grafana

Author	SHA1	Message	Date
Karl Persson	4df7bf5ab2	Access control: Display inherited folder permissions in dashboards (#46421 )	2022-03-17 17:08:51 +01:00
Yuriy Tseretyan	314be36a7c	Move datasource scopes and actions to access control package (#46334 ) * create scope provider * move datasource actions and scopes to datasource package + add provider * change usages to use datasource scopes and update data source name resolver to use provider * move folder permissions to dashboard package and update usages	2022-03-09 11:57:50 -05:00
Karl Persson	0debf33c76	Access control: Always append all permissions to role admin in oss (#46282 ) * Always append all permissions to built in role admin in oss	2022-03-07 13:28:39 +01:00
Karl Persson	4982ca3b1d	Access control: Use access control for dashboard and folder (#44702 ) * Add actions and scopes * add resource service for dashboard and folder * Add dashboard guardian with fgac permission evaluation * Add CanDelete function to guardian interface * Add CanDelete property to folder and dashboard dto and set values * change to correct function name * Add accesscontrol to folder endpoints * add access control to dashboard endpoints * check access for nav links * Add fixed roles for dashboard and folders * use correct package * add hack to override guardian Constructor if accesscontrol is enabled * Add services * Add function to handle api backward compatability * Add permissionServices to HttpServer * Set permission when new dashboard is created * Add default permission when creating new dashboard * Set default permission when creating folder and dashboard * Add access control filter for dashboard search * Add to accept list * Add accesscontrol to dashboardimport * Disable access control in tests * Add check to see if user is allow to create a dashboard * Use SetPermissions * Use function to set several permissions at once * remove permissions for folder and dashboard on delete * update required permission * set permission for provisioning * Add CanCreate to dashboard guardian and set correct permisisons for provisioning * Dont set admin on folder / dashboard creation * Add dashboard and folder permission migrations * Add tests for CanCreate * Add roles and update descriptions * Solve uid to id for dashboard and folder permissions * Add folder and dashboard actions to permission filter * Handle viewer_can_edit flag * set folder and dashboard permissions services * Add dashboard permissions when importing a new dashboard * Set access control permissions on provisioning * Pass feature flags and only set permissions if access control is enabled * only add default permissions for folders and dashboards without folders * Batch create permissions in migrations * Remove `dashboards:edit` action * Remove unused function from interface * Update pkg/services/guardian/accesscontrol_guardian_test.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2022-03-03 15:05:47 +01:00
Karl Persson	18cbfba596	Access control: Filter users and teams by read permissions (#45968 ) * pass signed in user and filter based on permissions	2022-03-01 10:58:41 +01:00
Karl Persson	cdc08105c2	Access control: Set default permissions for data sources when using access control (#45482 ) * Rename interfaces and use then with wire injection * Set default permissions when creating new data source	2022-02-17 14:03:45 +01:00

6 Commits