opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-08-02 14:52:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

AccessControl: Replace IsEnterprise checks with license checks (#49572)

Browse Source
This commit is contained in:
Karl Persson
2022-05-25 20:40:41 +02:00
committed by GitHub
parent 2449f62dbe
commit 5caf97be40
11 changed files with 98 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/api/api.go
View File

@ -250,15 +250,15 @@ func (hs *HTTPServer) registerRoutes() {
// current org without requirement of user to be org admin
apiRoute.Group("/org", func(orgRoute routing.RouteRegister) {
lookupEvaluator := func() ac.Evaluator {
if hs.Cfg.IsEnterprise {
if hs.License.FeatureEnabled("accesscontrol.enforcement") {
return ac.EvalPermission(ac.ActionOrgUsersRead)
}
// For oss we allow users with access to update permissions on either folders, teams or dashboards to perform the lookup
return ac.EvalAny(
ac.EvalPermission(ac.ActionOrgUsersRead),
ac.EvalPermission(ac.ActionTeamsPermissionsWrite),
ac.EvalPermission(dashboards.ActionDashboardsPermissionsWrite),
ac.EvalPermission(dashboards.ActionFoldersPermissionsWrite),
ac.EvalPermission(dashboards.ActionDashboardsPermissionsWrite),
)
}
orgRoute.Get("/users/lookup", authorize(reqOrgAdminFolderAdminOrTeamAdmin, lookupEvaluator()), routing.Wrap(hs.GetOrgUsersForCurrentOrgLookup))