public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62,534 Commits 655 Branches 650 Tags
054e12b1aca94dea145f15475f80076c279ea20b
Commit Graph

67 Commits

Author SHA1 Message Date
Jo
edcd113054 Authz: Remove legacy API Key permissions (#110860) 
* remove API key roles

* remove API key gen

* remove frontend and doc mentions

* restore legacy keygen

* restore codeowners

* prettier

* update swagger

* remove permissions including apikeys

* add migrator for removing deprecated permissions

* add tracing

* update openapi3

* simplify migrator for now

* accesscontrol/migrator: remove batching for deprecated permissions deletion
 2025-09-12 13:59:37 +02:00
Mariell Hoversholm
757be6365a CI: Bump golangci-lint to 2.0.2 (#103572) 2025-04-10 14:42:23 +02:00
Cory Forseth
4caa9853cb Authorization: Add group to role DisplayName to make filtered list more clear (#102950) 
* add group to role DisplayName to make searching easier

* clean up more role names; add filtered display text when fetching

* pass filter state into role menu to decide how to display role name

* prop name better describes what it does
 2025-04-08 09:15:03 -05:00
Eric Leijonmarck
1c07fd3d4f feat: add ft and add datasource:explore to viewers for viewers_can_edit (#103251) 
* feat: add ft and add datasource:explore to viewers for viewers_can_edit

* removed the feature toggle

* remove file
 2025-04-02 12:25:42 +03:00
Eric Leijonmarck
169b0eb5f5 Config: Removes setting viewers_can_edit (#102275) 
Revert "Revert "Config: Removes setting `viewers_can_edit` (#101767)" (#102191)"

This reverts commit 56c896fa72.
 2025-03-25 13:55:59 +00:00
Eric Leijonmarck
56c896fa72 Revert "Config: Removes setting viewers_can_edit (#101767)" (#102191) 
This reverts commit d3a9c04562.
 2025-03-14 13:39:59 +00:00
Eric Leijonmarck
d3a9c04562 Config: Removes setting viewers_can_edit (#101767) 
Reapply "Authz: Removes setting `viewers_can_edit`" (#101528)

This reverts commit 5f6b00a72f.
 2025-03-14 08:38:48 +00:00
Eric Leijonmarck
94020aa9cd Config: Remove setting editors_can_admin (#101607) 
* Remove editors can admin

* delete file

* add ac_test back

* Add linting ignore

* more static ignore
 2025-03-12 16:25:23 +00:00
Ieva
5f6b00a72f Revert "Authz: Removes setting viewers_can_edit" (#101528) 
Revert "Authz: Removes setting `viewers_can_edit` (#101265)"

This reverts commit 4ce41acade.
 2025-03-03 20:26:55 +02:00
Sven Grossmann
b5faf5d9a1 Drilldown: Require datasources:explore RBAC action (#101366) 
Drilldown: Require `datasources:explore` acton
 2025-02-26 17:33:05 +01:00
Eric Leijonmarck
4ce41acade Authz: Removes setting viewers_can_edit (#101265) 
* Removes setting `viewers_can_edit`

* Update public/app/features/dashboard-scene/scene/NavToolbarActions.tsx

Co-authored-by: Jo <joao.guerreiro@grafana.com>

* formatting

---------

Co-authored-by: Jo <joao.guerreiro@grafana.com>
 2025-02-26 13:41:23 +00:00
Andre Pereira
e54149e551 Explore: Move drilldown apps from Explore to a new navbar item "Drilldown" (#100409) 
* Move drilldown apps from Explore to a new navbar item "Drilldown"

* Commit make i18n-extract

* Update drilldown icon

* Added alert to explore with call out to drilldown apps

* Add isNew field for nav item which shows a "New!" badge on the navbar and expands it by default

