Influxdata
/
chronograf
mirror of https://github.com/influxdata/chronograf.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
6,948 Commits
296 Branches
122 Tags
181 MiB
Commit Graph

54 Commits (3eeb4514e574b9bda16afcd6de14e134e04a5bc0)

Author SHA1 Message Date
Michael Desa ab9e686bbb Give SuperAdmin DefaultRole on PUT /me 
Previously, SuperAdmins were given the admin role in an organization
when they switched into it (via a PUT to /me). This is undesireable for
the comonitoring organization. This PR gives SuperAdmins the default
role for the organization when they switch into it.
 2017-12-20 14:20:24 -08:00
Michael Desa d8d20547ab Change Organization ID to string from uint64 2017-12-19 10:13:43 -08:00
Luke Morris 071b8b4f82 Minor tweaks based on PR review 2017-12-18 12:59:04 -08:00
Michael Desa a4736148c0 Allow SuperAdmins to change into any organization 2017-12-15 16:05:56 -08:00
Jared Scheib 456488f0ac
Merge pull request from influxdata/multitenancy_all_users_superadmin_toggle 
UI Toggle & API for SuperAdminFirstUserOnly server config
 2017-12-14 10:54:18 -08:00
Jared Scheib 14599e0f0a Add comment about firstUser superAdmin logic 2017-12-14 10:46:55 -08:00
Michael Desa 392594539b Add SuperAdmin to default org, even if private 
Add user to default org if org is public
 2017-12-13 17:38:57 -08:00
Michael Desa 2b38918a44 Prevent users joining default org if private 2017-12-13 16:59:02 -08:00
Jared Scheib f23075cbc4 Rename superAdminFirstUserOnly to superAdminNewUsers & flip default logic accordingly 
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
 2017-12-13 14:49:49 -08:00
Michael Desa da67f958ae Remove SuperAdminFirstUserOnly CLI flag 
Wire up boltdb config store
 2017-12-13 11:55:36 -08:00
Michael Desa 9fd656d4c9 Prevent user joining private default org 
Previously, if an organization was private and a user was removed from
the default organization, then they would be re-added. This behavior was
so left over from when we thought of the default organization as the
place where all users would exist. This PR removes that behavior.

There is one piece of odd behavior where a user's "current organization"
will be the default organization, but they will have no role in the
default organization.
 2017-12-12 13:15:53 -08:00
Jared Scheib f8920cf39b
Merge branch 'multitenancy' into multitenancy_reset_current_org 2017-11-30 19:07:40 -08:00
Michael Desa 6feba85807 Change NewUsersNotSuperAdmin to SuperAdminFirstUserOnly 2017-11-30 15:01:52 -05:00
Michael Desa 86b9c0d985 Make first user SuperAdmin 2017-11-30 12:56:13 -05:00
Michael Desa cf82990623 Return HTTP Status 403 if org not found in /me 
Fix returning non-standard status from AuthorizedUser
 2017-11-21 18:53:42 -05:00
Michael Desa 011b0bfb73 Add option to specify users are create as super admin 2017-11-13 20:44:50 -08:00
Michael Desa 5b64cb4dc3 Use default organization default role in me 
Forbid users from application if they have no roles and were not
explicitly added in private organization
 2017-11-13 19:28:15 -08:00
Luke Morris b3d0d6eeee Address PR feedback. 2017-11-13 18:08:50 -08:00
Luke Morris 31277c432c Rename whitelistOnly => public 2017-11-10 18:23:41 -08:00
Michael Desa d53fcea236 Change MeOrganization to UpdateMe 2017-11-10 16:17:46 -05:00
Michael Desa 173d1f2d71 Check WhitelistOnly setting on default org in Me 
Set DefaultOrganizationWhitelistOnly to false

Set DefaultOrganizationRole on new user in Me
 2017-11-10 16:15:29 -05:00
Michael Desa 85bb71033c Expose some organization routes to admins 
Cleanup tests appropriately

Prevent Admins from patching organizations
 2017-11-10 12:48:10 -05:00
Michael Desa 39910a08af Sort users organizations on me response by org ID 2017-11-10 11:09:16 -05:00
Michael Desa 4e46b4b2c7 Differentiate between SuperAdminContext and ServerContext 
Previously, the server just hijacked the super admin context in order to
get raw access to the underlying data stores, this introduces a way to
specify the it is explicitly the server making the request and no longer
hijack the super admin context.

