Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
6,548 Commits
205 Branches
453 Tags
382 MiB
Commit Graph

51 Commits (5bfed911b37e103127df5b1d49522430e5fa4ceb)

Author SHA1 Message Date
Michael Desa 75d6c659f3 Allow SuperAdmins to change into any organization 2017-12-15 16:05:56 -08:00
Jared Scheib 0e1bcfc9c6 Merge pull request #2355 from influxdata/multitenancy_all_users_superadmin_toggle 
UI Toggle & API for SuperAdminFirstUserOnly server config
 2017-12-14 10:54:18 -08:00
Jared Scheib 27fe23b161 Add comment about firstUser superAdmin logic 2017-12-14 10:46:55 -08:00
Michael Desa 4369c9d708 Add SuperAdmin to default org, even if private 
Add user to default org if org is public
 2017-12-13 17:38:57 -08:00
Michael Desa 2b60043016 Prevent users joining default org if private 2017-12-13 16:59:02 -08:00
Jared Scheib 058f5fbc20 Rename superAdminFirstUserOnly to superAdminNewUsers & flip default logic accordingly 
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
 2017-12-13 14:49:49 -08:00
Michael Desa 6059f155a1 Remove SuperAdminFirstUserOnly CLI flag 
Wire up boltdb config store
 2017-12-13 11:55:36 -08:00
Michael Desa 49c8868e67 Prevent user joining private default org 
Previously, if an organization was private and a user was removed from
the default organization, then they would be re-added. This behavior was
so left over from when we thought of the default organization as the
place where all users would exist. This PR removes that behavior.

There is one piece of odd behavior where a user's "current organization"
will be the default organization, but they will have no role in the
default organization.
 2017-12-12 13:15:53 -08:00
Jared Scheib 76b61a146e Merge branch 'multitenancy' into multitenancy_reset_current_org 2017-11-30 19:07:40 -08:00
Michael Desa a81498f57a Change NewUsersNotSuperAdmin to SuperAdminFirstUserOnly 2017-11-30 15:01:52 -05:00
Michael Desa a2df431c0d Make first user SuperAdmin 2017-11-30 12:56:13 -05:00
Michael Desa 881bd11cf8 Return HTTP Status 403 if org not found in /me 
Fix returning non-standard status from AuthorizedUser
 2017-11-21 18:53:42 -05:00
Michael Desa 4e51963399 Add option to specify users are create as super admin 2017-11-13 20:44:50 -08:00
Michael Desa 1a235d881b Use default organization default role in me 
Forbid users from application if they have no roles and were not
explicitly added in private organization
 2017-11-13 19:28:15 -08:00
Luke Morris 338916a340 Address PR feedback. 2017-11-13 18:08:50 -08:00
Luke Morris 6d2c7e18d1 Rename whitelistOnly => public 2017-11-10 18:23:41 -08:00
Michael Desa 638e36c197 Change MeOrganization to UpdateMe 2017-11-10 16:17:46 -05:00
Michael Desa 6493902265 Check WhitelistOnly setting on default org in Me 
Set DefaultOrganizationWhitelistOnly to false

Set DefaultOrganizationRole on new user in Me
 2017-11-10 16:15:29 -05:00
Michael Desa f228e2860d Expose some organization routes to admins 
Cleanup tests appropriately

Prevent Admins from patching organizations
 2017-11-10 12:48:10 -05:00
Michael Desa 9a0fa10d8a Sort users organizations on me response by org ID 2017-11-10 11:09:16 -05:00
Michael Desa 35be59a71a Differentiate between SuperAdminContext and ServerContext 
Previously, the server just hijacked the super admin context in order to
get raw access to the underlying data stores, this introduces a way to
specify the it is explicitly the server making the request and no longer
hijack the super admin context.

This also adds test coverage to ensure that the correct values are being
set on context in the AuthorizedUser method.
 2017-11-10 11:09:16 -05:00
Michael Desa bd4d5c6cc3 Fix role related tests after rebase 2017-11-06 11:31:44 -05:00
Michael Desa 9b194168a6 Move user roles and role names to roles package 2017-11-06 11:27:13 -05:00
Michael Desa 7200aaf9f9 Add default org logic to OrganizationsStore 
Update resource handlers to appropriate consume default organization IDs
 2017-11-06 10:14:12 -05:00
Michael Desa 09f79f3a3e Grant user role in default org if added via API 
When users are created via the API they are only given roles in orgs
that are explicitly set. Additionally the roles must be roles that
belong to the current organization (unless they are a super admin).

