opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-28 21:02:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

AccessControl: Let users with data source create permissions list non-core plugins (#48897)

Browse Source 
* Only require create and permissions for new data source page

* Let users with permissions to create data sources list non-core plugins

* Keep the admin check as fallback when using rbac as well
This commit is contained in:
Karl Persson
2022-05-13 10:30:26 +02:00
committed by GitHub
parent 555867135b
commit 60bc3e4e5c
3 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/api/plugins.go
View File

@ -13,6 +13,9 @@ import (
"sort"
"strings"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/datasources"
"github.com/grafana/grafana-plugin-sdk-go/backend"
"github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/api/response"
@ -32,8 +35,10 @@ func (hs *HTTPServer) GetPluginList(c *models.ReqContext) response.Response {
embeddedFilter := c.Query("embedded")
coreFilter := c.Query("core")
// For users with viewer role we only return core plugins
if !c.HasRole(models.ROLE_ADMIN) {
// When using access control anyone that can create a data source should be able to list all data sources installed
// Fallback to only letting admins list non-core plugins
hasAccess := accesscontrol.HasAccess(hs.AccessControl, c)
if !hasAccess(accesscontrol.ReqOrgAdmin, accesscontrol.EvalPermission(datasources.ActionCreate)) || c.HasRole(models.ROLE_ADMIN) {
coreFilter = "1"
}