root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 243 Packages Projects Releases Wiki Activity

Access Control: Make it possible to exclude role grants (#91647)

This commit is contained in:
Alexander Zobnin 2024-08-08 14:11:17 +02:00 committed by GitHub
parent 89ee970ec3
commit 0e5d7633f7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/api/accesscontrol.go
View File

@ -442,6 +442,8 @@ func (hs *HTTPServer) declareFixedRoles() error {
},
},
Grants: []string{"Editor"},
// Don't grant fixed:folders:creator to Admin
Exclude: []string{"Admin"},
}
foldersReaderRole := ac.RoleRegistration{

5
pkg/services/accesscontrol/models.go
View File

@ -26,8 +26,9 @@ var (
// RoleRegistration stores a role and its assignments to built-in roles
// (Viewer, Editor, Admin, Grafana Admin)
type RoleRegistration struct {
Role RoleDTO
Grants []string
Role RoleDTO
Grants []string
Exclude []string
}
// Role is the model for Role in RBAC.