* remove dashboard previews backend
* remove dashboard previews backend
* bring back the migration
* bring back the migration
* bring back the migration
* FeatureToggle: Add toggle to use a new way of rotating tokens
* API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd
* Auth: Aling not authorized handling between auth middleware and access
control middleware
* API: add utility function to get redirect for login
* API: Handle token rotation redirect for login page
* Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request
* ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated
* AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated
* Cookies: Add option NotHttpOnly
* AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated
* AuthN: Add function to delete session cookie and set expiry cookie
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* chore: remove export service POC from main
This is a POC and we'll see it, or something like it, again!
* remove frontend changes
---------
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
* Enable serving Swagger UI by default
It used to be served behind the `swaggerUi` feature toggle.
* Remove `swaggerUi` feature toggle
* Add docs and guidelines for updating swagger
* Apply suggestions from code review
Co-authored-by: Josh Hunt <joshhunt@users.noreply.github.com>
* Add config to remove Snapshot functionality (frontend is hidden and validation in the backend)
* Add test cases
* Remove unused mock on the test
* Moving Snapshot config from globar variables to settings.Cfg
* Removing warnings on code
* API: Add reqSignedIn to router groups
* AuthN: Add fall through in context handler
* AuthN: Add IsAnonymous field
* AuthN: add priority to context aware clients
* ContextHandler: Add comment
* AuthN: Add a simple priority queue
* AuthN: Add Name to client interface
* AuthN: register clients with function
* AuthN: update mock and fake to implement interface
* AuthN: rewrite test without reflection
* AuthN: add comment
* AuthN: fix queue insert
* AuthN: rewrite tests
* AuthN: make the queue generic so we can reuse it for hooks
* ContextHandler: Add fixme for auth headers
* AuthN: remove unused variable
* AuthN: use multierror
* AuthN: write proper tests for queue
* AuthN: Add queue item that can store the value and priority
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* rename routes and fix access control for support bundles
* AccessControl: Hide menu if not authorized
* AccessControl: Add AC guards for create and delete
* lint
* feat: add a new modal for displaying no-access info
* feat(CardGrid): add an onClick handler for items
* feat: open a no-access modal when clicking on a connection in the catlog
* feat: update permissions
Open a "No access" modal when the user clicks a connection type but has no permissions creating a datasource out of it
* test: add tests for opening the No Access modal
* test: fix the user permissions in tests
* Wip
* Revert "Wip"
This reverts commit 7f080c7f772e22f59573f60bea31418080ffd6c7.
* Add auth labels and access control metadata to org users search results
* Fix search result JSON model
* Org users: Use API for pagination
* Fix default page size
* Refactor: UsersListPage to functional component
* Refactor: update UsersTable component code style
* Add pagination to the /orgs/{org_id}/users endpoint
* Use pagination on the AdminEditOrgPage
* Add /orgs/{org_id}/users/search endpoint to prevent breaking API
* Use existing search store method
* Remove unnecessary error
* Remove unused
* Add query param to search endpoint
* Fix endpoint docs
* Minor refactor
* Fix number of pages calculation
* Use SearchOrgUsers for all org users methods
* Refactor: GetOrgUsers as a service method
* Minor refactor: rename orgId => orgID
* Fix integration tests
* Fix tests
* protect /connection url paths with permissions
These permissions match the original ones at /datasources and /plugins
* add Connections section to navtree only if user has permissions
This commit works only when the easystart plugin is not present.
I'll see what I can do when it is present in the next commit(s).
* update datasources page permissions
The datasources page have Explore buttons on datasource entries,
therefore it makes sense to show this page for those, who can't edit or
create datasources but have explore permissions.
This applies for the traditional Editor role.
* DataSourcesList: link to edit page only if has right to write
If the user doesn't have rights to write datasources, then it's better
to not create a link from cards to the edit page. This way they won't
see the configuration of the data sources either, which is a desirable
outcome.
Also, I moved the query for DataSourcesExplore permission out from the
DataSourcesListView component in the DataSourcesList component, next to
the other permission queries - for the sake of consistency.
* fix permissions for connect data
This way it matches the permissions of the "Plugins" page.
* fix applinks test
* feat(plugins-catalog): only allow admins to access plugins catalog routes
* add backend check
* fix(plugins-catalog): update route role access to include server admins
Co-authored-by: Will Browne <will.browne@grafana.com>
* add api route for validating a dashboard json
* add feature flag for showDashboardValidationWarnings
* tidy up
* comments and messages
* swagger specs
* fix typo
* more swagger
* tests!
* tidy test a little bit
* no more ioutil
* api will return different status code depending on validation error
* clean up
* handle 4xx errors
* remove console.log
* fix backend tests
* tidy up
* Swagger: Exclude alpha endpoints
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
This PR adds an audit table for public dashboards allowing a user to view all public dashboards on an instance of grafana. The public dashboards team is working on a proposal for adding RBAC support to the audit table for 9.3
Co-authored-by: juanicabanas <juan.cabanas@grafana.com>
This PR refactors how we add the orgId to the context on a public dashboard paths. We also split out accessToken handling into its own package and rework status code for "RequiresValidAccessToken". We will be modeling all endpoints to use these status codes going forward. Additionally, it includes a scaffold for better middleware testing and refactors existing tests to table drive tests.
* add new uid endpoing for star
* add store pool into service
* fix the endpoint caller
* udpate swagger file
* Update pkg/api/stars.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* remove useless code for star dashboard
* add new uid endpoing for star
* add store pool into service
* fix the endpoint caller
* Update pkg/api/stars.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Update pkg/api/stars.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* solve linter
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* NewIA: Plugin nav config
* progress
* Progress
* Things are working
* Add monitoring node
* Add alerts and incidents
* added experiment with standalone page
* Refactoring by adding a type for navtree root
* First test working
* More tests
* more tests
* Progress on richer config and sorting
* Sort weight working
* Path config
* Improving logic for not including admin or cfg nodes, making it the last step so that enterprise can add admin nodes without having to worry about the section not existing
* fixed index routes
* removed file
* Fixes
* Fixing tests
* Fixing more tests and adding support for weight config
* Updates
* Remove unused fake
* More fixes
* Minor tweak
* Minor fix
* Can now control position using sortweight even when existing items have no sortweight
* Added tests for frontend standalone page logic
* more tests
* Remove unused fake and fixed lint issue
* Moving reading settings to navtree impl package
* remove nav_id setting prefix
* Remove old test file
* Fix trailing newline
* Fixed bug with adding nil node
* fixing lint issue
* remove some code we have to rethink
* move read settings to PrivideService and switch to util.SplitString
* search: create a separate http endpoint
* search: extract api uri
* search: rename uri
* search: replicate the readiness check
* search: replicate the readiness check metric
* search: update mock
