Karl Persson
4982ca3b1d
* Add actions and scopes * add resource service for dashboard and folder * Add dashboard guardian with fgac permission evaluation * Add CanDelete function to guardian interface * Add CanDelete property to folder and dashboard dto and set values * change to correct function name * Add accesscontrol to folder endpoints * add access control to dashboard endpoints * check access for nav links * Add fixed roles for dashboard and folders * use correct package * add hack to override guardian Constructor if accesscontrol is enabled * Add services * Add function to handle api backward compatability * Add permissionServices to HttpServer * Set permission when new dashboard is created * Add default permission when creating new dashboard * Set default permission when creating folder and dashboard * Add access control filter for dashboard search * Add to accept list * Add accesscontrol to dashboardimport * Disable access control in tests * Add check to see if user is allow to create a dashboard * Use SetPermissions * Use function to set several permissions at once * remove permissions for folder and dashboard on delete * update required permission * set permission for provisioning * Add CanCreate to dashboard guardian and set correct permisisons for provisioning * Dont set admin on folder / dashboard creation * Add dashboard and folder permission migrations * Add tests for CanCreate * Add roles and update descriptions * Solve uid to id for dashboard and folder permissions * Add folder and dashboard actions to permission filter * Handle viewer_can_edit flag * set folder and dashboard permissions services * Add dashboard permissions when importing a new dashboard * Set access control permissions on provisioning * Pass feature flags and only set permissions if access control is enabled * only add default permissions for folders and dashboards without folders * Batch create permissions in migrations * Remove `dashboards:edit` action * Remove unused function from interface * Update pkg/services/guardian/accesscontrol_guardian_test.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
139 lines
4.7 KiB
Go
139 lines
4.7 KiB
Go
package service
|
|
|
|
import (
|
|
"context"
|
|
"strconv"
|
|
|
|
"github.com/grafana/grafana/pkg/api/routing"
|
|
"github.com/grafana/grafana/pkg/models"
|
|
"github.com/grafana/grafana/pkg/plugins"
|
|
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
|
"github.com/grafana/grafana/pkg/services/dashboardimport"
|
|
"github.com/grafana/grafana/pkg/services/dashboardimport/api"
|
|
"github.com/grafana/grafana/pkg/services/dashboardimport/utils"
|
|
"github.com/grafana/grafana/pkg/services/dashboards"
|
|
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
|
"github.com/grafana/grafana/pkg/services/librarypanels"
|
|
"github.com/grafana/grafana/pkg/services/quota"
|
|
"github.com/grafana/grafana/pkg/services/schemaloader"
|
|
)
|
|
|
|
func ProvideService(routeRegister routing.RouteRegister,
|
|
quotaService *quota.QuotaService, schemaLoaderService *schemaloader.SchemaLoaderService,
|
|
pluginDashboardManager plugins.PluginDashboardManager, pluginStore plugins.Store,
|
|
libraryPanelService librarypanels.Service, dashboardService dashboards.DashboardService,
|
|
ac accesscontrol.AccessControl, permissionsServices accesscontrol.PermissionsServices, features featuremgmt.FeatureToggles,
|
|
) *ImportDashboardService {
|
|
s := &ImportDashboardService{
|
|
features: features,
|
|
pluginDashboardManager: pluginDashboardManager,
|
|
dashboardService: dashboardService,
|
|
libraryPanelService: libraryPanelService,
|
|
dashboardPermissionsService: permissionsServices.GetDashboardService(),
|
|
}
|
|
|
|
dashboardImportAPI := api.New(s, quotaService, schemaLoaderService, pluginStore, ac)
|
|
dashboardImportAPI.RegisterAPIEndpoints(routeRegister)
|
|
|
|
return s
|
|
}
|
|
|
|
type ImportDashboardService struct {
|
|
features featuremgmt.FeatureToggles
|
|
pluginDashboardManager plugins.PluginDashboardManager
|
|
dashboardService dashboards.DashboardService
|
|
libraryPanelService librarypanels.Service
|
|
dashboardPermissionsService accesscontrol.PermissionsService
|
|
}
|
|
|
|
func (s *ImportDashboardService) ImportDashboard(ctx context.Context, req *dashboardimport.ImportDashboardRequest) (*dashboardimport.ImportDashboardResponse, error) {
|
|
var dashboard *models.Dashboard
|
|
if req.PluginId != "" {
|
|
var err error
|
|
if dashboard, err = s.pluginDashboardManager.LoadPluginDashboard(ctx, req.PluginId, req.Path); err != nil {
|
|
return nil, err
|
|
}
|
|
} else {
|
|
dashboard = models.NewDashboardFromJson(req.Dashboard)
|
|
}
|
|
|
|
evaluator := utils.NewDashTemplateEvaluator(dashboard.Data, req.Inputs)
|
|
generatedDash, err := evaluator.Eval()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
saveCmd := models.SaveDashboardCommand{
|
|
Dashboard: generatedDash,
|
|
OrgId: req.User.OrgId,
|
|
UserId: req.User.UserId,
|
|
Overwrite: req.Overwrite,
|
|
PluginId: req.PluginId,
|
|
FolderId: req.FolderId,
|
|
}
|
|
|
|
dto := &dashboards.SaveDashboardDTO{
|
|
OrgId: saveCmd.OrgId,
|
|
Dashboard: saveCmd.GetDashboardModel(),
|
|
Overwrite: saveCmd.Overwrite,
|
|
User: req.User,
|
|
}
|
|
|
|
savedDash, err := s.dashboardService.ImportDashboard(ctx, dto)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
err = s.libraryPanelService.ImportLibraryPanelsForDashboard(ctx, req.User, savedDash, req.FolderId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
err = s.libraryPanelService.ConnectLibraryPanelsForDashboard(ctx, req.User, dashboard)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if s.features.IsEnabled(featuremgmt.FlagAccesscontrol) {
|
|
if err := s.setDashboardPermissions(ctx, req.User, savedDash); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
return &dashboardimport.ImportDashboardResponse{
|
|
UID: savedDash.Uid,
|
|
PluginId: req.PluginId,
|
|
Title: savedDash.Title,
|
|
Path: req.Path,
|
|
Revision: savedDash.Data.Get("revision").MustInt64(1),
|
|
FolderId: savedDash.FolderId,
|
|
ImportedUri: "db/" + savedDash.Slug,
|
|
ImportedUrl: savedDash.GetUrl(),
|
|
ImportedRevision: dashboard.Data.Get("revision").MustInt64(1),
|
|
Imported: true,
|
|
DashboardId: savedDash.Id,
|
|
Slug: savedDash.Slug,
|
|
}, nil
|
|
}
|
|
|
|
func (s *ImportDashboardService) setDashboardPermissions(ctx context.Context, user *models.SignedInUser, dashboard *models.Dashboard) error {
|
|
resourceID := strconv.FormatInt(dashboard.Id, 10)
|
|
|
|
permissions := []accesscontrol.SetResourcePermissionCommand{
|
|
{UserID: user.UserId, Permission: models.PERMISSION_ADMIN.String()},
|
|
}
|
|
|
|
if dashboard.FolderId == 0 {
|
|
permissions = append(permissions, []accesscontrol.SetResourcePermissionCommand{
|
|
{BuiltinRole: string(models.ROLE_EDITOR), Permission: models.PERMISSION_EDIT.String()},
|
|
{BuiltinRole: string(models.ROLE_VIEWER), Permission: models.PERMISSION_VIEW.String()},
|
|
}...)
|
|
}
|
|
_, err := s.dashboardPermissionsService.SetPermissions(ctx, user.OrgId, resourceID, permissions...)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|