* fix: compile error fix
* fix: remove soft delete references
* fix: use new pattern of checking for admin permission
* fix: remove soft delete reference
* test: key value tags in test
* fix: build error in patch module method
* feat: method to build postable tags from tags
* fix: build error in Apply method
* chore: remove newline
* fix: remove soft delete references
* fix: build error fix
* chore: embed StorableDashboard in listedRow
* fix: visitor should follow new tag struct
* fix: diff error codes for invalid keys and values
* fix: correct pk in bun model for tag relations
* fix: created and updated by schema
* fix: use coretypes.Kind instead of defining entity type
* fix: singular table name
* chore: remove org ID from tag relation
* feat: foreign key on tag id
* feat: add SyncTags method that covers creation and linking
* fix: remove entity type definition
* fix: fix build errors in dashboard module
* chore: bump migration number
* chore: change entity id to resource id
* fix: add org id filter in all list and delete queries
* fix: remove user auditable
* fix: add ID in tag relation
* fix: fix build error
* fix: fix build error
* chore: bump migration number
* fix: add len check on tags keys and values
* fix: add regex for tags
* chore: remove methods that shouldn't be exposed
* fix: use sync tags in create api
* feat: functional unique index in sql schema
* fix: only ascii in regex
* fix: use sync tags method in update
* fix: use sync tags method in update
* fix: correct the method name being called
* chore: rename create method to createOrGet
* chore: use tagtypestest package for mock store
* chore: combine functional unique index with unique index
* chore: move tag resolution to module
* test: add unit tests for new idx type
* chore: comment out tags unique index for now
* chore: add a todo comment
* chore: comment out unique index test
* feat: add created at to tag relations
* chore: comment out unique index test
* chore: bump migration number
* chore: remove uploaded grafana flag from metadata
* Merge branch 'main' into nv/v2-dashboard-create
* chore: revert idx generation to resolve conflicts
* fix: use store.RunInTx instead of taking in sqlstore
* fix: use binding package to get request
* chore: move NewDashboardV2 to NewDashboardV2WithoutTags
* chore: rename module to m
* fix: add ctx needed in sqlstore
* fix: remove sqlstore passage in ee pkg
* chore: change dashboardData to dashboardSpec
* feat: follow the metadata+spec key structure
* feat: follow the metadata+spec key structure in open api spec
* feat: v2 dashboard GET API (#11136)
* feat: v2 dashboard GET API
* Merge branch 'nv/v2-dashboard-create' into nv/v2-dashboard-get
* chore: update api specs
* fix: remove soft delete references
* chore: embed StorableDashboard into joinedRow in store method
* fix: fix build error
* chore: revert all frontend changes
* fix: remove public dashboard from get v2 call
* chore: revert all frontend changes
* fix: fix build errors post merge conflict resolution
* feat: lock, unlock, create public, update public v2 dashboard APIs (#11167)
* feat: lock, unlock, create public, update public v2 dashboard APIs
* chore: update api specs
* fix: use new pattern of checking for admin permission
* fix: remove soft delete reference
* chore: revert all frontend changes
* fix: fix build errors and remove v2 create/update public apis
* chore: use v1 methods wherever possible
* fix: use update v2 store method
* chore: update frontend schema
* chore: update frontend schema
* chore: generate api specs
* chore: generate api specs
* feat: patch dashboard api (#11182)
* feat: lock, unlock, create public, update public v2 dashboard APIs
* feat: delete dashboard v2 API and hard delete cron job
* feat: patch dashboard api
* chore: update api specs
* chore: update api specs
* chore: update api specs
* chore: remove delete related work
* fix: add examples of structs for value param in param description
* test: unit test fixes
* fix: use new pattern of checking for admin permission
* fix: remove soft delete reference
* test: key value tags in test
* fix: build error in patch module method
* fix: build error in Apply method
* fix: use sync tags method in update
* fix: fix build errors
* fix: fix all patch application tests
* chore: add more mapper methods
* fix: fix build errors
* chore: generate api specs
* fix: update migration numbering
* fix: add missing request struct in list api
* fix: remove hasMore from list response
* chore: bump migration number
* fix: send total count in response + bug fixes
* fix: add source for v2 dashboards
* chore: incorporate source
* chore: incorporate source in api spec
* chore: incorporate source
* fix: remove system dashboards from list v2 response
* fix: add some required fields
* feat: add immutable name in dashboard v2
* feat: add immutable name in dashboard v2
* feat: add immutable name in dashboard v2 api specs
* fix: remove unused param in constructor
* fix: improve api descriptions
* fix: remove unneeded comment
* chore: increase MaxTagsPerDashboard to 10
* fix: set display name in unmarshal json
* chore: remove integration test for now (will add along with list api)
