Feature: Per-object permision#658
Merged
vincent-olivert-riera merged 32 commits intoline:masterfrom Mar 3, 2026
Merged
Conversation
hoangpn
force-pushed
the
feature/per_object_permision
branch
2 times, most recently
from
4a964f1 to
9465848
Compare
hoangpn
force-pushed
the
feature/per_object_permision
branch
from
9465848 to
b8e015d
Compare
hoangpn
force-pushed
the
feature/per_object_permision
branch
3 times, most recently
from
e9a6a24 to
d011aef
Compare
hoangpn
force-pushed
the
feature/per_object_permision
branch
from
8193aac to
05f84ef
Compare
hoangpn
force-pushed
the
feature/per_object_permision
branch
2 times, most recently
from
04c2c20 to
90aca79
Compare
hoangpn
force-pushed
the
feature/per_object_permision
branch
11 times, most recently
from
e50f157 to
a395154
Compare
hoangpn
force-pushed
the
feature/per_object_permision
branch
8 times, most recently
from
efdc6eb to
1ab3d67
Compare
We add a filter to the RulesListView to show only the Rules of the Services or the Projects that the currently logged-in user has permission to access.
We add a filter to the FarmListView to show only the Farms that the currently logged-in user has permission to access.
We add a filter to the URLListView to show only the URLs of the Projects that the currently logged-in user has permission to access.
We add a filters the HostListView to show only the Hosts of the Farms that the currently logged-in user has permission to access.
We add a filter to the Alert History page to show only the alerts of the Services or the Projects that the currently logged-in user has permission to access.
We add a filter to the Edit History page to show only the audit logs of the objects that the currently logged-in user has permission to access.
We add a filter to the SearchView to show only the objects of the search result that the currently logged-in user has permission to access.
We add filters to the DatasourceListView and DatasourceDetailView to show only the projects that the currently logged-in user has permission to access.
We add filters to the HostDetailView to show only the hosts and their related objects that the currently logged-in user has permission to access.
We add a filter to the RuleDetailView to show only the Rules of the Services or the Projects that the currently logged-in user has permission to access.
We add filters to the Proxy's APIs response to return only the alert list of the services or the projects that the currently logged-in user has permission to access.
We add filters to the Proxy API's response to return only the silence list that the filters affect, limited to the services or projects that the currently logged-in user has permission to access.
We add a filters to the responses of the Service retrieve APIs to show only the data that the authenticated user has permission to access.
We add a filters to the responses of the Project retrieve APIs to show only the data that the authenticated user has permission to access.
We add a filters to the responses of the Farm retrieve APIs to show only the data that the authenticated user has permission to access.
We add a filters to the responses of the Export Rules API to show only the data that the authenticated user has permission to access.
We add a filters to the responses of the Export Targets API to show only the data that the authenticated user has permission to access.
We add a filters to the responses of the Export URLs API to show only the data that the authenticated user has permission to access.
We implement a permission check logic at the Prometheus proxy API to ensure that users must have the Admin or Editor role on the service/project when they want to silence an alert for that service/project.
We implement a permission check logic at the Prometheus proxy API to ensure that users must have the Admin or Editor role on the service/project when they want to delete a silence for that service/project.
We add a filters the GroupListView to show only the Groups that the currently logged-in user has permission to access.
After releasing the per-object permission authorization model, the logic for checking per-object permissions has been enabled. Therefore, the message explaining the previous transitional release has become redundant. As a result, we have removed this message from the UI and the locale file.
Currently, a Django View class is used for the Exporter Scrape feature, but it returns JSON instead of HTML. This makes it difficult to use PromgenGuardianPermissionMixin for permission checks because this View class is used as an API rather than a typical View class. However, if we don't check permissions on ExporterScrape, a security vulnerability could arise in the future, allowing a user to view the list of hosts for a project they don't have access to. Therefore, it is necessary to check permissions on ExporterScrape. The ideal solution for permission checking would be to replace this View class with a true REST API and implement permission checks for the API. However, this solution requires a significant amount of code changes. We also plan to rewrite a completely new version of Promgen's APIs soon. Therefore, to address the permission check issue on ExporterScrape, we have chosen a simpler solution by manually checking permissions directly in the "post" function of this class.
When a user is removed from a Service or Project, there is no reason for them to continue receiving alert notifications from that Service or Project. Therefore, we have automatically unsubscribed user notifications as soon as they no longer have any permissions on the Service or Project.
Changing permissions actually involves removing the old permission and assigning a new one. Removing the permission first triggers the signal to unsubscribe the user. Therefore, we have fixed this situation by assigning the new permission first, then removing the old permission. This way, the user subscription will be retained because the user always has permission on the object at any given time.
Currently, any Admin role of a Service or Project can delete it. However, a Service or Project can have many Admin users while there is only one owner. Additionally, deletion is a dangerous action because the deleted object will be removed from the database forever. Therefore, we have made a change that only allows the owner to delete the Service or Project.
We have added new conditions to the Promgen interface to hide components that the logged-in user does not have permission to use. This will make the interface cleaner and more user-friendly by only displaying the necessary functions for each role of user, thereby enhancing the user experience. Additionally, hiding unnecessary components also helps improve system performance.
hoangpn
force-pushed
the
feature/per_object_permision
branch
from
17405c6 to
cfc98ad
Compare
vincent-olivert-riera
approved these changes
Mar 3, 2026
Contributor
vincent-olivert-riera
left a comment
vincent-olivert-riera
left a comment
There was a problem hiding this comment.
Reviews done in Zoom.
Looks good to me.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is about enabling the per-object permission checking feature.
Any action on Promgen Web will be checked by a new mixin class PromgenGuardianPermissionMixin before executing.
All data will also be filtered before retrieving.