opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-08-02 15:32:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Hide root level folder creation button if the user doesn't have the right permissions (#91502)

Browse Source 
* hide root level folder creation button if the user doesn't have the right permissions

* linting
This commit is contained in:
Ieva
2024-08-14 11:53:03 +01:00
committed by GitHub
parent 8d36111420
commit 134b9f731f
2 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
public/app/features/browse-dashboards/BrowseDashboardsPage.tsx
View File

@ -87,7 +87,9 @@ const BrowseDashboardsPage = memo(({ match }: Props) => {
const hasSelection = useHasSelection();
const { canEditFolders, canEditDashboards, canCreateDashboards, canCreateFolders } = getFolderPermissions(folderDTO);
const { data: rootFolder } = useGetFolderQuery('general');
let folder = folderDTO ? folderDTO : rootFolder;
const { canEditFolders, canEditDashboards, canCreateDashboards, canCreateFolders } = getFolderPermissions(folder);
const showEditTitle = canEditFolders && folderUID;
const canSelect = canEditFolders || canEditDashboards;

24
public/app/features/browse-dashboards/permissions.ts
View File

@ -3,22 +3,34 @@ import { contextSrv } from 'app/core/core';
import { AccessControlAction, FolderDTO } from 'app/types';
function checkFolderPermission(action: AccessControlAction, folderDTO?: FolderDTO) {
return folderDTO ? contextSrv.hasPermissionInMetadata(action, folderDTO) : contextSrv.hasPermission(action);
// Only some permissions are assigned in the root folder (aka "general" folder), so we can ignore them in most cases
return folderDTO && folderDTO.uid !== 'general'
? contextSrv.hasPermissionInMetadata(action, folderDTO)
: contextSrv.hasPermission(action);
}
function checkCanCreateFolders(folderDTO?: FolderDTO) {
// Can only create a folder if we have permissions and either we're at root or nestedFolders is enabled
if (folderDTO && !config.featureToggles.nestedFolders) {
return false;
}
return config.featureToggles.accessActionSets
? checkFolderPermission(AccessControlAction.FoldersCreate, folderDTO)
: checkFolderPermission(AccessControlAction.FoldersCreate) &&
checkFolderPermission(AccessControlAction.FoldersWrite, folderDTO);
if (!config.featureToggles.accessActionSets) {
if (!folderDTO || folderDTO.uid === 'general') {
return checkFolderPermission(AccessControlAction.FoldersCreate);
}
return (
checkFolderPermission(AccessControlAction.FoldersCreate) &&
checkFolderPermission(AccessControlAction.FoldersWrite, folderDTO)
);
}
return folderDTO
? contextSrv.hasPermissionInMetadata(AccessControlAction.FoldersCreate, folderDTO)
: contextSrv.hasPermission(AccessControlAction.FoldersCreate);
}
export function getFolderPermissions(folderDTO?: FolderDTO) {
// Can only create a folder if we have permissions and either we're at root or nestedFolders is enabled
const canCreateDashboards = checkFolderPermission(AccessControlAction.DashboardsCreate, folderDTO);
const canCreateFolders = checkCanCreateFolders(folderDTO);
const canDeleteFolders = checkFolderPermission(AccessControlAction.FoldersDelete, folderDTO);