* AccessControl: Remove package variables for roles and grants
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Check for inheritance during role registration
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Moving back role definition to accessscontrol
* Make settings reader role public
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Nits
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Forgot to update this
* Account for declaration error
* Fixing pkg/api init ossac
* Account for error in tests
* Update test to verify inheritance
* Nits.
* Place br inheritance behind a feature toggle
* Parent -> Parents
* Nit.
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* Use Wiring to initialize Avatar Cache Server
Create AvatarCacheServer Provider function and pass it in as an
argument to HTTPServer. Also convert CacheServer to a singleton
so that we keep all cached Avatar info in one place for easier access
* Refactor avatar cache server and add 'isCustom' check
Avatar cache server needs to perform two similar fetches
back-to-back; break up functions to allow for easy reuse.
Then add handling to see if a user has a custom avatar.
* Add additional accessors so that /recents api can easily use the cache
* Minor mods to avatar server to facilitiate unit testing
* add unit tests for avatar fetching
* add error handling in case we somehow fetch gravatars while they are disabled
* linting: read error return value in unit test
* Use http package status codes
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Use http package status codes
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Use http package status codes
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* Incorporate suggestions from PR
-avoid mutating arguments
-change error handler function to private and make name more descriptive
Co-authored-by: Ezequiel Victorero <evictorero@gmail.com>
* adds oauth support to call resource requests
* adds oauth docs for call resource
* fixes case where dsUID is empty
* improve datasource error handling
* use uid:s for folder and dashboard permissions
* evaluate folder and dashboard permissions based on uids
* add dashboard.uid to accept list
* Check for exact suffix
* Check parent folder on create
* update test
* drop dashboard:create actions with dashboard scope
* fix typo
* AccessControl: test id 0 scope conversion
* AccessControl: store only parent folder UID
* AccessControl: extract general as a constant
* FolderServices: Prevent creation of a folder uid'd general
* FolderServices: Test folder creation prevention
* Update pkg/services/guardian/accesscontrol_guardian.go
* FolderServices: fix mock call expect
* FolderServices: remove uneeded mocks
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* Expose option to disable help menu
* Expose option to disable profile menu
* Add Profile FeatureTogglePage
* Update public/app/features/profile/FeatureTogglePage.tsx
Uptake PR wording suggestion.
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Fix front end lint issue
* Fix back end lint issue
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Add ResourceAttribute
* Add ResourceAttribute option
* Set ResourceAttribute option
* Change resolvers to return uid based scopes
* update swagger to correct scope
* use ResourceAttribute for endpoint scope
* bump role version
* Add support for different attributes for access control metadata
* evaluate data source metadata based on uid
* Fix test
* uncomment benchmarks
* Use resourceID
* use evaluator for access control metadata
* update comment
* Set default permissions based on uid
* Add attribute to accesscontrol filter
* validate that scopes has correct attribute
* lint
* Update comment
* remove attribute parameter and extend prefix
* refactor to use scope prefix
* Get metadata with prefix
* fix test
* fix comparision
* remove unused type
* fix attribute index
* fix typo
* restructure logic
* Get metadata by uid
* fix imports
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* Move DeleteDashboard funtion into dashboards store service, remove bus and update tests
* Remove bus from folder service and update more tests
* Fix mock
* Add option to set ResourceAttribute for a permissions service
* Use prefix in access control sql filter to parse scopes
* Use prefix in access control metadata to check access
* Data sources: Sent user ID when creating data source
* Data sources: Grant a data source creator edit permissions
* Use edit permisison and only append if user id is in command
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Use bookmark icon for Saved Items, add support for solid bookmark icon
* Add some unit tests
* Refactor utils into own file
* Update test title
* Fix import
* consistent function style
* replace bus in guardian with sqlstore
* fix a couple of tests
* replace bus in the rest of the tests
* allow init guardian from other packages
* make linter happy
* init guardian in library elements
* fix another test in libraryelements
* fix more tests
* move guardian mock one level deeper
* fix more tests
* rename init functions
* First attempt at creating new navbar_preferences table in db
* Apply to every nav item instead of just home
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* Chore: introduce initTestDB options for features
* fix unit tests
* Add another unit test and some logic for detecting if a preference already exists
* tidy up
* Only override IsFeatureToggleEnabled if it's defined
* Extract setNavPreferences out into it's own function, initialise features correctly
* Make the linter happy
* Use new structure
* user essentials mob! 🔱
* user essentials mob! 🔱
* Split NavbarPreferences from Preferences
* user essentials mob! 🔱
* user essentials mob! 🔱
* Fix lint error
* Start adding tests
* Change internal db structure to be a generic json object
* GetJsonData -> GetPreferencesJsonData
* Stop using simplejson + add some more unit tests
* Update pkg/api/preferences.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Updates following review comments
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* Change patch to upsert, add a unit test
* remove commented out code
* introduce patch user/org preferences methods
* Return Navbar preferences in the get call
* Fix integration test by instantiating JsonData
* Address review comments
* Rename HideFromNavbar -> Hide
* add swagger:model comment
* Add patch to the preferences documentation
* Add openapi annotations
* Add a short description
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* Update unit tests
* remove unneeded url
* remove outdated comment
* Update integration tests
* update generated swagger
Co-authored-by: Alexandra Vargas <alexa1866@gmail.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Refactors GetPluginDashboards/LoadPluginDashboard by moving database
interaction from plugin management to the plugindashboards service.
Fixes#44553
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* Move call to create permissions into folder service
* Inject cfg, feature toggles and permissions services into dashboard
service
* Move logic to set default permissions on create dashboard from api to
service
* Move call to set default permissions on import dashboard to dashboard
service
* Set permissions for provisioned dashboard and folders in service
* create scope provider
* move datasource actions and scopes to datasource package + add provider
* change usages to use datasource scopes and update data source name resolver to use provider
* move folder permissions to dashboard package and update usages
* adds an api endpoint for use with public dashboards that validates orgId, dashboard, and panel when running a query. This feature is in ALPHA and should not be enabled yet. Testing is based on new mock sqlstore.
Co-authored-by: Jesse Weaver <jesse.weaver@grafana.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
* Chore: Remove deprecated no-op option PreferServerCipherSuites
from the tls configs.
Per golang docs: "PreferServerCipherSuites is a legacy field and has no effect."