* feat: add validation on dashboard name
* test: fix build errors and tests based on name related changes
* chore: bump migration number
* chore: generate api specs
* fix: fix tests based on name related changes
* fix: dont include full data in list response
* fix: add quotes around tag relation kind
* chore: bump migration number
* fix: correct convertor method name
* test: add unit tests for type conversions
* chore: remove enum def of threshold comparison operator
* feat: add flag to generate unique name in backend
* chore: generate api specs
* chore: make tags required in postable
* fix: build error fix
* chore: bump migration number
* fix: fix build error in test after merge conflict
* fix: remove unused store method
* fix: remove unused module methods
* fix: use v1 store update method
* fix: change data to spec in api param description
* chore: add back accidentally removed tests
* chore: update api spec
* chore: bump migration number
* feat: delete dashboard v2 API (#11299)
* feat: delete dashboard v2 API
* fix: fix post merge build and spec errors
* fix: address review comments
* chore: generate frontend api spec
* fix: add missing name fetch in listv2 store method
* fix: change title to name in api description
* fix: add all error codes for new apis
* test: change data to spec in unit tests
* fix: remove join to public dashboard table in list call
* fix: use valuer string for list order and sort
* test: integration test and fixes found through it
* chore: use same jsonpatch package as done in zeus
* chore: remove JSONPatchDocument and use patchable everywhere
* fix: make remove idempotent in patch
* chore: separate file for patch types
* chore: better error passage
* fix: remove extra decodePatch calls
* fix: use must new org id
* fix: proper error passage
* chore: rename updateable to updatable
* fix: use must new org id
* feat: include list of all dashboard tags in list api response
* fix: remove wrong api description msg
* fix: use must method for user id as well
* chore: add nolint comment
* fix: add missing image field in list response
* chore: regenerate api specs
* fix: make GettableTag a defined type instead of an alias
* fix: dont allow system dashboards to be deleted
* fix: remove public filter from visitor
* chore: use go sqlbuilder
* fix: use ESCAPE literal in contains and like operators
* fix: use correct perses package in list v2 file
* feat: change pinned dashboard table to user dashboard preference table
* fix: delete preferences on dashboard delete
* test: add integration test for pinning
* fix: wrap naked errors
* fix: integration dashboards should not be deletable either
* fix: remove org column in preferences and add foreign key to users table
* chore: add fk from prefs to dashbaord table
* chore: remove outer parenthesis removal function
* test: add unit test to ensure that all reserved keys have handlers
* fix: proper url for pin apis
* fix: delete preferences on user deletion
* test: address integration test comments
* test: change limit
* fix: revert the check in can delete
* fix: remove unit test from ee package
* fix: move list filter to impl to avoid db impl logic in types
* chore: code movement
* feat: add a pin free list dashboards api
* fix: update api specs
* fix: use request query in api defs for list apis
* chore: explicitly mark request as nil in list apis
---------
Co-authored-by: Srikanth Chekuri <srikanth.chekuri92@gmail.com>
* refactor: move authtypes to coretypes
* refactor: migrate downstream consumers to coretypes Kind/Type/Relation
Wire all consumers of the typeable infrastructure through coretypes:
- Replace authtypes.Name/Type/Relation references with coretypes equivalents
- Switch Typeable singletons to constructor calls (authtypes.NewTypeableUser
etc.), with the embedded coretypes.Typeable populated so Kind/Type/Prefix/
Scope dispatch correctly through the embed
- Update dashboardtypes meta-resource declarations to use authtypes
constructors so they expose Tuples (authz callers need it)
- Rename Resource.Name field accesses to Resource.Kind to match the field
rename in authtypes.Resource
- Fix typeable_metaresource.go calling the plural NewTypeableMetaResources
helper — should be the singular NewTypeableMetaResource
go build ./... and go vet ./... clean (parser-generated unreachable-code
warnings are pre-existing). Authz unit tests pass.
* refactor(audittypes): unify Action with coretypes.Relation
Drop the duplicate Action enum from audittypes — the verbs (create/update/
delete) match coretypes.Relation exactly. Move PastTense onto Relation so
audit EventName derivation continues to work without a parallel hierarchy.
Also retypes AuditDef.ResourceKind from string to coretypes.Kind so audit
declarations get the same regex validation that authz already enforces.
* refactor(retentiontypes): extract TTLSetting into its own package
TTLSetting is the bun model for ClickHouse TTL settings — has nothing to do
with the Organization domain it was previously co-located with in
pkg/types/organization.go. Moved to pkg/types/retentiontypes/ alongside the
ClickHouse reader that's its sole consumer.
