opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-08-03 01:42:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Accesscontrol: Apply FGAC to APIKey endpoints (#42659)

Browse Source 
* Move definitions to serviceaccounts

* Use constant names, add scope to delete

* Add descriptions to roles

* Rename roles
This commit is contained in:
Jeremy Price
2022-01-04 15:37:40 +01:00
committed by GitHub
parent 6264bc966f
commit 42ccc44eca
3 changed files with 77 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/api/api.go
View File

@ -12,6 +12,7 @@ import (
"github.com/grafana/grafana/pkg/models"
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
acmiddleware "github.com/grafana/grafana/pkg/services/accesscontrol/middleware"
sa "github.com/grafana/grafana/pkg/services/serviceaccounts/manager"
)
var plog = log.New("api")
@ -252,10 +253,10 @@ func (hs *HTTPServer) registerRoutes() {
// auth api keys
apiRoute.Group("/auth/keys", func(keysRoute routing.RouteRegister) {
keysRoute.Get("/", routing.Wrap(GetAPIKeys))
keysRoute.Post("/", quota("api_key"), routing.Wrap(hs.AddAPIKey))
keysRoute.Post("/additional", quota("api_key"), routing.Wrap(hs.AdditionalAPIKey))
keysRoute.Delete("/:id", routing.Wrap(DeleteAPIKey))
keysRoute.Get("/", authorize(reqOrgAdmin, sa.ActionApikeyListEv), routing.Wrap(GetAPIKeys))
keysRoute.Post("/", authorize(reqOrgAdmin, sa.ActionApikeyAddEv), quota("api_key"), routing.Wrap(hs.AddAPIKey))
keysRoute.Post("/additional", authorize(reqOrgAdmin, sa.ActionApikeyAddAdditionalEv), quota("api_key"), routing.Wrap(hs.AdditionalAPIKey))
keysRoute.Delete("/:id", authorize(reqOrgAdmin, sa.ActionApikeyRemoveEv), routing.Wrap(DeleteAPIKey))
}, reqOrgAdmin)
// Preferences