opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-08-02 22:49:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

AccessControl: Add access control actions and scopes to team update and delete

Browse Source 
* AccessControl: Add access control actions and scopes to team update and delete

* AccessControl: Add tests for AC guards in update/delete

* AccessControl: add fixed role for team writer

* AccessControl: ensure team related AC is deleted with team

* Update pkg/api/team_test.go
This commit is contained in:
J Guerreiro
2022-01-27 15:16:44 +00:00
committed by GitHub
parent 1a9c293984
commit cb6e5ae8ce
7 changed files with 132 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
pkg/api/roles.go
View File

@ -198,17 +198,35 @@ func (hs *HTTPServer) declareFixedRoles() error {
Group: "Teams",
Version: 1,
Permissions: []accesscontrol.Permission{
{
Action: accesscontrol.ActionTeamsCreate,
},
{Action: accesscontrol.ActionTeamsCreate},
},
},
Grants: teamCreatorGrants,
}
teamsWriterRole := accesscontrol.RoleRegistration{
Role: accesscontrol.RoleDTO{
Name: "fixed:teams:writer",
DisplayName: "Team writer",
Description: "Create, read, write, or delete a team as well as controlling team memberships.",
Group: "Teams",
Version: 1,
Permissions: []accesscontrol.Permission{
{Action: accesscontrol.ActionTeamsCreate},
{Action: accesscontrol.ActionTeamsDelete, Scope: accesscontrol.ScopeTeamsAll},
{Action: accesscontrol.ActionTeamsPermissionsRead, Scope: accesscontrol.ScopeTeamsAll},
{Action: accesscontrol.ActionTeamsPermissionsWrite, Scope: accesscontrol.ScopeTeamsAll},
{Action: accesscontrol.ActionTeamsRead, Scope: accesscontrol.ScopeTeamsAll},
{Action: accesscontrol.ActionTeamsWrite, Scope: accesscontrol.ScopeTeamsAll},
},
},
Grants: []string{string(models.ROLE_ADMIN)},
}
return hs.AccessControl.DeclareFixedRoles(
provisioningWriterRole, datasourcesReaderRole, datasourcesWriterRole, datasourcesIdReaderRole,
datasourcesCompatibilityReaderRole, orgReaderRole, orgWriterRole, orgMaintainerRole, teamsCreatorRole,
datasourcesCompatibilityReaderRole, orgReaderRole, orgWriterRole,
orgMaintainerRole, teamsCreatorRole, teamsWriterRole,
)
}