* Fix e2e test
 2025-02-20 17:56:55 +00:00
Ezequiel Victorero
5039725da6 Snapshots: Add RBAC roles for creating and deleting (#96126) 2024-11-26 09:13:17 -03:00
maicon
261be0facd UniStore: Evaluate Folder DTO attributes (#93968) 
* UniStore: Evaluate Folder DTO attributes

* Handle AccessControl

* Reduce the number of parameters to newToFolderDto

* Detach Metadata helpers from HTTPServer

* Add tests

---------

Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
 2024-10-07 12:08:16 +02:00
Alexander Zobnin
0e5d7633f7 Access Control: Make it possible to exclude role grants (#91647) 2024-08-08 14:11:17 +02:00
Ieva
2e2ddc5c42 Folders: Allow folder editors and admins to create subfolders without any additional permissions (#91215) 
* separate permissions for root level folder creation and subfolder creation

* fix tests

* fix tests

* fix tests

* frontend fix

* Update pkg/api/accesscontrol.go

Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>

* fix frontend when action sets are disabled

---------

Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
 2024-08-01 18:20:38 +03:00
Jo
0aebb9ee39 Misc: Remove unused params and impossible logic (#83756) 
* remove unused params and impossible logic

* remove unused param
 2024-03-01 12:08:00 +01:00
Ieva
4d53385d5f RBAC: allow listing permissions on the root folder (#82184) 
* allow returning AC metadata for the root folder

* add a test

* share the reserved root folder UID with frontend
 2024-02-15 16:13:14 +00:00
Ryan McKinley
1fab107e79 FeatureFlags: Avoid using cfg.IsFeatureToggleEnabled (#81407) 2024-01-28 15:22:45 -08:00
Ieva
048d1e7c86 RBAC: Annotation permission migration (#78899) 
* add annotation permissions to dashboard managed role and add migrations for annotation permissions

* fix a bug with conditional access level definitions

* add tests

* Update pkg/services/sqlstore/migrations/accesscontrol/dashboard_permissions.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* apply feedback

* add batching, fix tests and a typo

* add one more test

* undo unneeded change

* undo unwanted change

* only check the default basic permissions for non-OSS instances

* account for all wildcards and simplify the check a bit

* error handling and extra conditionals to avoid test failures

* fix a bug with admin permissions not appearing for folders

* fix the OSS check

---------

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
 2024-01-26 17:17:29 +00:00
Jo
e77dbb63e3 AccessControl: Add group to role picker and standardize display (#79570) 
* add group to role picker and standardize display

* change stuttery roles
 2024-01-18 15:20:28 +01:00
Ieva
19ad788333 RBAC: change annotation scopes back (#79330) 
Change the annotation scopes back to what they were
 2023-12-12 09:51:08 +02:00
Ieva
c354c7bfff RBAC: Update fixed annotation roles (#78756) 
* update fixed annotation roles if FlagAnnotationPermissionUpdate is enabled

* add dashboard type scope back in the fixed roles to make the migration easier
 2023-12-01 14:50:55 +00:00
Ieva
39a30b0c01 Bug fix: add library panel permissions to basic roles (#77144) 
set library panel permissions to basic roles
 2023-10-25 18:44:55 +01:00
Ieva
94fec65192 RBAC: introduce a data source admin role (#75915) 
* introduce data source admin role and fix frontend check

* introduce fixed roles for data source creator and team reader

* add documentation

* undo an unintended change
 2023-10-19 14:36:41 +01:00
kay delaney
a12cb8cbf3 LibraryPanels: Add RBAC support (#73475) 2023-10-12 00:30:50 +01:00
Jo
26339f978b Auth: Move access control API to SignedInUser interface (#73144) 
* move access control api to SignedInUser interface

* remove unused code

* add logic for reading perms from a specific org

* move the specific org logic to org_user.go

* add a comment

---------

Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
 2023-08-18 11:42:18 +01:00
Michael Mandrus
779e0fe311 Feature Toggles: Create API for updating feature toggle state from the feature toggle admin page (#73022) 
* create roles for writing feature toggles

