opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-08-03 01:42:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

AccessControl: Present user edit actions according to AC metadata (#43602)

Browse Source 
* AccessControl: Add user metadata to user detail view

* AccessControl: Do not present delete or disable buttons based on ac metadata in admin/users

* AccessControl: do not allow password changing or user editing without permission

* AccessControl: Fetch global:users scope for admin

* AccessControl: optimize org.user metadata fetch

* Chore: early return if ac metadata is not available
This commit is contained in:
J Guerreiro
2022-01-05 08:59:17 +00:00
committed by GitHub
parent ba58b34219
commit 056e143664
8 changed files with 85 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/api/api.go
View File

@ -141,7 +141,7 @@ func (hs *HTTPServer) registerRoutes() {
r.Group("/api", func(apiRoute routing.RouteRegister) {
// user (signed in)
apiRoute.Group("/user", func(userRoute routing.RouteRegister) {
userRoute.Get("/", routing.Wrap(GetSignedInUser))
userRoute.Get("/", routing.Wrap(hs.GetSignedInUser))
userRoute.Put("/", routing.Wrap(UpdateSignedInUser))
userRoute.Post("/using/:id", routing.Wrap(UserSetUsingOrg))
userRoute.Get("/orgs", routing.Wrap(GetSignedInUserOrgList))
@ -167,7 +167,7 @@ func (hs *HTTPServer) registerRoutes() {
userIDScope := ac.Scope("global", "users", "id", ac.Parameter(":id"))
usersRoute.Get("/", authorize(reqGrafanaAdmin, ac.EvalPermission(ac.ActionUsersRead, ac.ScopeGlobalUsersAll)), routing.Wrap(hs.searchUsersService.SearchUsers))
usersRoute.Get("/search", authorize(reqGrafanaAdmin, ac.EvalPermission(ac.ActionUsersRead, ac.ScopeGlobalUsersAll)), routing.Wrap(hs.searchUsersService.SearchUsersWithPaging))
usersRoute.Get("/:id", authorize(reqGrafanaAdmin, ac.EvalPermission(ac.ActionUsersRead, userIDScope)), routing.Wrap(GetUserByID))
usersRoute.Get("/:id", authorize(reqGrafanaAdmin, ac.EvalPermission(ac.ActionUsersRead, userIDScope)), routing.Wrap(hs.GetUserByID))
usersRoute.Get("/:id/teams", authorize(reqGrafanaAdmin, ac.EvalPermission(ac.ActionUsersTeamRead, userIDScope)), routing.Wrap(GetUserTeams))
usersRoute.Get("/:id/orgs", authorize(reqGrafanaAdmin, ac.EvalPermission(ac.ActionUsersRead, userIDScope)), routing.Wrap(GetUserOrgList))
// query parameters /users/lookup?loginOrEmail=admin@example.com