public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
53,264 Commits 655 Branches 650 Tags
03e33cd7947e87fcb445aae193b14322b87f9d2a
Commit Graph

11 Commits

Author SHA1 Message Date
grafana-delivery-bot[bot] 278681f173 [v11.2.x] RBAC: Fix an issue with server admins not being able to manage users in orgs that they don't belong to (#92274) 
* RBAC: Fix an issue with server admins not being able to manage users in orgs that they don't belong to (#92024)

* look at global perms if user is not a part of the target org

* use constant

* update tests

(cherry picked from commit 41ac5b5ae7)

* fix tests

---------

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
 2024-08-22 13:30:50 +03:00
Ryan McKinley 9db3bc926e Identity: Rename "namespace" to "type" in the requester interface (#90567) 2024-07-25 12:52:14 +03:00
Alexander Zobnin 87d86e81ce Zanzana: Evaluate permissions alongside with RBAC engine (#90064) 
* Zanzana: Evaluate permissions if feature flag enabled

* Fix tests

* adjust logs

* fix spelling

* remove unused

* only evaluate implemented resources

* refactor
 2024-07-05 11:31:23 +02:00
Ieva 167151b211 Chore: Remove use of deprecated method in AC code (#87541) 
* switch from using cfg to using featuremgmt for checking a feature toggle in AC code

* merge test fixes
 2024-05-10 11:56:52 +01:00
Karl Persson be5ced4287 Identity: Use typed version of namespace id (#87257) 
* Remove different constructors and only use NewNamespaceID

* AdminUser: check typed namespace id

* Identity: Add convinient function to parse valid user id when type is either user or service account

* Annotations: Use typed namespace id instead
 2024-05-08 14:03:53 +02:00
Karl Persson 0fa983ad8e AuthN: Use typed namespace id inside authn package (#86048) 
* authn: Use typed namespace id inside package
 2024-04-24 09:57:34 +02:00
Alexander Zobnin 3127566a20 Access control: Use ResolveIdentity() for authorizing in org (#85549) 
* Access control: Use ResolveIdentity() for authorizing in org

* Fix tests

* Fix middleware tests

* Use ResolveIdentity in HasGlobalAccess() function

* remove makeTmpUser

* Cleanup

* Fix linter errors

* Fix test build

* Remove GetUserPermissionsInOrg()
 2024-04-10 12:42:13 +02:00
Gabriel MABILLE 3df0611f81 RBAC: Fix authorize in org (#81552) 
* RBAC: Fix authorize in org

* Implement option 2

* Fix typo

* Fix alerting test

* Add test to cover the not member case
 2024-02-01 12:37:01 +01:00
Jo 0de66a8099 Authz: Remove use of SignedInUser copy for permission evaluation (#78448) 
* remove use of SignedInUserCopies

* add extra safety to not cross assign permissions

unwind circular dependency

dashboardacl->dashboardaccess

fix missing import

* correctly set teams for permissions

* fix missing inits

* nit: check err

* exit early for api keys
 2023-11-22 14:20:22 +01:00
Jo 48ef88aed7 Access: Fetch fresh permissions for target GlobalOrgID in AuthorizeInOrgMiddleware (#76569) 
fetch fresh permissions for global in AuthorizeInOrgMiddleware

Update pkg/services/accesscontrol/authorize_in_org_test.go

do not load viewer permissions in global ID
 2023-10-13 21:01:47 +03:00
Jo e56b2cae00 MESA: Allow using synced permissions (#71377) 
* wip

* cover authorize in org behavior

* revert export

* fix org tests

* change permissions nit
 2023-07-12 13:28:04 +03:00