No schema change; the bun table tag (table:ttl_setting) is unchanged.
* chore(openapi): regenerate spec for coretypes.Relation and Resource.Kind
* chore(frontend): regenerate API client and migrate Resource.name → Resource.kind
Regenerated TypeScript API types after the AuthtypesResource field rename
and the new CoretypesRelation enum. Updated:
- frontend/scripts/generate-permissions-type.cjs to read `r.kind` from the
/api/v1/authz/resources response and emit `kind:` in the static
permissions.type.ts file.
- frontend/src/hooks/useAuthZ/{permissions.type,types,utils,useAuthZ}.tsx:
Resource.name → Resource.kind throughout.
- frontend/src/container/RolesSettings/{utils.tsx,__tests__/utils.test.ts}:
same field migration.
- frontend/src/components/createGuardedRoute/createGuardedRoute.test.tsx:
same.
- useAuthZ/utils.ts: cast string relations to CoretypesRelationDTO at the
AuthtypesTransactionDTO boundary now that relation is an enum, not a raw
string.
yarn generate:api passes (orval generation + lint + typecheck).
* refactor: migrate downstream consumers to Resource/Verb rename
* chore(openapi): regenerate spec for Resource/Verb rename
* feat(coretypes): add ListResources accessor with stable sort
* feat(cmd): add 'generate authz' subcommand for permissions type
* refactor(authz): drop runtime authz/resources endpoint
* refactor(frontend): consume static permissions.type.ts directly
* chore(frontend): regenerate Orval client without authz/resources
* ci: move authz schema check from jsci to goci
* refactor(coretypes): move Selector/Object/Transaction from authtypes
* feat(coretypes): add managed role names and permission policy
* feat(coretypes): add Registry assembling resources, types, and managed-role transactions
* refactor(authz): wire *coretypes.Registry; drop RegisterTypeable
* refactor(cmd): wire coretypes.NewRegistry into server bootstraps
* chore: regenerate openapi spec for authtypes -> coretypes type moves
* chore(frontend): regenerate API client for Authtypes -> Coretypes type moves
* refactor(coretypes): rename GettableResource to ResourceRef
* refactor(authz): collapse Registry around static data; bridge once at construction
* refactor(coretypes): tighten Registry, restore anonymous public-dashboard grant
Drops passthrough fields from coretypes.Registry; adds an O(1) lookup map
for NewResourceFromTypeAndKind; replaces stringly-typed Type compares with
Type.Equals; removes the now-redundant getUniqueTypes helper. Restores the
signoz-anonymous read grant on metaresource/public-dashboard that was
silently dropped, and removes the invalid signoz-admin/VerbCreate/TypeUser
entry that panicked at startup.
* chore: regenerate openapi spec for coretypes -> authtypes type moves
* chore(frontend): regenerate API client for Coretypes -> Authtypes type moves
* fix(authz): disambiguate kind→type by relation, preserve multi-part selectors
permissions.type.ts now lists the same kind (dashboard, role,
public-dashboard) under both metaresource and metaresources, so the prior
kind→type map silently overwrote one with the other. Resolve the type
using the requesting relation's allowed types, and slice the selector at
the first colon so multi-part selectors (e.g. id:version) round-trip
correctly. Updates useAuthZ.test.tsx to use the regenerated kind field.
* refactor(authtypes): introduce Relation wrapper over coretypes.Verb
The authz layer modeled relations as raw coretypes.Verb everywhere, which
forced authz-level concepts (action, role-binding) to share a type with
schema-level enumerations. Introduce authtypes.Relation as a thin wrapper
over coretypes.Verb so the authz APIs (CheckWithTupleCreation, ListObjects,
GetObjects, PatchObjects, NewTuples, Transaction.Relation, etc.) can grow
authz-specific affordances without leaking back into coretypes.
Also reshuffles the static coretypes data into dedicated registry_*.go files
(types, kinds, verbs, resources, managed roles) to keep the schema declarations
isolated from the value types they configure.
* refactor(authtypes): expose Relation.Enum() and regenerate openapi spec
Without an Enum() method on Relation the openapi generator emitted an
empty AuthtypesRelation schema (no allowed values). Forward the enum
from the embedded coretypes.Verb so the wire contract is faithful.
* refactor(ee/authz): drop always-nil error returns from managed-role tuple helpers
getManagedRoleGrantTuples and getManagedRoleTransactionTuples never
returned a non-nil error, which the linter (unparam) had flagged. Drop
the unused error return; callers no longer need the err check either.
