* use uid:s for folder and dashboard permissions
* evaluate folder and dashboard permissions based on uids
* add dashboard.uid to accept list
* Check for exact suffix
* Check parent folder on create
* update test
* drop dashboard:create actions with dashboard scope
* fix typo
* AccessControl: test id 0 scope conversion
* AccessControl: store only parent folder UID
* AccessControl: extract general as a constant
* FolderServices: Prevent creation of a folder uid'd general
* FolderServices: Test folder creation prevention
* Update pkg/services/guardian/accesscontrol_guardian.go
* FolderServices: fix mock call expect
* FolderServices: remove uneeded mocks
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* Expose option to disable help menu
* Expose option to disable profile menu
* Add Profile FeatureTogglePage
* Update public/app/features/profile/FeatureTogglePage.tsx
Uptake PR wording suggestion.
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Fix front end lint issue
* Fix back end lint issue
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Add ResourceAttribute
* Add ResourceAttribute option
* Set ResourceAttribute option
* Change resolvers to return uid based scopes
* update swagger to correct scope
* use ResourceAttribute for endpoint scope
* bump role version
* Add support for different attributes for access control metadata
* evaluate data source metadata based on uid
* Fix test
* uncomment benchmarks
* Use resourceID
* use evaluator for access control metadata
* update comment
* Set default permissions based on uid
* Add attribute to accesscontrol filter
* validate that scopes has correct attribute
* lint
* Update comment
* remove attribute parameter and extend prefix
* refactor to use scope prefix
* Get metadata with prefix
* fix test
* fix comparision
* remove unused type
* fix attribute index
* fix typo
* restructure logic
* Get metadata by uid
* fix imports
Co-authored-by: jguer <joao.guerreiro@grafana.com>
* Move DeleteDashboard funtion into dashboards store service, remove bus and update tests
* Remove bus from folder service and update more tests
* Fix mock
* Add option to set ResourceAttribute for a permissions service
* Use prefix in access control sql filter to parse scopes
* Use prefix in access control metadata to check access
* Data sources: Sent user ID when creating data source
* Data sources: Grant a data source creator edit permissions
* Use edit permisison and only append if user id is in command
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Use bookmark icon for Saved Items, add support for solid bookmark icon
* Add some unit tests
* Refactor utils into own file
* Update test title
* Fix import
* consistent function style
* replace bus in guardian with sqlstore
* fix a couple of tests
* replace bus in the rest of the tests
* allow init guardian from other packages
* make linter happy
* init guardian in library elements
* fix another test in libraryelements
* fix more tests
* move guardian mock one level deeper
* fix more tests
* rename init functions
* First attempt at creating new navbar_preferences table in db
* Apply to every nav item instead of just home
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* Chore: introduce initTestDB options for features
* fix unit tests
* Add another unit test and some logic for detecting if a preference already exists
* tidy up
* Only override IsFeatureToggleEnabled if it's defined
* Extract setNavPreferences out into it's own function, initialise features correctly
* Make the linter happy
* Use new structure
* user essentials mob! 🔱
* user essentials mob! 🔱
* Split NavbarPreferences from Preferences
* user essentials mob! 🔱
* user essentials mob! 🔱
* Fix lint error
* Start adding tests
* Change internal db structure to be a generic json object
* GetJsonData -> GetPreferencesJsonData
* Stop using simplejson + add some more unit tests
* Update pkg/api/preferences.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Updates following review comments
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* Change patch to upsert, add a unit test
* remove commented out code
* introduce patch user/org preferences methods
* Return Navbar preferences in the get call
* Fix integration test by instantiating JsonData
* Address review comments
* Rename HideFromNavbar -> Hide
* add swagger:model comment
* Add patch to the preferences documentation
* Add openapi annotations
* Add a short description
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* user essentials mob! 🔱
* Update unit tests
* remove unneeded url
* remove outdated comment
* Update integration tests
* update generated swagger
Co-authored-by: Alexandra Vargas <alexa1866@gmail.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Refactors GetPluginDashboards/LoadPluginDashboard by moving database
interaction from plugin management to the plugindashboards service.
