diff --git a/pkg/services/accesscontrol/ossaccesscontrol/ossaccesscontrol.go b/pkg/services/accesscontrol/ossaccesscontrol/ossaccesscontrol.go index e94a3a137c2..b4f40a5513e 100644 --- a/pkg/services/accesscontrol/ossaccesscontrol/ossaccesscontrol.go +++ b/pkg/services/accesscontrol/ossaccesscontrol/ossaccesscontrol.go @@ -62,9 +62,9 @@ func (ac *OSSAccessControlService) GetUserPermissions(ctx context.Context, user builtinRoles := ac.GetUserBuiltInRoles(user) permissions := make([]*accesscontrol.Permission, 0) for _, builtin := range builtinRoles { - if roleNames, ok := accesscontrol.PredefinedRoleGrants[builtin]; ok { + if roleNames, ok := accesscontrol.FixedRoleGrants[builtin]; ok { for _, name := range roleNames { - r, exists := accesscontrol.PredefinedRoles[name] + r, exists := accesscontrol.FixedRoles[name] if !exists { continue } diff --git a/pkg/services/accesscontrol/roles.go b/pkg/services/accesscontrol/roles.go index 3a3d503b4ed..44fd9a53e05 100644 --- a/pkg/services/accesscontrol/roles.go +++ b/pkg/services/accesscontrol/roles.go @@ -135,13 +135,13 @@ var provisioningAdminRole = RoleDTO{ }, } -// PredefinedRoles provides a map of permission sets/roles which can be +// FixedRoles provides a map of permission sets/roles which can be // assigned to a set of users. When adding a new resource protected by // Grafana access control the default permissions should be added to a -// new predefined role in this set so that users can access the new -// resource. PredefinedRoleGrants lists which organization roles are -// assigned which predefined roles in this list. -var PredefinedRoles = map[string]RoleDTO{ +// new fixed role in this set so that users can access the new +// resource. FixedRoleGrants lists which built-in roles are +// assigned which fixed roles in this list. +var FixedRoles = map[string]RoleDTO{ usersAdminRead: usersAdminReadRole, usersAdminEdit: usersAdminEditRole, @@ -155,21 +155,21 @@ var PredefinedRoles = map[string]RoleDTO{ } const ( - usersAdminEdit = "grafana:roles:users:admin:edit" - usersAdminRead = "grafana:roles:users:admin:read" + usersAdminEdit = "fixed:users:admin:edit" + usersAdminRead = "fixed:users:admin:read" - usersOrgEdit = "grafana:roles:users:org:edit" - usersOrgRead = "grafana:roles:users:org:read" + usersOrgEdit = "fixed:users:org:edit" + usersOrgRead = "fixed:users:org:read" - ldapAdminEdit = "grafana:roles:ldap:admin:edit" - ldapAdminRead = "grafana:roles:ldap:admin:read" + ldapAdminEdit = "fixed:ldap:admin:edit" + ldapAdminRead = "fixed:ldap:admin:read" - provisioningAdmin = "grafana:roles:provisioning:admin" + provisioningAdmin = "fixed:provisioning:admin" ) -// PredefinedRoleGrants specifies which organization roles are assigned -// to which set of PredefinedRoles by default. Alphabetically sorted. -var PredefinedRoleGrants = map[string][]string{ +// FixedRoleGrants specifies which built-in roles are assigned +// to which set of FixedRoles by default. Alphabetically sorted. +var FixedRoleGrants = map[string][]string{ RoleGrafanaAdmin: { ldapAdminEdit, ldapAdminRead, diff --git a/pkg/services/accesscontrol/roles_test.go b/pkg/services/accesscontrol/roles_test.go index f10a951847e..750abb43d63 100644 --- a/pkg/services/accesscontrol/roles_test.go +++ b/pkg/services/accesscontrol/roles_test.go @@ -9,10 +9,10 @@ import ( ) func TestPredefinedRoles(t *testing.T) { - for name, r := range PredefinedRoles { + for name, r := range FixedRoles { assert.Truef(t, - strings.HasPrefix(name, "grafana:roles:"), - "expected all predefined roles to be prefixed by 'grafana:roles:', found role '%s'", name, + strings.HasPrefix(name, "fixed:"), + "expected all fixed roles to be prefixed by 'fixed:', found role '%s'", name, ) assert.Equal(t, name, r.Name) assert.NotZero(t, r.Version) @@ -21,7 +21,7 @@ func TestPredefinedRoles(t *testing.T) { } func TestPredefinedRoleGrants(t *testing.T) { - for _, v := range PredefinedRoleGrants { + for _, v := range FixedRoleGrants { assert.True(t, sort.SliceIsSorted(v, func(i, j int) bool { return v[i] < v[j] @@ -29,7 +29,7 @@ func TestPredefinedRoleGrants(t *testing.T) { "require role grant lists to be sorted", ) for _, r := range v { - assert.Contains(t, PredefinedRoles, r) + assert.Contains(t, FixedRoles, r) } } }