Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access control: expose permissions to the frontend #32954

Merged
merged 9 commits into from
Apr 16, 2021
Merged

Access control: expose permissions to the frontend #32954

merged 9 commits into from
Apr 16, 2021

Conversation

alexanderzobnin
Copy link
Contributor

@alexanderzobnin alexanderzobnin commented Apr 13, 2021
edited
Loading

This PR exposes permissions assigned to user to the frontend inside a bootData object. Then permissions can be checked with the ContextSrv (hasPermission() method) in the runtime. Then we can change a way how we render components depending on required access (render only if user have access, show info banner, disable action buttons, etc).

@alexanderzobnin alexanderzobnin force-pushed the access-control-expose-permissions-to-frontend branch from 90bba80 to 9eff344 Compare April 15, 2021 08:45
@alexanderzobnin alexanderzobnin marked this pull request as ready for review April 15, 2021 08:51
@alexanderzobnin alexanderzobnin requested a review from a team as a code owner April 15, 2021 08:51
@alexanderzobnin alexanderzobnin requested review from a team, aknuds1, marefr, torkelo and jackw and removed request for a team April 15, 2021 08:51
@alexanderzobnin alexanderzobnin changed the title Draft: Access control expose permissions to frontend Access control: expose permissions to the frontend Apr 15, 2021
Clarity-89
Clarity-89 approved these changes Apr 16, 2021
View reviewed changes
Copy link
Contributor

@Clarity-89 Clarity-89 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Left a few minor comments to consider.

packages/grafana-data/src/types/config.ts
@@ -46,6 +46,7 @@ export interface FeatureToggles {
live: boolean;
ngalert: boolean;
panelLibrary: boolean;
accesscontrol: boolean;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
accesscontrol: boolean;
accessControl: boolean;

I think we'd be consistent with casing. Also shouldn't it be down under the enterprise feature toggles?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, maybe. But right now we have feature toggle called accesscontrol. So I'd preffer to fix it in another PR.

packages/grafana-runtime/src/config.ts
@@ -57,6 +57,7 @@ export class GrafanaBootConfig implements GrafanaConfig {
ngalert: false,
panelLibrary: false,
reportVariables: false,
accesscontrol: false,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
accesscontrol: false,
accessControl: false,

public/app/core/services/context_srv.ts Outdated
* action: { scope: scope }
* }
*/
export type UserPermission = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be in the "app/types" instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, makes sense to move.

public/app/core/services/context_srv.ts Outdated
Comment on lines 83 to 87
return !!(
this.user.permissions &&
this.user.permissions[action] &&
(scope ? this.user.permissions[action][scope] : true)
);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return !!(
this.user.permissions &&
this.user.permissions[action] &&
(scope ? this.user.permissions[action][scope] : true)
);
return !!(this.user.permissions?.[action] && (scope ? this.user.permissions[action][scope] : true));

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is how prettier formats this.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not about formatting, you can remove an extra this.user.permissions check with the optional chaining operator.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it. Did it before, but had some linter errors. Will try again.

@alexanderzobnin alexanderzobnin merged commit 8b843eb into master Apr 16, 2021
@alexanderzobnin alexanderzobnin deleted the access-control-expose-permissions-to-frontend branch April 16, 2021 13:02
@sakjur
Copy link
Contributor

sakjur commented Apr 16, 2021

🎉 🕺

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Clarity-89 Clarity-89 Clarity-89 approved these changes

@sakjur sakjur Awaiting requested review from sakjur

@aknuds1 aknuds1 Awaiting requested review from aknuds1

@marefr marefr Awaiting requested review from marefr

@torkelo torkelo Awaiting requested review from torkelo

@jackw jackw Awaiting requested review from jackw

Assignees
No one assigned
Labels
area/backend area/frontend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@alexanderzobnin @sakjur @Clarity-89 @grafanabot