opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-30 21:02:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Default to plugins.app:access for plugin includes (#90969)

Browse Source 
* Default to app access for includes

* Check plugin type
This commit is contained in:
Gabriel MABILLE
2024-07-29 20:56:09 +02:00
committed by GitHub
parent 34dbfefc86
commit b982259950
6 changed files with 93 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/plugins/manager/loader/finder/local_test.go
View File

@ -153,19 +153,21 @@ func TestFinder_Find(t *testing.T) {
}, },
Includes: []*plugins.Includes{ Includes: []*plugins.Includes{
{ {
Name: "Nginx Connections", Name: "Nginx Connections",
Path: "dashboards/connections.json", Path: "dashboards/connections.json",
Type: "dashboard", Type: "dashboard",
Role: "Viewer", Role: "Viewer",
Action: "plugins.app:access",
}, },
{ {
Name: "Nginx Memory", Name: "Nginx Memory",
Path: "dashboards/memory.json", Path: "dashboards/memory.json",
Type: "dashboard", Type: "dashboard",
Role: "Viewer", Role: "Viewer",
Action: "plugins.app:access",
}, },
{Name: "Nginx Panel", Type: "panel", Role: "Viewer"}, {Name: "Nginx Panel", Type: "panel", Role: "Viewer", Action: "plugins.app:access"},
{Name: "Nginx Datasource", Type: "datasource", Role: "Viewer"}, {Name: "Nginx Datasource", Type: "datasource", Role: "Viewer", Action: "plugins.app:access"},
}, },
}, },
FS: mustNewStaticFSForTests(t, filepath.Join(testData, "includes-symlinks")), FS: mustNewStaticFSForTests(t, filepath.Join(testData, "includes-symlinks")),

44
pkg/plugins/manager/loader/loader_test.go
View File

@ -198,30 +198,34 @@ func TestLoader_Load(t *testing.T) {
}, },
Includes: []*plugins.Includes{ Includes: []*plugins.Includes{
{ {
Name: "Nginx Connections", Name: "Nginx Connections",
Path: "dashboards/connections.json", Path: "dashboards/connections.json",
Type: "dashboard", Type: "dashboard",
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-connections", Action: plugins.ActionAppAccess,
Slug: "nginx-connections",
}, },
{ {
Name: "Nginx Memory", Name: "Nginx Memory",
Path: "dashboards/memory.json", Path: "dashboards/memory.json",
Type: "dashboard", Type: "dashboard",
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-memory", Action: plugins.ActionAppAccess,
Slug: "nginx-memory",
}, },
{ {
Name: "Nginx Panel", Name: "Nginx Panel",
Type: string(plugins.TypePanel), Type: string(plugins.TypePanel),
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-panel", Action: plugins.ActionAppAccess,
Slug: "nginx-panel",
}, },
{ {
Name: "Nginx Datasource", Name: "Nginx Datasource",
Type: string(plugins.TypeDataSource), Type: string(plugins.TypeDataSource),
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-datasource", Action: plugins.ActionAppAccess,
Slug: "nginx-datasource",
}, },
}, },
}, },
@ -391,8 +395,8 @@ func TestLoader_Load(t *testing.T) {
Plugins: []plugins.Dependency{}, Plugins: []plugins.Dependency{},
}, },
Includes: []*plugins.Includes{ Includes: []*plugins.Includes{
{Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Slug: "nginx-memory"}, {Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-memory"},
{Name: "Root Page (react)", Type: "page", Role: org.RoleViewer, Path: "/a/my-simple-app", DefaultNav: true, AddToNav: true, Slug: "root-page-react"}, {Name: "Root Page (react)", Type: "page", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Path: "/a/my-simple-app", DefaultNav: true, AddToNav: true, Slug: "root-page-react"},
}, },
Backend: false, Backend: false,
}, },