* create update endpoint / handler

* api changes

* add feature toggle validations

* hide toggles based on their state

* make FlagFeatureToggle read only

* add username log

* add username string

* refactor for better readability

* refactor unit tests so we can do more validations

* some skeletoning for the set tests

* write unit tests for updater

* break helper functions out

* update sample ini to match defaults

* add more logic to ReadOnly label

* add user documentation

* fix lint issue

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: J Stickler <julie.stickler@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: J Stickler <julie.stickler@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: J Stickler <julie.stickler@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: J Stickler <julie.stickler@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: J Stickler <julie.stickler@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: J Stickler <julie.stickler@grafana.com>

---------

Co-authored-by: IbrahimCSAE <ibrahim.mdev@gmail.com>
Co-authored-by: J Stickler <julie.stickler@grafana.com>
 2023-08-09 11:32:28 -04:00
João Calisto
4ba83173ea Feature toggles management: Define get feature toggles api (#72106) 
* Feature Toggle Management: Define get feature toggles api

* lint
 2023-07-24 16:12:59 -04:00
Ieva
d8b66d5c4b RBAC: remove some IsDisabled checks (#69272) 
* remove some access contorl IsDisabled() checks

* cleaning up tests

* update tests

* linting
 2023-05-31 09:58:57 +01:00
Will Browne
31d6416157 Plugins: Migrate licensing and access control to pkg/services/pluginsintegration package (#65258) 
* migrate licensing + access control

* update package name
 2023-03-27 11:15:37 +02:00
Jo
6b6cf5f4b7 Cfg: Move ViewersCanEdit into cfg (#64876) 
move ViewersCanEdit into cfg
 2023-03-16 10:54:01 +01:00
idafurjes
6c5a573772 Chore: Move ReqContext to contexthandler service (#62102) 
* Chore: Move ReqContext to contexthandler service

* Rename package to contextmodel

* Generate ngalert files

* Remove unused imports
 2023-01-27 08:50:36 +01:00
Karl Persson
6d1bcd9f40 DataSourcePermissions: Handle licensing properly for ds permissions (#59694) 
* RBAC: add viewer grand if dspermissions enforcement is not enabled

* RBAC: Change permissions based on role prefix

* RBAC: Add option to for permission service to add a license middleware

* RBAC: Remove actions from query struct
 2022-12-02 13:19:14 +01:00
Torkel Ödegaard
09f4068849 NavTree: Refactor out the navtree building from api/index.go and into it's own service (#55552) 2022-09-22 22:04:48 +02:00
Gabriel MABILLE
101349fe49 RBAC: Add permissions to install and configure plugins (#51829) 
* RBAC: Allow app plugins restriction

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>

* Moving declaration to HttpServer

Co-Authored-By: marefr <marcus.efraimsson@gmail.com>

* Picking changes from the other branch

Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>

* Rename plugins.settings to plugins

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>

* Account for PluginAdminExternalManageEnabled

Co-authored-by: Will Browne <will.browne@grafana.com>

* Set metadata on instantiation

Co-authored-by: Jguer <joao.guerreiro@grafana.com>

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: marefr <marcus.efraimsson@gmail.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
Co-authored-by: Will Browne <will.browne@grafana.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
 2022-09-09 09:44:50 +02:00
Ezequiel Victorero
bcab0194f1 PublicDashboards: disable form if user does not has permissions (#54853) 2022-09-07 18:29:01 -03:00
Ezequiel Victorero
bfa35ff8d8 PublicDashboards: Add RBAC to secured endpoints (#54544) 2022-09-05 12:22:39 -03:00
Karl Persson
5a1b9d2283 RBAC: Remove DeclareFixedRoles wrapper on Access control and inject service (#54153) 
* RBAC: Remove DeclareFixedRoles wrapper on Access control and inject service when needed
 2022-08-26 09:59:34 +02:00
idafurjes
6afad51761 Move SignedInUser to user service and RoleType and Roles to org (#53445) 
* Move SignedInUser to user service and RoleType and Roles to org