Fixes#44553
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* Move call to create permissions into folder service
* Inject cfg, feature toggles and permissions services into dashboard
service
* Move logic to set default permissions on create dashboard from api to
service
* Move call to set default permissions on import dashboard to dashboard
service
* Set permissions for provisioned dashboard and folders in service
* create scope provider
* move datasource actions and scopes to datasource package + add provider
* change usages to use datasource scopes and update data source name resolver to use provider
* move folder permissions to dashboard package and update usages
* adds an api endpoint for use with public dashboards that validates orgId, dashboard, and panel when running a query. This feature is in ALPHA and should not be enabled yet. Testing is based on new mock sqlstore.
Co-authored-by: Jesse Weaver <jesse.weaver@grafana.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
* Chore: Remove deprecated no-op option PreferServerCipherSuites
from the tls configs.
Per golang docs: "PreferServerCipherSuites is a legacy field and has no effect."
* Add actions and scopes
* add resource service for dashboard and folder
* Add dashboard guardian with fgac permission evaluation
* Add CanDelete function to guardian interface
* Add CanDelete property to folder and dashboard dto and set values
* change to correct function name
* Add accesscontrol to folder endpoints
* add access control to dashboard endpoints
* check access for nav links
* Add fixed roles for dashboard and folders
* use correct package
* add hack to override guardian Constructor if accesscontrol is enabled
* Add services
* Add function to handle api backward compatability
* Add permissionServices to HttpServer
* Set permission when new dashboard is created
* Add default permission when creating new dashboard
* Set default permission when creating folder and dashboard
* Add access control filter for dashboard search
* Add to accept list
* Add accesscontrol to dashboardimport
* Disable access control in tests
* Add check to see if user is allow to create a dashboard
* Use SetPermissions
* Use function to set several permissions at once
* remove permissions for folder and dashboard on delete
* update required permission
* set permission for provisioning
* Add CanCreate to dashboard guardian and set correct permisisons for
provisioning
* Dont set admin on folder / dashboard creation
* Add dashboard and folder permission migrations
* Add tests for CanCreate
* Add roles and update descriptions
* Solve uid to id for dashboard and folder permissions
* Add folder and dashboard actions to permission filter
* Handle viewer_can_edit flag
* set folder and dashboard permissions services
* Add dashboard permissions when importing a new dashboard
* Set access control permissions on provisioning
* Pass feature flags and only set permissions if access control is enabled
* only add default permissions for folders and dashboards without folders
* Batch create permissions in migrations
* Remove `dashboards:edit` action
* Remove unused function from interface
* Update pkg/services/guardian/accesscontrol_guardian_test.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* ServiceAccounts: Fix token-apikey cross deletion
* ServiceAccounts: separate API key store and service account token store
* ServiceAccounts: hide service account tokens from API Keys page
* ServiceAccounts: uppercase statement
* ServiceAccounts: fix and add new tests for SAT store
* ServiceAccounts: remove service account ID from add API key
* ServiceAccounts: clear up errors
* Create DashAlertService service
* Remove no used dashboard service from plugin's manager that generates dependency cycle in Enterprise
* Remove bus for dashboard permissions
* Remove bus from dashboard extractor service
* Add missing argument
* Fix wire
* Fix lint
* More goimports
* Use datasource service instead sql calls
* Fix integration test
* Use PluginSettingsService instead of SQLStore in plugins
* Fix pluginproxy use of pluginsettings methods
* Fix additional pluginsettings methods
* Remove dispatch from plugindashboards
* Fix lint and adjust mock
* Remove unused pluginsettings
* Rename pluginsetting Service and ServiceImpl and add binding to wire
* Move pluginsettings binding in wire file
* make getordbyname a method
* remove one dispatch from plugins provisioner
* remove bus from the plugins provisioner, skip test for now
* remove bus from datasource provisioning
* resolve tests in notifier provisioning
* remove bus from the dashboards provisioning service
* fix missing struct field
* fix getorgbyid method calls
* pass org store into dashboard provisioner
* fix test function prototype
* fix tests
* attempt to fix tests after the rebase
* fix integration test
* avoid using transaction
* remove comments
* Chore: add setting to skip org assignment for external users
Introduce 'skip_org_role_update_sync' setting to skip any kind of org assignment during the login of external users.
As a consequence manual organization assignments won't be overridden during the upsert of an external user.
Part of #22605
* Chore: Rename skip_org_role_update_sync to oauth_skip_org_role_update_sync and relocate it to auth section
* Chore: replace global setting access where possible
