a7fab31a21
Export role name consts in client to fix Authorized HOC
...
Signed-off-by: Alex Paxton <thealexpaxton@gmail.com>
2017-10-24 17:04:06 -07:00
8cc9167448
Fix typo in prop
2017-10-24 13:30:51 -07:00
40de9eb1c5
FOR TESTING - DELETE THIS COMMIT: User Role = Viewer
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-23 17:53:33 -07:00
e7721166d9
Implement Authorized HOC on DashboardsPage
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-23 17:50:43 -07:00
34a91334eb
Add 'Authorized' HOC to hide components based on me Role
...
Signed-off-by: Alex Paxton <thealexpaxton@gmail.com>
2017-10-23 17:44:08 -07:00
67ed6c05da
Merge pull request #2132 from influxdata/multitenancy_authorize_role
...
Role based authorization
2017-10-19 14:55:01 -05:00
414ca7f0b6
Add clarifying comment for InfluxDB UID being Name
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-19 14:42:34 -05:00
5998923ab8
Add test coverage for Get with empty User
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-19 14:39:06 -05:00
f463642bae
Update route authorization by Role
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-19 14:33:08 -05:00
19369b38cc
Set Scheme to be OAuth2 explicitly for all users
...
Add Provider to Users authenticated via /me
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-19 14:32:33 -05:00
dafab1653a
Fix formating of server/auth.go
2017-10-19 12:54:06 -04:00
72640d3bd2
Add tests for retrieving user by name and provider
...
Fix incorrect error message
Cleanup old Get user test
2017-10-19 12:52:46 -04:00
8d472646cd
Fix wrong authorization level on selected routes
...
Fix leaking of username on failed authorization
Add comment to chronograf.UserQuery
Fix logic in hasPrivilege method
2017-10-18 15:45:06 -04:00
a0d300d280
Use new chonograf.UserStore Get method when needed
...
Refactor tests that were dependent of old implementation of UsersStore
2017-10-18 14:45:33 -04:00
246e65e598
Generalize chronograf.UsersStore Get method
...
The `Get` method on the UsersStore was generalize by changing the second
parameter to a struct. This allows the Store to retrieve users by more
than simply their name.
-Get(ctx context.Context, name string) (*User, error)
+Get(ctx context.Context, q UserQuery) (*User, error)
2017-10-18 14:17:42 -04:00
0517a87954
Add comment to AuthorizedUser
2017-10-18 12:45:58 -04:00
3430eeb84b
Wrap routes with Authorization middleware
2017-10-18 12:40:17 -04:00
f50a2b686f
Add AuthorizedUser middleware
2017-10-18 12:35:40 -04:00
e61ed60ae8
Extract logic for getting user by name & provider
2017-10-18 12:34:23 -04:00
84f6702edf
Modify /me to match User via UsersStore.All & principal's Issuer
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 19:58:02 -05:00
414eab5f7d
Rename getEmail func & email var to getUsername & username
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 19:58:02 -05:00
cc7e695f37
Merge pull request #2113 from influxdata/multitenancy_rename_role_sourcerole
...
MULTITENANCY: Rename Role CRUD methods & structs w Source prefix
2017-10-16 19:51:38 -05:00
725344bc04
Merge pull request #2114 from influxdata/multitenancy_set_role
...
MULTITENANCY: Set the role of a user
2017-10-16 19:50:15 -05:00
c924771fb9
Lowercase string consts for role names
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 19:42:57 -05:00
c390678e43
Place user role consts and vars in server package
...
This also decouples the bolt tests from the server package.
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 18:43:56 -05:00
de6068228b
Replace string slices of role names with slices of chronograf.Role
...
This effectively reinstants rolly polly as king.
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 18:26:08 -05:00
1247323176
Use cmp.Diff for user equality comparison
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 16:46:20 -05:00
97d9afa78a
Vendor github.com/google/go-cmp/cmp/cmpopts
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 16:35:40 -05:00
93e3e68272
Suggest valid options in Invalid Role error message
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 15:56:43 -05:00
3ae86ec2da
Add comments for role types
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 15:33:29 -05:00
d9bec67e65
Clean up redundant error checks
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 14:33:47 -05:00
b2c4d9cb94
Add test coverage for userRequest validation
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 14:28:15 -05:00
74b4ad2c86
Remove unnecessary logic in ValidRoles guard
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 13:58:16 -05:00
263ff93f9b
Modify chronograf user roles to only use role name
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 14:44:34 -04:00
515370dc6c
Remove explicit chronograf user permisions
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 14:19:42 -04:00
a928d1518c
Modify User req & res to receive & give Role names only
...
Role members are fully explicated for CRUD operations.
Also adds validation for Roles on requests.
Also returns an empty array in JSON when a User has no roles.
2017-10-16 14:18:34 -04:00
de3dcf24c0
Add Roles to Users CRUD
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 17:42:30 -07:00
1bb3e560aa
Add name to bolt UsersStore test
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 20:01:35 -04:00
506cdd0c42
Make chronograf user roles explicit vars
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:58:45 -04:00
854c5b03d4
Factor out code in common bolt UsersStore tests
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:52:34 -04:00
22d56182cc
Use numberic style ID in UsersStore Get test
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:37:51 -04:00
ecccfc0c72
Regenerate protoc to remove formatting changes
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 19:33:46 -04:00
09050b9c8e
Remove unused concept of RolesStore
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 19:33:31 -04:00
40428588f2
Refactor bolt UsersStore to use ID instead of name
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:33:16 -04:00
75b0dbd43a
Add tests for updating user in boltdb
...
Adds tests for updating roles, provider, and scheme
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 19:32:54 -04:00
66eab84b40
Set ID on retrieved user from boltdb
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:32:35 -04:00
f712d2204b
Add roles to boltdb UsersStore
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:31:44 -04:00
aedaafe426
Update bolt UsersStore for updated chronograf User
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:31:26 -04:00
fd50f2fc7e
Refactor bolt.RolesStore to use bolt.UsersStore
...
Add definitions for user roles and permissions in chronograf package
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 19:31:15 -04:00
3e3ca4d1a2
Remove old bolt implementation of RoleStore
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:31:06 -04:00
Jared Scheib
Alex P
Jared Scheib
Michael de Sa