* Use go naming convention for roles

* Fix some imports and leftovers

* Fix ldap debug test

* Fix lint

* Fix lint 2

* Fix lint 3

* Fix type and not needed conversion

* Clean up messages in api tests

* Clean up api tests 2
 2022-08-10 11:56:48 +02:00
Ieva
b590c1c60f Access Control: Set permissions for Grafana's test data source (#53247) 
* set permissions for Grafana's test data source

* linting
 2022-08-05 10:19:50 +03:00
Ieva
0d324e931d Access Control: Allow org admins to invite new users (#52894) 
* allow org admins to invite new users to Grafana

* doc updates

* fix test
 2022-07-27 17:37:27 +01:00
Ieva
b3a10202d4 Revert "Service accounts: Add service account to teams" (#52710) 
* Revert "Service accounts: Add service account to teams (#51536)"

This reverts commit 0f919671e7.

* remove unneeded line

* fix test
 2022-07-26 09:43:29 +01:00
Jean-Philippe Quéméner
41790083d2 Alerting: Add file provisioning for alert rules (#51635) 2022-07-14 23:53:13 +02:00
Gabriel MABILLE
5975c4bc6d RBAC: Allow app plugins access restriction (#51524) 
* RBAC: Allow app plugins restriction

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>

* Fix tests

* Imports

* WIP

* Adding RBAC to AppPluginsRoutes

* Switching middleware order

* Restrict access to resources

* Nit

* Cosmetic changes

* Fix fallback

* Moving declaration to HttpServer

Co-Authored-By: marefr <marcus.efraimsson@gmail.com>

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: marefr <marcus.efraimsson@gmail.com>
 2022-07-08 13:24:09 +02:00
Ieva
0c33b9f211 Access control: Allow organisation admins to add existing users to org (#51668) 
* check users with user add permission to access the invite endpoint

* undo unneeded changes

* tests and cleanup

* linting

* linting

* betterer

* betterer again

* fix prettier issue

Co-authored-by: jguer <joao.guerreiro@grafana.com>
 2022-07-08 12:07:00 +01:00
Ieva
d85df0a560 Service Accounts: Managed permissions for service accounts (#51818) 
* backend changes

* frontend changes

* linting

* nit

* import order

* allow SA creator to access the SA page

* fix merge

* tests

* fix frontend tests

Co-authored-by: alexanderzobnin alexanderzobnin@gmail.com
 2022-07-08 05:53:18 -04:00
Eric Leijonmarck
0f919671e7 Service accounts: Add service account to teams (#51536) 
* Revert "Serviceaccounts: #48995

Do not display service accounts assigned to team (#48995)"

This reverts commit cbf71fbd7f.

* fix: test to not include more actions than necessary

* adding service accounts to teams - backend and frontend changes

* also support SA addition through the old team membership endpoints

* fix tests

* tests

* serviceaccounts permission tests

* serviceaccounts permission service tests run

* added back test that was removed by accident

* lint

* refactor: add testoptionsTeams

* fix a bug

* service account picker change

* explicitly set SA managed permissions to false for dash and folders

* lint

* allow team creator to list service accounts

Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
 2022-07-06 05:34:36 -04:00
Karl Persson
b9bb0513e3 Remove version property from fixed roles (#51298) 2022-06-23 12:09:03 +02:00
Karl Persson
1796a1d277 AccessControl: Grant data source reader to all users when running oss (#49514) 
* grant data source reader to all users when running oss or enterprise
without license

* fix asserts in alerting tests

* add oss licensing service for test setup

* fix tests to pass in enterprise

* lint

* fix tests

* set setting.IsEnterprise flag for tests

Co-authored-by: Yuriy Tseretyan <yuriy.tseretyan@grafana.com>
 2022-05-25 13:43:58 +02:00