* replace usage of folder guardians with access control evaluators
* remove NewByFolderUID guardian
* bring up to date
* fix test
* more test fixes, and don't fetch the folder before evaluating lib element access
* change what error is returned
* fix alerting test
* try to fix linter errors
* replace the use of newByFolder guardian with direct access control evaluator checks
* remove newByFolder guardian
* get rid of dashboard and folder guardians
* undo unwanted change
* undo unwanted change
* undo unwanted change
* update code owners
* make sure that user permission cache is cleared after new dashboard and folder creation
* more test fixes
* Update pkg/services/dashboards/service/dashboard_service.go
* check identity type in SetDefaultPermissionsAfterCreate, set default permissions for service accounts
* set SA permissions for folders as well
* fix tests
* Add dashboard cleanup job
Change log message
Adjust logic to account for new head RV logic
Don't update lastResourceVersion due to pagination
Save improvements
* Address review feedback
* Update docs.
* Remove docs
* Rename config
---------
Co-authored-by: Marco de Abreu <18629099+marcoabreu@users.noreply.github.com>
* replace the usage of dashboard guardians with calling AC evaluators or checking access in middleware
* linting fixes
* fix test
* more test fixes
* remove a todo comment
* Zanzana: Remove usage from legacy access control
* remove unused
* remove zanzana client from services where it's not used
* remove unused metrics
* fix linter
Refactor folder service to use Unified Storage
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
---------
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com>
* Handle both user and service accounts when resolving identity name for dashboards and folders
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Ensure all internal Services are using FolderService and not FolderStore
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
---------
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
* Add folder store to dashboard permissions
* Include folder store in annotation scope resolver
* Add folder store when initialising library elements
* Include folder store in search v2 service initialisation
* Include folder store in GetInheritedScopes
* Add folder store to folder permissions provider
* Include cfg, folder permissions in folder service
* Move setting of folder permissions for folder service create method
* Export folder store implementation
* Rename folder store
* Add folder store as a parameter to folder service
* Add folder store to dash service implementation
* Fix folder store comments
* Revert "chore: add replDB to team service (#91799)"
This reverts commit c6ae2d7999aa6fc797db39e9d66c6fea70278f83.
* Revert "experiment: use read replica for Get and Find Dashboards (#91706)"
This reverts commit 54177ca619dbb5ded2dcb158405802d8dbdbc982.
* Revert "QuotaService: refactor to use ReplDB for Get queries (#91333)"
This reverts commit 299c142f6a6e8c5673cfdea9f87b56ac304f9834.
* Revert "refactor replCfg to look more like plugins/plugin config (#91142)"
This reverts commit ac0b4bb34d495914cbe8daad85b7c75c31e8070d.
* Revert "chore (replstore): fix registration with multiple sql drivers, again (#90990)"
This reverts commit daedb358dded00d349d9fac6106aaaa6bf18322e.
* Revert "Chore (sqlstore): add validation and testing for repl config (#90683)"
This reverts commit af19f039b62d9945377292a8e679ee258fd56b3d.
* Revert "ReplStore: Add support for round robin load balancing between multiple read replicas (#90530)"
This reverts commit 27b52b1507f5218a7b38046b4d96bc004d949d46.
* Revert "DashboardStore: Use ReplDB and get dashboard quotas from the ReadReplica (#90235)"
This reverts commit 8a6107cd35f6444c0674ee4230d3d6bcfbbd4a58.
* Revert "accesscontrol service read replica (#89963)"
This reverts commit 77a4869fcadf13827d76d5767d4de74812d6dd6d.
* Revert "Fix: add mapping for the new mysqlRepl driver (#89551)"
This reverts commit ab5a079bcc5b0f0a6929f0a3742eb2859d4a3498.
* Revert "fix: sql instrumentation dual registration error (#89508)"
This reverts commit d988f5c3b064fade6e96511e0024190c22d48e50.
* Revert "Experimental Feature Toggle: databaseReadReplica (#89232)"
This reverts commit 50244ed4a1435cbf3e3c87d4af34fd7937f7c259.
This PR reduces the number of allocations made while caching permissions from the database, fixes the hierarchy of spans and adds new spans for tracing.
---------
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
* make cfg private in sqlstore
* fix db init in tests
* fix case
* fix folder test init
* fix imports
* make another Cfg private
* remove another Cfg
* remove unused variable
* use store cfg, it has side-effects
* fix mutated cfg in tests
* Revert "Revert "Add FolderUID for library elements" (#83776)"
This reverts commit 0dfdb2ae47383beb41aa981313b4f12b4b29a8fa.
* Fix bug, dashboard id and library element fodler_id are the corresponding values
Dashboard table hold both dahboards and tables
Removes legacy alerting, so long and thanks for all the fish! 🐟
---------
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
Co-authored-by: Sonia Aguilar <soniaAguilarPeiron@users.noreply.github.com>
Co-authored-by: Armand Grillet <armandgrillet@users.noreply.github.com>
Co-authored-by: William Wernert <rwwiv@users.noreply.github.com>
Co-authored-by: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
* Add FolderUID in missing places for libraryelements
* Add migration for FolderUID in library elements table
* Add Folder UIDs tolibrary panels
* Adjust dashboard import with folder uid
* Fix lint
* Rename back FolderUID to UID
* Remove default
* Check if folderUID is nil
* Add unique indes on org_id,folder_uid,name and kind
* Update pkg/services/libraryelements/database.go
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Fix folder integration test, with unique index on library elements
* Make folder uids nullable and rewrite migration query
* Use dashboard uid instead of folder_uid
* Adjust test
---------
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Folders: Show folders user has access to at the root level
* Refactor
* Refactor
* Hide parent folders user has no access to
* Skip expensive computation if possible
* Fix tests
* Fix potential nil access
* Fix duplicated folders
* Fix linter error
* Fix querying folders if no managed permissions set
* Update benchmark
* Add special shared with me folder and fetch available non-root folders on demand
* Fix parents query
* Improve db query for folders
* Reset benchmark changes
* Fix permissions for shared with me folder
* Simplify dedup
* Add option to include shared folder permission to user's permissions
* Fix nil UID
* Remove duplicated folders from shared list
* Folders: Fix fetching empty folder
* Nested folders: Show dashboards with directly assigned permissions
* Fix slow dashboards fetch
* Refactor
* Fix cycle dependencies
* Move shared folder to models
* Fix shared folder links
* Refactor
* Use feature flag for permissions
* Use feature flag
* Review comments
* Expose shared folder UID through frontend settings
* Add frontend type for sharedWithMeFolderUID option
* Refactor: apply review suggestions
* Fix parent uid for shared folder
* Fix listing shared dashboards for users with access to all folders
* Prevent creating folder with "shared" UID
* Add tests for shared folders
* Add test for shared dashboards
* Fix linter
* Add metrics for shared with me folder
* Add metrics for shared with me dashboards
* Fix tests
* Tests: add metrics as a dependency
* Fix access control metadata for shared with me folder
* Use constant for shared with me
* Optimize parent folders access check, fetch all folders in one query.
* Use labels for metrics