2
pkg/plugins/models.go
View File

@ -9,6 +9,8 @@ import (
const ( const (
TypeDashboard = "dashboard" TypeDashboard = "dashboard"
ActionAppAccess = "plugins.app:access"
) )
var ( var (

5
pkg/plugins/plugins.go
View File

@ -175,6 +175,11 @@ func ReadPluginJSON(reader io.Reader) (JSONData, error) {
if include.Role == "" { if include.Role == "" {
include.Role = org.RoleViewer include.Role = org.RoleViewer
} }
// Default to app access for app plugins
if plugin.Type == TypeApp && include.Role == org.RoleViewer && include.Action == "" {
include.Action = ActionAppAccess
}
} }
return plugin, nil return plugin, nil

8
pkg/plugins/plugins_test.go
View File

@ -60,10 +60,10 @@ func Test_ReadPluginJSON(t *testing.T) {
}, },
}, },
Includes: []*Includes{ Includes: []*Includes{
{Name: "Nginx Connections", Path: "dashboards/connections.json", Type: "dashboard", Role: org.RoleViewer}, {Name: "Nginx Connections", Path: "dashboards/connections.json", Type: "dashboard", Role: org.RoleViewer, Action: ActionAppAccess},
{Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer}, {Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Action: ActionAppAccess},
{Name: "Nginx Panel", Type: "panel", Role: org.RoleViewer}, {Name: "Nginx Panel", Type: "panel", Role: org.RoleViewer, Action: ActionAppAccess},
{Name: "Nginx Datasource", Type: "datasource", Role: org.RoleViewer}, {Name: "Nginx Datasource", Type: "datasource", Role: org.RoleViewer, Action: ActionAppAccess},
}, },
Backend: false, Backend: false,
}, },

