Fontend handling of account role to hide user actions and links that the user does not have access to

conf/grafana.ini

@@ -46,6 +46,8 @@ secret_key = SW2YcwTIb9zpOOhoPsMm
 login_remember_days = 7
 cookie_username = grafana_user
 cookie_remember_name = grafana_remember
+; disable user signup / registration
+disable_user_signup = false
 
 [account.single]
 ; Enable this feature to auto assign new users to a single account, suitable for NON multi tenant setups
@@ -57,7 +59,7 @@ default_role = Editor
 
 [auth.anonymous]
 ; enable anonymous access
-enabled = false
+enabled = true
 ; specify account name that should be used for unauthenticated users
 account_name = main
 ; specify role for unauthenticated users

grafana

@@ -1 +1 @@
-Subproject commit 017eab8dcd182b8c19f65657fc3d46e30545b7ff
+Subproject commit c75e669204ffd050e3ef23fdab516c425f7fb668

pkg/api/api.go

@@ -31,7 +31,7 @@ func Register(r *macaron.Macaron) {
 	r.Get("/account/users/", reqSignedIn, Index)
 	r.Get("/account/apikeys/", reqSignedIn, Index)
 	r.Get("/account/import/", reqSignedIn, Index)
-	r.Get("/admin/users", reqSignedIn, Index)
+	r.Get("/admin/users", reqGrafanaAdmin, Index)
 	r.Get("/dashboard/*", reqSignedIn, Index)
 
 	// sign up
@@ -104,18 +104,15 @@ func setIndexViewData(c *middleware.Context) error {
 		return err
 	}
 
-	currentUser := &dtos.CurrentUser{}
-
-	if c.IsSignedIn {
-		currentUser = &dtos.CurrentUser{
-			Login:            c.Login,
-			Email:            c.Email,
-			Name:             c.Name,
-			UsingAccountName: c.AccountName,
-			GravatarUrl:      dtos.GetGravatarUrl(c.Email),
-			IsGrafanaAdmin:   c.IsGrafanaAdmin,
-			Role:             c.AccountRole,
-		}
+	currentUser := &dtos.CurrentUser{
+		IsSignedIn:     c.IsSignedIn,
+		Login:          c.Login,
+		Email:          c.Email,
+		Name:           c.Name,
+		AccountName:    c.AccountName,
+		AccountRole:    c.AccountRole,
+		GravatarUrl:    dtos.GetGravatarUrl(c.Email),
+		IsGrafanaAdmin: c.IsGrafanaAdmin,
 	}
 
 	c.Data["User"] = currentUser

pkg/api/dtos/models.go

@@ -15,13 +15,14 @@ type LoginCommand struct {
 }
 
 type CurrentUser struct {
-	Login            string     `json:"login"`
-	Email            string     `json:"email"`
-	Role             m.RoleType `json:"role"`
-	Name             string     `json:"name"`
-	UsingAccountName string     `json:"usingAccountName"`
-	IsGrafanaAdmin   bool       `json:"isGrafanaAdmin"`
-	GravatarUrl      string     `json:"gravatarUrl"`
+	IsSignedIn     bool       `json:"isSignedIn"`
+	Login          string     `json:"login"`
+	Email          string     `json:"email"`
+	Name           string     `json:"name"`
+	AccountRole    m.RoleType `json:"accountRole"`
+	AccountName    string     `json:"acountName"`
+	IsGrafanaAdmin bool       `json:"isGrafanaAdmin"`
+	GravatarUrl    string     `json:"gravatarUrl"`
 }
 
 type DataSource struct {

pkg/middleware/auth.go

@@ -70,6 +70,7 @@ func RoleAuth(roles ...m.RoleType) macaron.Handler {
 func Auth(options *AuthOptions) macaron.Handler {
 	return func(c *Context) {
 		if !c.IsGrafanaAdmin && options.ReqGrafanaAdmin {
+			c.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+c.Req.RequestURI), 0, setting.AppSubUrl+"/")
 			authDenied(c)
 			return
 		}