* refactor: delegate authorization to access checker in dualwriter
- Remove role-based authorization checks (editor/admin role checks)
- Delegate all authorization to access checker which checks resource-level permissions
- Update authorizeCreateFolder to use access checker instead of role-based checks
- Add comprehensive authorization tests for viewer, editor, and admin roles
- Tests cover GET, POST, PUT, DELETE operations and folder creation
This change ensures that authorization is consistently handled through
the access checker, which checks resource-level permissions rather than
just organization roles.
* fix: format files_test.go
* fix: check error return value of resp.Body.Close()
* fix: grant permissions to all dashboards for editor role in authorization test
Use SetPermissions with wildcard to grant permissions to Editor user
for all dashboards, not just the initial one. This ensures that dashboards
created during tests (like in DELETE operations) have the necessary
permissions for the editor role.
* maybe better way to attach meta?
* chore(plugin-extensions): remove todo comment
---------
Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com>
**What is this feature?**
Add `rule_matcher` filter to the Prometheus-compatible list rules API: `/api/prometheus/grafana/api/v1/rules`. It allows to filter rules by static labels (not by alert instance labels).
**Special notes:**
- Equality (`=`) and inequality (`!=`) matchers are pushed down to the database. Regex matchers (`=~`, `!~`) are applied in-memory at the API layer.
- SQLite: Uses GLOB pattern matching
- MySQL / PostgreSQL: Use JSON functions to compare label values
---------
Co-authored-by: Konrad Lalik <konradlalik@gmail.com>
Enhancement: Introduce optimized folder permission relations and new permission definitions
- Added `can_get_permissions` and `can_set_permissions` relations to enhance permission management.
- Implemented `FolderPermissionRelation` function to optimize permission checks for folder resources.
- Updated `checkTyped` and `listTyped` methods to utilize optimized relations for permission management.
- Introduced a new benchmark test file for performance evaluation of permission checks and listings.
* hide alerts tab for git synced folders
* add tests for alert tab visibility
* hide managed folders from folder picker
* update UI so managed folders are disabled in dropdown not hidden
* add folder d to folder tree
* include folder d in useFolderQuery hook tests
* update provisioned folders from disabled to hidden in the folder selector
* remove disabled logic from NestedFolderList
* init
* it works! but what a mess
* nil ptr bug
* split up client.go
* split up search_request.go
* split up data_query.go
* split up response_parser
* fix merge
* update handling request
* raw dsl agg parser
* change rawQuery to rawDSLQuery
* agg parser works but needs work
* clean up agg parser
* fix bugs with raw dsl parsers
* feature toggle
* fix tests
* editor type selector
* editor type added
* add fix builder vs code by not using same query field
* clean up
* fix lint
* pretty
* editor type selection should be behind ft
* adam's feedback
* prettier
* rows with hidden header should never be collapsed
* fix test
* shouldn't need to normalize this
* fix frontend conversion
* fix lint
* Update public/app/features/dashboard-scene/serialization/transformSaveModelToScene.ts
Co-authored-by: Ivan Ortega Alba <ivanortegaalba@gmail.com>
---------
Co-authored-by: oscarkilhed <oscar.kilhed@grafana.com>
Co-authored-by: Ivan Ortega Alba <ivanortegaalba@gmail.com>
fix: allow editors to POST jobs in provisioning API
Editors should be able to post jobs in the 'jobs' endpoint for syncing
repositories. This aligns with the requirement that syncing a repository
requires editor privileges.
- Separated 'jobs' subresource authorization from repository/test
- Allow both admins and editors to POST jobs
- Added integration tests to verify permissions
Fixes authorization bug where editors were incorrectly denied access.
Roberto Jiménez Sánchez
Alexander Akhmetov
Torkel Ödegaard
Tobias Skarhed
mohammad-hamid
Sarah Zinger
Jack Westbrook
Misi
Dominik Prokop
Kristina Demeshchik
Marc M.
Daniele Stefano Ferru
Oscar Kilhed
Ivan Ortega Alba
Ryan McKinley
grafana-pr-automation[bot]
Andres Martinez Gotor
Yulia Shanyrova
Levente Balogh
Artur Minchukou
Kevin Minehart
Matheus Macabu
Georges Chaudy
Mustafa Sencer Özcan
Costa Alexoglou
Santiago
Lauren
Johnny Kartheiser
Andrew Hackmann
J Stickler
Haris Rozajac
Sonia Aguilar
Andreas Christou
alerting-team[bot]
Anna Urbiztondo
Gabriel MABILLE