opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-09-28 02:54:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

Bug fix: Correctly set permissions on provisioned dashboards (#77155)

Browse Source 
* set default basic role permissions for dashboards even if dash creator permissions can't be set

* temporarily increase the test threshold until we can tweak the page
This commit is contained in:
Ieva
2023-10-26 17:21:50 +01:00
committed by GitHub
parent a652eed287
commit f6e2a775d3
2 changed files with 20 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.pa11yci-pr.conf.js
View File

@ -33,7 +33,8 @@ var dashboardSettings = [
url: '${HOST}/d/O6f11TZWk/panel-tests-bar-gauge?orgId=1&editview=permissions', url: '${HOST}/d/O6f11TZWk/panel-tests-bar-gauge?orgId=1&editview=permissions',
wait: 500, wait: 500,
rootElement: '.main-view', rootElement: '.main-view',
threshold: 9, // TODO: improve the accessibility of the permission tab https://github.com/grafana/grafana/issues/77203
threshold: 11,
}, },
{ {
url: '${HOST}/d/O6f11TZWk/panel-tests-bar-gauge?orgId=1&editview=dashboard_json', url: '${HOST}/d/O6f11TZWk/panel-tests-bar-gauge?orgId=1&editview=dashboard_json',

49
pkg/services/dashboards/service/dashboard_service.go
View File

@ -318,10 +318,7 @@ func (dr *DashboardServiceImpl) SaveProvisionedDashboard(ctx context.Context, dt
} }
if dto.Dashboard.ID == 0 { if dto.Dashboard.ID == 0 {
if err := dr.setDefaultPermissions(ctx, dto, dash, true); err != nil { dr.setDefaultPermissions(ctx, dto, dash, true)
namespaceID, userID := dto.User.GetNamespacedID()
dr.log.Error("Could not make user admin", "dashboard", dash.Title, "namespaceID", namespaceID, "userID", userID, "error", err)
}
} }
return dash, nil return dash, nil
@ -359,10 +356,7 @@ func (dr *DashboardServiceImpl) SaveFolderForProvisionedDashboards(ctx context.C
} }
if dto.Dashboard.ID == 0 { if dto.Dashboard.ID == 0 {
if err := dr.setDefaultPermissions(ctx, dto, dash, true); err != nil { dr.setDefaultPermissions(ctx, dto, dash, true)
namespaceID, userID := dto.User.GetNamespacedID()
dr.log.Error("Could not make user admin", "dashboard", dash.Title, "namespaceID", namespaceID, "userID", userID, "error", err)
}
} }
return dash, nil return dash, nil
@ -408,10 +402,7 @@ func (dr *DashboardServiceImpl) SaveDashboard(ctx context.Context, dto *dashboar
// new dashboard created // new dashboard created
if dto.Dashboard.ID == 0 { if dto.Dashboard.ID == 0 {
if err := dr.setDefaultPermissions(ctx, dto, dash, false); err != nil { dr.setDefaultPermissions(ctx, dto, dash, false)
namespaceID, userID := dto.User.GetNamespacedID()
dr.log.Error("Could not make user admin", "dashboard", dash.Title, "namespaceID", namespaceID, "userID", userID, "error", err)
}
} }
return dash, nil return dash, nil
@ -466,10 +457,7 @@ func (dr *DashboardServiceImpl) ImportDashboard(ctx context.Context, dto *dashbo
return nil, err return nil, err
} }
if err := dr.setDefaultPermissions(ctx, dto, dash, false); err != nil { dr.setDefaultPermissions(ctx, dto, dash, false)
namespaceID, userID := dto.User.GetNamespacedID()
dr.log.Error("Could not make user admin", "dashboard", dash.Title, "namespaceID", namespaceID, "userID", userID, "error", err)
}
return dash, nil return dash, nil
} }
@ -484,21 +472,23 @@ func (dr *DashboardServiceImpl) GetDashboardsByPluginID(ctx context.Context, que
return dr.dashboardStore.GetDashboardsByPluginID(ctx, query) return dr.dashboardStore.GetDashboardsByPluginID(ctx, query)
} }
func (dr *DashboardServiceImpl) setDefaultPermissions(ctx context.Context, dto *dashboards.SaveDashboardDTO, dash *dashboards.Dashboard, provisioned bool) error { func (dr *DashboardServiceImpl) setDefaultPermissions(ctx context.Context, dto *dashboards.SaveDashboardDTO, dash *dashboards.Dashboard, provisioned bool) {
inFolder := dash.FolderID > 0 inFolder := dash.FolderID > 0
var permissions []accesscontrol.SetResourcePermissionCommand var permissions []accesscontrol.SetResourcePermissionCommand
namespaceID, userIDstr := dto.User.GetNamespacedID() if !provisioned {
userID, err := identity.IntIdentifier(namespaceID, userIDstr) namespaceID, userIDstr := dto.User.GetNamespacedID()
userID, err := identity.IntIdentifier(namespaceID, userIDstr)
if err != nil { if err != nil {
return err dr.log.Error("Could not make user admin", "dashboard", dash.Title, "namespaceID", namespaceID, "userID", userID, "error", err)
} }
if !provisioned && namespaceID == identity.NamespaceUser { if err != nil && namespaceID == identity.NamespaceUser && userID > 0 {
permissions = append(permissions, accesscontrol.SetResourcePermissionCommand{ permissions = append(permissions, accesscontrol.SetResourcePermissionCommand{
UserID: userID, Permission: dashboards.PERMISSION_ADMIN.String(), UserID: userID, Permission: dashboards.PERMISSION_ADMIN.String(),
}) })
}
} }
if !inFolder { if !inFolder {
@ -513,12 +503,9 @@ func (dr *DashboardServiceImpl) setDefaultPermissions(ctx context.Context, dto *
svc = dr.folderPermissions svc = dr.folderPermissions
} }
_, err = svc.SetPermissions(ctx, dto.OrgID, dash.UID, permissions...) if _, err := svc.SetPermissions(ctx, dto.OrgID, dash.UID, permissions...); err != nil {
if err != nil { dr.log.Error("Could not set default permissions", "dashboard", dash.Title, "error", err)
return err
} }
return nil
} }
func (dr *DashboardServiceImpl) GetDashboard(ctx context.Context, query *dashboards.GetDashboardQuery) (*dashboards.Dashboard, error) { func (dr *DashboardServiceImpl) GetDashboard(ctx context.Context, query *dashboards.GetDashboardQuery) (*dashboards.Dashboard, error) {