:00
FolderUID: folder.ParentUID,
Created: p.Created,
Updated: p.Updated,
UserID: p.UserId,
UserLogin: p.UserLogin,
UserEmail: p.UserEmail,
TeamID: p.TeamId,
TeamEmail: p.TeamEmail,
Team: p.Team,
Role: role,
Permission: permission,
PermissionName: permission.String(),
UID: folder.UID,
Title: folder.Title,
URL: folder.WithURL().URL,
IsFolder: true,
Inherited: false,
})
Add MFolderIDsAPICount metric to count FolderIDs in api package (#80866) * Add MFolderIDsAPICount metric to cound FolderIDs in api package * Change counter to counter vector with method names as string values
2024-01-24 19:39:11 +08:00
metrics.MFolderIDsAPICount.WithLabelValues(metrics.GetFolderPermissionList).Inc()
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
}
authz: Clean up acl endpoints and dashboard guardian (#73746) * RBAC: remove unnessisary guardian construction and update tests * RBAC: remove usage of guardian in UpdateFolderPermissions and refactor test * RBAC: remove usage of guardian in update and get permissions for dashboards
2023-08-24 21:37:54 +08:00
return acl, nil
folders: folder permission api routes
2018-02-20 22:25:16 +08:00
}
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
// swagger:parameters getFolderPermissionList
type GetFolderPermissionListParams struct {
// in:path
// required:true
FolderUID string `json:"folder_uid"`
}
// swagger:parameters updateFolderPermissions
type UpdateFolderPermissionsParams struct {
// in:path
// required:true
FolderUID string `json:"folder_uid"`
// in:body
// required:true
Body dtos.UpdateDashboardACLCommand
}
// swagger:response getFolderPermissionListResponse
type GetFolderPermissionsResponse struct {
// in: body
Chore: Remove dashboard ACL from models (#61749) * Remove dashboard ACL from models * Remove unused comment
2023-01-20 21:58:47 +08:00
Body []*dashboards.DashboardACLInfoDTO `json:"body"`
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
}