diff options
| author | Costa Tsaousis <costa@netdata.cloud> | 2024-01-29 09:18:01 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-29 09:18:01 +0200 |
| commit | 84474006d4cf9eb78a47a3bdffbbedb3964f0068 (patch) | |
| tree | 6abf1999d02a75c20ee18ce10b91b457df01fe77 /aclk | |
| parent | 6fe7cfc0e096ce4dd1c2aa2f5ace8752bffdab44 (diff) | |
New Permissions System (#16837)
* wip of migrating to bitmap permissions
* replace role with bitmapped permissions
* formatting permissions using macros
* accept view and edit permissions for all dynamic configuration
* work on older compilers
* parse the header in hex
* agreed permissions updates
* map permissions to old roles
* new permissions management
* fix function rename
* build libdatachannel when enabled - currently for code maintainance
* dyncfg now keeps 2 sets of statuses, to keep track of what happens to dyncfg and what actually happens with the plugin
* complete the additions of jobs and solve unittests
* fix renumbering of ACL bits
* processes function shows the cmdline based on permissions and the presence of the sensitive data permission
* now the agent returns 412 when authorization is missing, 403 when authorization exists but permissions are not enough, 451 when access control list prevents the user from accessing the dashboard
* enable cmdline on processes with thhe HTTP_ACCESS_VIEW_AGENT_CONFIG permission
* by default functions require anonymous-data access
* fix compilation on debian
* fix left-over renamed define
* updated schema for alerts
* updated permissions
* require a name when loading json payloads, if the name is not provided by dyncfg
Diffstat (limited to 'aclk')
| -rw-r--r-- | aclk/aclk_query.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/aclk/aclk_query.c b/aclk/aclk_query.c index ead297ba16..ae8435db73 100644 --- a/aclk/aclk_query.c +++ b/aclk/aclk_query.c @@ -106,10 +106,9 @@ static int http_api_v2(struct aclk_query_thread *query_thr, aclk_query_t query) struct web_client *w = web_client_get_from_cache(); web_client_set_conn_cloud(w); - w->acl = HTTP_ACL_ACLK; - w->access = HTTP_ACCESS_MEMBER; // the minimum access level for all requests from netdata cloud - web_client_flags_clear_auth(w); - web_client_flag_set(w, WEB_CLIENT_FLAG_AUTH_CLOUD); + w->port_acl = HTTP_ACL_ACLK | HTTP_ACL_ALL_FEATURES; + w->acl = w->port_acl; + web_client_set_permissions(w, HTTP_ACCESS_MAP_OLD_MEMBER, HTTP_USER_ROLE_MEMBER, WEB_CLIENT_FLAG_AUTH_CLOUD); w->mode = HTTP_REQUEST_MODE_GET; w->timings.tv_in = query->created_tv; |