centralcloud/oncall-engine
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
oncall-engine/engine/apps
History
Joey Orlando b260a8e82b
fix: address RBAC Admin issue (#5087) 
# What this PR does

**NOTE**: should be merged/released after
https://github.com/grafana/irm/pull/183 has been rolled out to most
stacks (as that frontend update is what will grant that new RBAC
"action" to users whom already have the "OnCall Admin" RBAC role
assigned)

tldr; from the comment in the `RBACPermission.Permission.ADMIN` comment
in `engine/apps/api/permissions.py`:

> NOTE: this is a bit of a hack for now. See
https://github.com/grafana/support-escalations/issues/12625
> Basically when it comes to filtering teams that are configured to
share their resources with
> "Team members and admins", we have no way of knowing, when a user is
ACTUALLY an Admin when RBAC is involed.
>
> Example: Take a user with the basic role of None/Editor/Viewer but
with the "OnCall Admin" role assigned.
> Without this RBAC permission, we have no way of knowing that the user
is ACTUALLY an "Admin".

## Which issue(s) this PR closes

Closes https://github.com/grafana/support-escalations/issues/12625

## Checklist

- [x] Unit, integration, and e2e (if applicable) tests updated
- [x] Documentation added (or `pr:no public docs` PR label added if not
required)
- [x] Added the relevant release notes label (see labels prefixed w/
`release:`). These labels dictate how your PR will
    show up in the autogenerated release notes.
2024-09-26 12:40:07 -04:00
..
alerts Ignore resolve condition template if source resolving is disabled (#5049) 2024-09-23 18:01:59 +00:00
api fix: address RBAC Admin issue (#5087) 2024-09-26 12:40:07 -04:00
api_for_grafana_incident add labels in grafana-incident alertgroup endpoint (#4448) 2024-06-25 14:50:55 +00:00
auth_token Check for user.is_active during mobile app auth (#4990) 2024-09-06 12:25:23 +00:00
base Speed up internal api endpoints (#4830) 2024-08-15 14:20:55 +00:00
chatops_proxy Add stack_id to Tenant dataclass (#4864) 2024-08-20 11:24:53 +00:00
email Make cloud email domain configurable (#4982) 2024-09-04 14:46:52 +00:00
exotel Add method to send notification bundle by SMS (#4624) 2024-07-16 14:20:16 +00:00
google address Google OAuth2 issues where user didn't grant us the https://www.googleapis.com/auth/calendar.events.readonly scope (#4802) 2024-08-14 18:02:34 -04:00
grafana_plugin Make sync settings configurable (#5002) 2024-09-10 14:17:46 +00:00
heartbeat Improve OpenAPI schema coverage (#3629) 2024-01-12 15:11:22 +00:00
integrations Use dataclass methods in custom ratelimits and fix tests (#5036) 2024-09-18 13:32:16 +00:00
labels Support prescribed labels (#3848) 2024-02-20 14:42:51 +08:00
metrics_exporter Fix collecting metrics (#4822) 2024-08-14 13:53:43 +00:00
mobile_app Add custom ratelimits per org (#5004) 2024-09-17 23:16:41 +00:00
oss_installation bump uwsgi to 2.0.26 + Python to 3.12.3 (#4495) 2024-06-10 15:33:37 -04:00
phone_notifications Add method to send notification bundle by SMS (#4624) 2024-07-16 14:20:16 +00:00
public_api feat: add Grafana IDs to users and teams public API endpoints (#5075) 2024-09-24 19:16:22 +00:00
schedules Fix SSR push notifications for deleted orgs (#4868) 2024-08-20 11:32:20 +00:00
slack Make Slack connection error more descriptive (#5007) 2024-09-10 16:24:09 +00:00
social_auth address Google OAuth2 issues where user didn't grant us the https://www.googleapis.com/auth/calendar.events.readonly scope (#4802) 2024-08-14 18:02:34 -04:00
telegram Handle Slack invalid_auth error when posting alert group notification (#4970) 2024-09-02 16:37:27 +00:00
twilioapp Add method to send notification bundle by SMS (#4624) 2024-07-16 14:20:16 +00:00
user_management fix: address RBAC Admin issue (#5087) 2024-09-26 12:40:07 -04:00
webhooks Add manual trigger support for webhooks (#4934) 2024-09-09 12:17:23 +00:00
zvonok Add method to send notification bundle by SMS (#4624) 2024-07-16 14:20:16 +00:00
__init__.py World, meet OnCall! 2022-06-03 08:09:47 -06:00