84
pkg/services/pluginsintegration/loader/loader_test.go
View File

@ -198,30 +198,34 @@ func TestLoader_Load(t *testing.T) {
}, },
Includes: []*plugins.Includes{ Includes: []*plugins.Includes{
{ {
Name: "Nginx Connections", Name: "Nginx Connections",
Path: "dashboards/connections.json", Path: "dashboards/connections.json",
Type: "dashboard", Type: "dashboard",
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-connections", Action: plugins.ActionAppAccess,
Slug: "nginx-connections",
}, },
{ {
Name: "Nginx Memory", Name: "Nginx Memory",
Path: "dashboards/memory.json", Path: "dashboards/memory.json",
Type: "dashboard", Type: "dashboard",
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-memory", Action: plugins.ActionAppAccess,
Slug: "nginx-memory",
}, },
{ {
Name: "Nginx Panel", Name: "Nginx Panel",
Type: string(plugins.TypePanel), Type: string(plugins.TypePanel),
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-panel", Action: plugins.ActionAppAccess,
Slug: "nginx-panel",
}, },
{ {
Name: "Nginx Datasource", Name: "Nginx Datasource",
Type: string(plugins.TypeDataSource), Type: string(plugins.TypeDataSource),
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "nginx-datasource", Action: plugins.ActionAppAccess,
Slug: "nginx-datasource",
}, },
}, },
}, },
@ -421,8 +425,8 @@ func TestLoader_Load(t *testing.T) {
Plugins: []plugins.Dependency{}, Plugins: []plugins.Dependency{},
}, },
Includes: []*plugins.Includes{ Includes: []*plugins.Includes{
{Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Slug: "nginx-memory"}, {Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-memory"},
{Name: "Root Page (react)", Type: "page", Role: org.RoleViewer, Path: "/a/my-simple-app", DefaultNav: true, AddToNav: true, Slug: "root-page-react"}, {Name: "Root Page (react)", Type: "page", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Path: "/a/my-simple-app", DefaultNav: true, AddToNav: true, Slug: "root-page-react"},
}, },
Backend: false, Backend: false,
}, },
@ -911,10 +915,10 @@ func TestLoader_Load_DuplicatePlugins(t *testing.T) {
}, },
}, },
Includes: []*plugins.Includes{ Includes: []*plugins.Includes{
{Name: "Nginx Connections", Path: "dashboards/connections.json", Type: "dashboard", Role: org.RoleViewer, Slug: "nginx-connections"}, {Name: "Nginx Connections", Path: "dashboards/connections.json", Type: "dashboard", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-connections"},
{Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Slug: "nginx-memory"}, {Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-memory"},
{Name: "Nginx Panel", Type: "panel", Role: org.RoleViewer, Slug: "nginx-panel"}, {Name: "Nginx Panel", Type: "panel", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-panel"},
{Name: "Nginx Datasource", Type: "datasource", Role: org.RoleViewer, Slug: "nginx-datasource"}, {Name: "Nginx Datasource", Type: "datasource", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-datasource"},
}, },
Backend: false, Backend: false,
}, },
@ -992,10 +996,10 @@ func TestLoader_Load_SkipUninitializedPlugins(t *testing.T) {
}, },
}, },
Includes: []*plugins.Includes{ Includes: []*plugins.Includes{
{Name: "Nginx Connections", Path: "dashboards/connections.json", Type: "dashboard", Role: org.RoleViewer, Slug: "nginx-connections"}, {Name: "Nginx Connections", Path: "dashboards/connections.json", Type: "dashboard", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-connections"},
{Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Slug: "nginx-memory"}, {Name: "Nginx Memory", Path: "dashboards/memory.json", Type: "dashboard", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-memory"},
{Name: "Nginx Panel", Type: "panel", Role: org.RoleViewer, Slug: "nginx-panel"}, {Name: "Nginx Panel", Type: "panel", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-panel"},
{Name: "Nginx Datasource", Type: "datasource", Role: org.RoleViewer, Slug: "nginx-datasource"}, {Name: "Nginx Datasource", Type: "datasource", Role: org.RoleViewer, Action: plugins.ActionAppAccess, Slug: "nginx-datasource"},
}, },
Backend: false, Backend: false,
}, },
@ -1339,6 +1343,7 @@ func TestLoader_Load_NestedPlugins(t *testing.T) {
Path: "/a/myorgid-simple-app", Path: "/a/myorgid-simple-app",
Type: "page", Type: "page",
Role: org.RoleViewer, Role: org.RoleViewer,
Action: plugins.ActionAppAccess,
AddToNav: true, AddToNav: true,
DefaultNav: true, DefaultNav: true,
Slug: "root-page-react", Slug: "root-page-react",
@ -1348,6 +1353,7 @@ func TestLoader_Load_NestedPlugins(t *testing.T) {
Path: "/a/myorgid-simple-app/?tab=b", Path: "/a/myorgid-simple-app/?tab=b",
Type: "page", Type: "page",
Role: org.RoleViewer, Role: org.RoleViewer,
Action: plugins.ActionAppAccess,
AddToNav: true, AddToNav: true,
Slug: "root-page-tab-b", Slug: "root-page-tab-b",
}, },
@ -1360,18 +1366,20 @@ func TestLoader_Load_NestedPlugins(t *testing.T) {
Slug: "react-config", Slug: "react-config",
}, },
{ {
Name: "Streaming Example", Name: "Streaming Example",
Path: "dashboards/streaming.json", Path: "dashboards/streaming.json",
Type: "dashboard", Type: "dashboard",
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "streaming-example", Action: plugins.ActionAppAccess,
Slug: "streaming-example",
}, },
{ {
Name: "Lots of Stats", Name: "Lots of Stats",
Path: "dashboards/stats.json", Path: "dashboards/stats.json",
Type: "dashboard", Type: "dashboard",
Role: org.RoleViewer, Role: org.RoleViewer,
Slug: "lots-of-stats", Action: plugins.ActionAppAccess,
Slug: "lots-of-stats",
}, },
}, },
Backend: false, Backend: false,