mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Auth: Adds validation and ingestion of conflict file (#53014)
* add users-manager command * add users-manager command * rename files * refactor: imports and renaming * Command: add conflict merge user command - MergeUser will - replace all user_ids from conflicting users to the chosen userId - delete users whose user_ids are not the chosen user - SameIdentification will - update chosen user with chosen email,login details - delete users whose user_ids are not the chosen user * refactor: clean up * refactor: create structure for read, validate, ingest * feat: ls and generate-file for conflicting users * remove usagestats * added back pkg/services/login/authinfoservice/database/stats.go * Revert "added back pkg/services/login/authinfoservice/database/stats.go" This reverts commit2ba6e3c4d6. * Revert "remove usagestats" This reverts commit1e3fa97810. * cherry pick * Revert "cherry pick" This reverts commit461626c306. * validation of picked merge user * fix test * make lint * make test run * tests for ingest working * clean up and refactored to align with downstream refactoring * formatting * refactor: name list instead of ls * fix: static lint error use trimprefix * WIP: permissions for validation * fix: remove unused functions in sqlstore * fix: remove unused function * handling of multiple users and resolve discarded users * fix tests * fix: bug that did not exclude the blocks * ioutil is blacklisted * WIP: validation * tests for merging a user working * add latest changes to output print * refactor: removed conflictEmail and conflictLogin that was not used * refactor: code clean up, showChanges working * test and linting fixes * test and linting fixes * refactor: removed logging of config and added more info for vlidation command * refactor: fix order of code * fix time now * refactor: no longer need for check casesensitive login/email * removed unnessecary loop * refactor: move functions around * test: working * docs: add docuemntationf for file * Add failing test for generating the conflict login block * Fix regex * Fix some stuff/tests Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com> * add: docs for conflict file * add: conflict_email, conflict_login fields * add: conflict_email, conflict_login fields * WIP * fix: tests working as intended * Update pkg/cmd/grafana-cli/commands/conflict_user_command.go Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> * review comments * Update pkg/cmd/grafana-cli/commands/conflict_user_command.go Co-authored-by: Misi <mgyongyosi@users.noreply.github.com> * Update pkg/cmd/grafana-cli/commands/conflict_user_command.go Co-authored-by: Misi <mgyongyosi@users.noreply.github.com> * missspelling * trailing new line * update to use userimpl store * remove newline * remove newline * refactor: initializing of resolver for conflicts * fix: test sqlStore * refactor: removed lines * refactor: remove TODOs Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com> Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
This commit is contained in:
Eric Leijonmarck
GitHub
@@ -49,7 +49,9 @@ func (s *AccessControlStore) GetUserPermissions(ctx context.Context, query acces
|
||||
params = append(params, a)
|
||||
}
|
||||
}
|
||||
|
||||
q += `
|
||||
ORDER BY permission.scope
|
||||
`
|
||||
if err := sess.SQL(q, params...).Find(&result); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -14,7 +14,7 @@ func (ss *SQLStore) AddOrgUser(ctx context.Context, cmd *models.AddOrgUserComman
|
||||
var usr user.User
|
||||
session := sess.ID(cmd.UserId)
|
||||
if !cmd.AllowAddingServiceAccount {
|
||||
session = session.Where(notServiceAccountFilter(ss))
|
||||
session = session.Where(NotServiceAccountFilter(ss))
|
||||
}
|
||||
|
||||
if exists, err := session.Get(&usr); err != nil {
|
||||
|
||||
@@ -169,7 +169,7 @@ func (ss *SQLStore) CreateUser(ctx context.Context, cmd user.CreateUserCommand)
|
||||
return &user, createErr
|
||||
}
|
||||
|
||||
func notServiceAccountFilter(ss *SQLStore) string {
|
||||
func NotServiceAccountFilter(ss *SQLStore) string {
|
||||
return fmt.Sprintf("%s.is_service_account = %s",
|
||||
ss.Dialect.Quote("user"),
|
||||
ss.Dialect.BooleanStr(false))
|
||||
@@ -180,7 +180,7 @@ func (ss *SQLStore) GetUserById(ctx context.Context, query *models.GetUserByIdQu
|
||||
usr := new(user.User)
|
||||
|
||||
has, err := sess.ID(query.Id).
|
||||
Where(notServiceAccountFilter(ss)).
