AccessControl: Only return action and scope for user permissions and make them unique (#48939)

* Only return action and scope for user permissions and make them unique

pkg/services/accesscontrol/accesscontrol.go

@@ -21,7 +21,7 @@ type AccessControl interface {
 	// Evaluate evaluates access to the given resources.
 	Evaluate(ctx context.Context, user *models.SignedInUser, evaluator Evaluator) (bool, error)
 
-	// GetUserPermissions returns user permissions.
+	// GetUserPermissions returns user permissions with only action and scope fields set.
 	GetUserPermissions(ctx context.Context, user *models.SignedInUser, options Options) ([]*Permission, error)
 
 	// GetUserRoles returns user roles.
@@ -40,6 +40,7 @@ type AccessControl interface {
 }
 
 type PermissionsProvider interface {
+	// GetUserPermissions returns user permissions with only action and scope fields set.
 	GetUserPermissions(ctx context.Context, query GetUserPermissionsQuery) ([]*Permission, error)
 }
 

pkg/services/accesscontrol/database/database.go

@@ -26,13 +26,9 @@ func (s *AccessControlStore) GetUserPermissions(ctx context.Context, query acces
 		filter, params := userRolesFilter(query.OrgID, query.UserID, query.Roles)
 
 		// TODO: optimize this
-		q := `SELECT
+		q := `SELECT DISTINCT
-			permission.id,
-			permission.role_id,
 			permission.action,
-			permission.scope,
+			permission.scope
-			permission.updated,
-			permission.created
 			FROM permission
 			INNER JOIN role ON role.id = permission.role_id
 		` + filter