* chore(frontend): regenerate API client for authtypes.Relation
* fix(authz): satisfy go-lint — keyed Relation literal, drop redundant Verb selector
* refactor(coretypes): sync Kinds slice with full registry_kind declarations
* feat(coretypes): register metaresource and metaresources for all new kinds
Adds 21 metaresource and 21 metaresources entries (covering notification-channel,
route-policy, apdex-setting, auth-domain, session, cloud-integration,
cloud-integration-service, ingestion-key, ingestion-limit, pipeline,
user-preference, org-preference, quick-filter, ttl-setting, rule,
planned-maintenance, saved-view, trace-funnel, factor-password, factor-api-key,
license) so the authz schema covers every resource Kind declared in
registry_kind. Regenerates the static frontend permissions.type.ts to match.
* feat(coretypes): populate ManagedRoleToTransactions from signozapiserver routes
Enumerates every (verb, resource) tuple each managed role holds, derived
from the AdminAccess/EditAccess/ViewAccess middleware on routes in
pkg/apiserver/signozapiserver and the legacy http_handler in
pkg/query-service/app. Admin gets 123 transactions, editor 53, viewer 25,
anonymous keeps the single public-dashboard read.
* feat(coretypes): add integration kind with full CRUD for viewer/editor/admin
Install/uninstall/list integration routes (legacy /api/v1/integrations) all
sit behind ViewAccess, so every authenticated role gets the full CRUD
surface on (metaresource, integration) and (metaresources, integration).
Regenerates the static frontend permissions.type.ts to match.
* feat(coretypes): add subscription kind alongside license, document LCRUD shape
License covers the in-product license resource (Activate/Refresh/GetActive).
Subscription is the billing lifecycle (checkout/portal/billing) served by
ee/query-service routes. Both are admin-only and modeled with a uniform
LCRUD shape; comments call out which verbs actually map to routes versus
which are placeholders for shape parity (e.g. cancellation flows through
Stripe's portal, not an in-process delete).
* feat(coretypes): model telemetryresource for logs, traces, metrics
Mirrors the telemetryresource type from ee/authz/openfgaschema/base.fga
into coretypes: a read-only Type with three Kinds (logs, traces, metrics)
matching telemetrytypes.Signal. Selector is wildcard-only for v1; future
work can narrow per-service or per-environment when the use case lands.
Every managed role (admin/editor/viewer) gets read on each signal,
matching the schema's role#assignee grant. Anonymous stays unchanged.
Regenerates the static frontend permissions.type.ts.
* feat(coretypes): add audit-logs and meter-metrics kinds under telemetryresource
Audit logs (signal=logs, source=audit) and meter metrics (signal=metrics,
source=meter) are sensitive source-qualified telemetry streams that don't
belong under the broad read-grant every role gets on regular logs/traces/
metrics. Modeled as distinct Kinds so they can be permissioned
independently. Admin-only read for now; widen on explicit ask (e.g. an
auditor flow that needs viewer access to audit-logs). Regenerates the
static frontend permissions.type.ts.
* feat(coretypes): add logs-field and traces-field kinds for stored field config
GET/POST /logs/fields and /api/v2/traces/fields manage stored, mutable
field metadata (indexed/promoted columns) over each signal. They're
configuration, not telemetry data, so they sit under metaresource rather
than telemetryresource. Viewer reads, editor/admin update; no
create/delete since POST overwrites. Plural prefix (logs-field /
traces-field) matches the signal naming.
* chore(frontend): regenerate permissions.type.ts to match generate authz output
* feat(authz): add attach permissions to fga model
* fix(tests): use role permissions instead of dashboards
* fix(authz): couple of issues with register flow
* fix(authz): public dashboard read should be anomymous
* fix(tests): integration test for public dashboard access
---------
Co-authored-by: vikrantgupta25 <vikrant@signoz.io>
* fix: added validations for having expression
* fix: added extra validation and unit tests
* fix: added antlr based parsing for validation
* fix: added more unit tests
* fix: removed validation on having in range request validations
* fix: generated lexer files and added more unit tests
* fix: edge cases
* fix: added cmnd to scripts for generating lexer
* fix: use std libg sorting instead of selection sort
* fix: support implicit and
* fix: allow bare not in expression
* fix: added suggestion for having expression
* fix: typo
* fix: added more unit tests, handle white space difference in aggregation exp and having exp
* fix: added support for in and not, updated errors
* fix: added support for brackets list
* fix: lint error
* fix: handle non spaced expression
---------
Co-authored-by: Srikanth Chekuri <srikanth.chekuri92@gmail.com>