|
||||
Where(NotServiceAccountFilter(ss)).
|
||||
Get(usr)
|
||||
|
||||
if err != nil {
|
||||
@@ -235,7 +235,7 @@ func setUsingOrgInTransaction(sess *DBSession, userID int64, orgID int64) error
|
||||
func (ss *SQLStore) GetUserProfile(ctx context.Context, query *models.GetUserProfileQuery) error {
|
||||
return ss.WithDbSession(ctx, func(sess *DBSession) error {
|
||||
var usr user.User
|
||||
has, err := sess.ID(query.UserId).Where(notServiceAccountFilter(ss)).Get(&usr)
|
||||
has, err := sess.ID(query.UserId).Where(NotServiceAccountFilter(ss)).Get(&usr)
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -288,7 +288,7 @@ func (ss *SQLStore) GetUserOrgList(ctx context.Context, query *models.GetUserOrg
|
||||
sess.Join("INNER", "org", "org_user.org_id=org.id")
|
||||
sess.Join("INNER", ss.Dialect.Quote("user"), fmt.Sprintf("org_user.user_id=%s.id", ss.Dialect.Quote("user")))
|
||||
sess.Where("org_user.user_id=?", query.UserId)
|
||||
sess.Where(notServiceAccountFilter(ss))
|
||||
sess.Where(NotServiceAccountFilter(ss))
|
||||
sess.Cols("org.name", "org_user.role", "org_user.org_id")
|
||||
sess.OrderBy("org.name")
|
||||
err := sess.Find(&query.Result)
|
||||
@@ -581,7 +581,7 @@ func (ss *SQLStore) DisableUser(ctx context.Context, cmd *models.DisableUserComm
|
||||
usr := user.User{}
|
||||
sess := dbSess.Table("user")
|
||||
|
||||
if has, err := sess.ID(cmd.UserId).Where(notServiceAccountFilter(ss)).Get(&usr); err != nil {
|
||||
if has, err := sess.ID(cmd.UserId).Where(NotServiceAccountFilter(ss)).Get(&usr); err != nil {
|
||||
return err
|
||||
} else if !has {
|
||||
return user.ErrUserNotFound
|
||||
@@ -611,7 +611,7 @@ func (ss *SQLStore) BatchDisableUsers(ctx context.Context, cmd *models.BatchDisa
|
||||
disableParams = append(disableParams, v)
|
||||
}
|
||||
|
||||
_, err := sess.Where(notServiceAccountFilter(ss)).Exec(disableParams...)
|
||||
_, err := sess.Where(NotServiceAccountFilter(ss)).Exec(disableParams...)
|
||||
return err
|
||||
})
|
||||
}
|
||||
@@ -622,10 +622,14 @@ func (ss *SQLStore) DeleteUser(ctx context.Context, cmd *models.DeleteUserComman
|
||||
})
|
||||
}
|
||||
|
||||
func (ss *SQLStore) DeleteUserInSession(ctx context.Context, sess *DBSession, cmd *models.DeleteUserCommand) error {
|
||||
return deleteUserInTransaction(ss, sess, cmd)
|
||||
}
|
||||
|
||||
func deleteUserInTransaction(ss *SQLStore, sess *DBSession, cmd *models.DeleteUserCommand) error {
|
||||
// Check if user exists
|
||||
usr := user.User{ID: cmd.UserId}
|
||||
has, err := sess.Where(notServiceAccountFilter(ss)).Get(&usr)
|
||||
has, err := sess.Where(NotServiceAccountFilter(ss)).Get(&usr)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -701,23 +705,20 @@ func UserDeletions() []string {
|
||||
func (ss *SQLStore) UpdateUserPermissions(userID int64, isAdmin bool) error {
|
||||
return ss.WithTransactionalDbSession(context.Background(), func(sess *DBSession) error {
|
||||
var user user.User
|
||||
if _, err := sess.ID(userID).Where(notServiceAccountFilter(ss)).Get(&user); err != nil {
|
||||
if _, err := sess.ID(userID).Where(NotServiceAccountFilter(ss)).Get(&user); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
user.IsAdmin = isAdmin
|
||||
sess.UseBool("is_admin")
|
||||
|
||||
_, err := sess.ID(user.ID).Update(&user)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// validate that after update there is at least one server admin
|
||||
if err := validateOneAdminLeft(sess); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user