Access control: Rename predefined roles to fixed roles (code) (#34469)

* s/grafana:roles:/fixed:/

* Update free text references to predefined roles

pkg/services/accesscontrol/ossaccesscontrol/ossaccesscontrol.go

@@ -62,9 +62,9 @@ func (ac *OSSAccessControlService) GetUserPermissions(ctx context.Context, user
 	builtinRoles := ac.GetUserBuiltInRoles(user)
 	permissions := make([]*accesscontrol.Permission, 0)
 	for _, builtin := range builtinRoles {
-		if roleNames, ok := accesscontrol.PredefinedRoleGrants[builtin]; ok {
+		if roleNames, ok := accesscontrol.FixedRoleGrants[builtin]; ok {
 			for _, name := range roleNames {
-				r, exists := accesscontrol.PredefinedRoles[name]
+				r, exists := accesscontrol.FixedRoles[name]
 				if !exists {
 					continue
 				}

pkg/services/accesscontrol/roles.go

@@ -135,13 +135,13 @@ var provisioningAdminRole = RoleDTO{
 	},
 }
 
-// PredefinedRoles provides a map of permission sets/roles which can be
+// FixedRoles provides a map of permission sets/roles which can be
 // assigned to a set of users. When adding a new resource protected by
 // Grafana access control the default permissions should be added to a
-// new predefined role in this set so that users can access the new
+// new fixed role in this set so that users can access the new
-// resource. PredefinedRoleGrants lists which organization roles are
+// resource. FixedRoleGrants lists which built-in roles are
-// assigned which predefined roles in this list.
+// assigned which fixed roles in this list.
-var PredefinedRoles = map[string]RoleDTO{
+var FixedRoles = map[string]RoleDTO{
 	usersAdminRead: usersAdminReadRole,
 	usersAdminEdit: usersAdminEditRole,
 
@@ -155,21 +155,21 @@ var PredefinedRoles = map[string]RoleDTO{
 }
 
 const (
-	usersAdminEdit = "grafana:roles:users:admin:edit"
+	usersAdminEdit = "fixed:users:admin:edit"
-	usersAdminRead = "grafana:roles:users:admin:read"
+	usersAdminRead = "fixed:users:admin:read"
 
-	usersOrgEdit = "grafana:roles:users:org:edit"
+	usersOrgEdit = "fixed:users:org:edit"
-	usersOrgRead = "grafana:roles:users:org:read"
+	usersOrgRead = "fixed:users:org:read"
 
-	ldapAdminEdit = "grafana:roles:ldap:admin:edit"
+	ldapAdminEdit = "fixed:ldap:admin:edit"
-	ldapAdminRead = "grafana:roles:ldap:admin:read"
+	ldapAdminRead = "fixed:ldap:admin:read"
 
-	provisioningAdmin = "grafana:roles:provisioning:admin"
+	provisioningAdmin = "fixed:provisioning:admin"
 )
 
-// PredefinedRoleGrants specifies which organization roles are assigned
+// FixedRoleGrants specifies which built-in roles are assigned
-// to which set of PredefinedRoles by default. Alphabetically sorted.
+// to which set of FixedRoles by default. Alphabetically sorted.
-var PredefinedRoleGrants = map[string][]string{
+var FixedRoleGrants = map[string][]string{
 	RoleGrafanaAdmin: {
 		ldapAdminEdit,
 		ldapAdminRead,

pkg/services/accesscontrol/roles_test.go

@@ -9,10 +9,10 @@ import (
 )
 
 func TestPredefinedRoles(t *testing.T) {
-	for name, r := range PredefinedRoles {
+	for name, r := range FixedRoles {
 		assert.Truef(t,
-			strings.HasPrefix(name, "grafana:roles:"),
+			strings.HasPrefix(name, "fixed:"),
-			"expected all predefined roles to be prefixed by 'grafana:roles:', found role '%s'", name,
+			"expected all fixed roles to be prefixed by 'fixed:', found role '%s'", name,
 		)
 		assert.Equal(t, name, r.Name)
 		assert.NotZero(t, r.Version)
@@ -21,7 +21,7 @@ func TestPredefinedRoles(t *testing.T) {
 }
 
 func TestPredefinedRoleGrants(t *testing.T) {
-	for _, v := range PredefinedRoleGrants {
+	for _, v := range FixedRoleGrants {
 		assert.True(t,
 			sort.SliceIsSorted(v, func(i, j int) bool {
 				return v[i] < v[j]
@@ -29,7 +29,7 @@ func TestPredefinedRoleGrants(t *testing.T) {
 			"require role grant lists to be sorted",
 		)
 		for _, r := range v {
-			assert.Contains(t, PredefinedRoles, r)
+			assert.Contains(t, FixedRoles, r)
 		}
 	}
 }