This also adds test coverage to ensure that the correct values are being
set on context in the AuthorizedUser method.
 2017-11-10 11:09:16 -05:00
Michael Desa 9a548983d0 Fix role related tests after rebase 2017-11-06 11:31:44 -05:00
Michael Desa 859d94ab15 Move user roles and role names to roles package 2017-11-06 11:27:13 -05:00
Michael Desa 3370774e8f Add default org logic to OrganizationsStore 
Update resource handlers to appropriate consume default organization IDs
 2017-11-06 10:14:12 -05:00
Michael Desa 3ddd253d68 Grant user role in default org if added via API 
When users are created via the API they are only given roles in orgs
that are explicitly set. Additionally the roles must be roles that
belong to the current organization (unless they are a super admin).

This leads to a situation where a user may not be a part of the default
organization. If this is the case, we detect it when the user hits /me
and add the user to the default org.
 2017-11-06 09:46:00 -05:00
Michael Desa e114f20328 Fix links in me request 2017-11-03 09:39:21 -04:00
Michael Desa da1fa2141b Add CurrentOrganization & Organizations to me resp 
Remove CurrentOrganization from chronograf.User
 2017-11-02 11:59:53 -04:00
Michael Desa 4ecf215d19 Remove unused code 2017-11-01 12:35:09 -04:00
Michael Desa dc63e8af8f Add parseOrganizationID method 2017-11-01 12:34:00 -04:00
Michael Desa 24c99a761b Change OrganizationID to Organization in Me req 2017-11-01 10:37:32 -04:00
Michael Desa 3eaca382d3 User explicit type when setting context 2017-11-01 09:49:02 -04:00
Michael Desa 72422803c4 Add superAdmin to users CRUD 2017-11-01 09:12:19 -04:00
Michael Desa a9d5bf9c05 WIP cleanup 2017-10-31 20:58:40 -04:00
Michael Desa d1488a973b WIP make app usable by frontend 2017-10-31 19:50:03 -04:00
Michael Desa d7b981987c Remove RawUsers from DataStore 2017-10-31 17:49:35 -04:00
Michael Desa 5f63e2738a Refactor data stores into a common interface 2017-10-31 16:41:17 -04:00
Jared Scheib e0a535e78a Slightly DRYer code for getting fields off Principal 
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
 2017-10-27 12:48:51 -07:00
Michael de Sa 511c3e1957 Test MeOrganization for valid org with invalid user, and invalid org 
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
 2017-10-27 10:14:14 -07:00
Jared Scheib a956bacc41 Validate Organization and that User belongs to Org in MeOrganization 
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
 2017-10-27 10:02:02 -07:00
Michael de Sa 5c53fbbcc4 Change organization in meOrganizationRequest to currentOrganization 
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
 2017-10-26 16:02:29 -07:00
Jared Scheib 5bed2cfc4f Merge remote-tracking branch 'origin/multitenancy' into multitenancy_orgs 
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
 2017-10-26 18:21:30 -04:00
Michael Desa bf6c77ee5f Provide route to change current users organization 
Add current Organization to JWT.
Use OrganizationUsersStore to retrieve Users that are not me.

Signed-off-by: Michael de Sa <mjdesa@gmail.com>
 2017-10-26 18:06:52 -04:00
Jared Scheib 9a6ab1bf9d Lowercase Provider & Scheme & Role values for consistency 
The client was being sent lowercase values for Role & Provider,
but not Scheme. This change makes all the above lowercase.
 2017-10-24 16:17:59 -07:00
Jared Scheib c994e8c5ac Set Scheme to be OAuth2 explicitly for all users 
Add Provider to Users authenticated via /me

Signed-off-by: Michael de Sa <mjdesa@gmail.com>
 2017-10-19 14:32:33 -05:00
Michael Desa 4687ecf794 Use new chonograf.UserStore Get method when needed 
Refactor tests that were dependent of old implementation of UsersStore
 2017-10-18 14:45:33 -04:00
Michael Desa f0f5bc071b Extract logic for getting user by name & provider 2017-10-18 12:34:23 -04:00
Michael de Sa b86164e710 Modify /me to match User via UsersStore.All & principal's Issuer 
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
 2017-10-16 19:58:02 -05:00