opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-29 07:32:50 +08:00
Code Issues Packages Projects Releases Wiki Activity
60,232 Commits 2,378 Branches 619 Tags
Commit Graph

15 Commits

Author SHA1 Message Date
Ryan McKinley
680e6bc1f8 Authlib: Use types package rather than claims (#99243) 2025-01-21 12:06:55 +03:00
Alexander Zobnin
cbb688e910 Zanzana: Remove usage from legacy access control (#98883) 
* Zanzana: Remove usage from legacy access control

* remove unused

* remove zanzana client from services where it's not used

* remove unused metrics

* fix linter
 2025-01-14 10:26:15 +01:00
Ieva
41ac5b5ae7 RBAC: Fix an issue with server admins not being able to manage users in orgs that they don't belong to (#92024) 
* look at global perms if user is not a part of the target org

* use constant

* update tests
 2024-08-22 10:04:06 +01:00
Karl Persson
8bcd9c2594 Identity: Remove typed id (#91801) 
* Refactor identity struct to store type in separate field

* Update ResolveIdentity to take string representation of typedID

* Add IsIdentityType to requester interface

* Use IsIdentityType from interface

* Remove usage of TypedID

* Remote typedID struct

* fix GetInternalID
 2024-08-13 10:18:28 +02:00
Ryan McKinley
21d4a4f49e Auth: use IdentityType from authlib (#91763) 2024-08-12 09:26:53 +03:00
Ryan McKinley
9db3bc926e Identity: Rename "namespace" to "type" in the requester interface (#90567) 2024-07-25 12:52:14 +03:00
Alexander Zobnin
87d86e81ce Zanzana: Evaluate permissions alongside with RBAC engine (#90064) 
* Zanzana: Evaluate permissions if feature flag enabled

* Fix tests

* adjust logs

* fix spelling

* remove unused

* only evaluate implemented resources

* refactor
 2024-07-05 11:31:23 +02:00
Ieva
167151b211 Chore: Remove use of deprecated method in AC code (#87541) 
* switch from using cfg to using featuremgmt for checking a feature toggle in AC code

* merge test fixes
 2024-05-10 11:56:52 +01:00
Karl Persson
be5ced4287 Identity: Use typed version of namespace id (#87257) 
* Remove different constructors and only use NewNamespaceID

* AdminUser: check typed namespace id

* Identity: Add convinient function to parse valid user id when type is either user or service account

* Annotations: Use typed namespace id instead
 2024-05-08 14:03:53 +02:00
Karl Persson
0fa983ad8e AuthN: Use typed namespace id inside authn package (#86048) 
* authn: Use typed namespace id inside package
 2024-04-24 09:57:34 +02:00
Alexander Zobnin
3127566a20 Access control: Use ResolveIdentity() for authorizing in org (#85549) 
* Access control: Use ResolveIdentity() for authorizing in org

* Fix tests

* Fix middleware tests

* Use ResolveIdentity in HasGlobalAccess() function

* remove makeTmpUser

* Cleanup

* Fix linter errors

* Fix test build

* Remove GetUserPermissionsInOrg()
 2024-04-10 12:42:13 +02:00
Gabriel MABILLE
3df0611f81 RBAC: Fix authorize in org (#81552) 
* RBAC: Fix authorize in org

* Implement option 2

* Fix typo

* Fix alerting test

* Add test to cover the not member case
 2024-02-01 12:37:01 +01:00
Jo
0de66a8099 Authz: Remove use of SignedInUser copy for permission evaluation (#78448) 
* remove use of SignedInUserCopies

* add extra safety to not cross assign permissions

unwind circular dependency

dashboardacl->dashboardaccess

fix missing import

* correctly set teams for permissions

* fix missing inits

* nit: check err

* exit early for api keys
 2023-11-22 14:20:22 +01:00
Jo
48ef88aed7 Access: Fetch fresh permissions for target GlobalOrgID in AuthorizeInOrgMiddleware (#76569) 
fetch fresh permissions for global in AuthorizeInOrgMiddleware

Update pkg/services/accesscontrol/authorize_in_org_test.go

do not load viewer permissions in global ID
 2023-10-13 21:01:47 +03:00
Jo
e56b2cae00 MESA: Allow using synced permissions (#71377) 
* wip

* cover authorize in org behavior

* revert export

* fix org tests

* change permissions nit
 2023-07-12 13:28:04 +03:00