Authz: Remove use of SignedInUser copy for permission evaluation (#78448)

* remove use of SignedInUserCopies * add extra safety to not cross assign permissions unwind circular dependency dashboardacl->dashboardaccess fix missing import * correctly set teams for permissions * fix missing inits * nit: check err * exit early for api keys
2025-02-25 18:55:37 -06:00 · 2023-11-22 14:20:22 +01:00
parent 392a4342a8
commit 0de66a8099
44 changed files with 422 additions and 337 deletions
--- a/pkg/services/team/team.go
+++ b/pkg/services/team/team.go
@@ -3,7 +3,7 @@ package team
 import (
 	"context"

-	"github.com/grafana/grafana/pkg/services/dashboards"
+	"github.com/grafana/grafana/pkg/services/dashboards/dashboardaccess"
 )

 type Service interface {
@@ -14,7 +14,7 @@ type Service interface {
 	GetTeamByID(ctx context.Context, query *GetTeamByIDQuery) (*TeamDTO, error)
 	GetTeamsByUser(ctx context.Context, query *GetTeamsByUserQuery) ([]*TeamDTO, error)
 	GetTeamIDsByUser(ctx context.Context, query *GetTeamIDsByUserQuery) ([]int64, error)
-	AddTeamMember(userID, orgID, teamID int64, isExternal bool, permission dashboards.PermissionType) error
+	AddTeamMember(userID, orgID, teamID int64, isExternal bool, permission dashboardaccess.PermissionType) error
 	UpdateTeamMember(ctx context.Context, cmd *UpdateTeamMemberCommand) error
 	IsTeamMember(orgId int64, teamId int64, userId int64) (bool, error)
 	RemoveTeamMember(ctx context.Context, cmd *RemoveTeamMemberCommand) error