This leads to a situation where a user may not be a part of the default
organization. If this is the case, we detect it when the user hits /me
and add the user to the default org.
 2017-11-06 09:46:00 -05:00
Michael Desa 4baa65629a Fix links in me request 2017-11-03 09:39:21 -04:00
Michael Desa 311c68f457 Add CurrentOrganization & Organizations to me resp 
Remove CurrentOrganization from chronograf.User
 2017-11-02 11:59:53 -04:00
Michael Desa 46987558e0 Remove unused code 2017-11-01 12:35:09 -04:00
Michael Desa 569978b4f7 Add parseOrganizationID method 2017-11-01 12:34:00 -04:00
Michael Desa 4c0469cb07 Change OrganizationID to Organization in Me req 2017-11-01 10:37:32 -04:00
Michael Desa 0e18f8778b User explicit type when setting context 2017-11-01 09:49:02 -04:00
Michael Desa 3ad2305c33 Add superAdmin to users CRUD 2017-11-01 09:12:19 -04:00
Michael Desa 708c37dc67 WIP cleanup 2017-10-31 20:58:40 -04:00
Michael Desa e7e17537a1 WIP make app usable by frontend 2017-10-31 19:50:03 -04:00
Michael Desa cf64b2e506 Remove RawUsers from DataStore 2017-10-31 17:49:35 -04:00
Michael Desa 36e14cb111 Refactor data stores into a common interface 2017-10-31 16:41:17 -04:00
Jared Scheib 32a65aa307 Slightly DRYer code for getting fields off Principal 
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
 2017-10-27 12:48:51 -07:00
Michael de Sa cff3ae798d Test MeOrganization for valid org with invalid user, and invalid org 
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
 2017-10-27 10:14:14 -07:00
Jared Scheib 4c968b0ff5 Validate Organization and that User belongs to Org in MeOrganization 
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
 2017-10-27 10:02:02 -07:00
Michael de Sa 6dd9f52c47 Change organization in meOrganizationRequest to currentOrganization 
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
 2017-10-26 16:02:29 -07:00
Jared Scheib d6d3463208 Merge remote-tracking branch 'origin/multitenancy' into multitenancy_orgs 
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
 2017-10-26 18:21:30 -04:00
Michael Desa 5e08464ecf Provide route to change current users organization 
Add current Organization to JWT.
Use OrganizationUsersStore to retrieve Users that are not me.

Signed-off-by: Michael de Sa <mjdesa@gmail.com>
 2017-10-26 18:06:52 -04:00
Jared Scheib f283702fe0 Lowercase Provider & Scheme & Role values for consistency 
The client was being sent lowercase values for Role & Provider,
but not Scheme. This change makes all the above lowercase.
 2017-10-24 16:17:59 -07:00
Jared Scheib 19369b38cc Set Scheme to be OAuth2 explicitly for all users 
Add Provider to Users authenticated via /me

Signed-off-by: Michael de Sa <mjdesa@gmail.com>
 2017-10-19 14:32:33 -05:00
Michael Desa a0d300d280 Use new chonograf.UserStore Get method when needed 
Refactor tests that were dependent of old implementation of UsersStore
 2017-10-18 14:45:33 -04:00
Michael Desa e61ed60ae8 Extract logic for getting user by name & provider 2017-10-18 12:34:23 -04:00
Michael de Sa 84f6702edf Modify /me to match User via UsersStore.All & principal's Issuer 
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
 2017-10-16 19:58:02 -05:00
Jared Scheib 414eab5f7d Rename getEmail func & email var to getUsername & username 
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
 2017-10-16 19:58:02 -05:00
Jared Scheib 31f72a71e9 Rename vestigial receiver 'h' on Service to 's' 
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
 2017-10-10 15:27:58 -07:00
Chris Goller ca58111730 Fix PathEscape work for go 1.7 2017-04-07 15:32:35 -05:00