From 23cba787523dcff373a4b4d3d90d5f2ae923cd8b Mon Sep 17 00:00:00 2001 From: Eric Leijonmarck Date: Tue, 22 Oct 2024 15:39:18 +0100 Subject: [PATCH] fetch user using the userservice with the userid --- pkg/build/cmd/exportversion.go | 1 + pkg/services/datasources/models.go | 4 ---- pkg/services/datasources/service/datasource.go | 14 ++++++++++++-- 3 files changed, 13 insertions(+), 6 deletions(-) create mode 120000 pkg/build/cmd/exportversion.go diff --git a/pkg/build/cmd/exportversion.go b/pkg/build/cmd/exportversion.go new file mode 120000 index 00000000000..2cb9c1c609c --- /dev/null +++ b/pkg/build/cmd/exportversion.go @@ -0,0 +1 @@ +/Users/eleijonmarck/dev/grafana/grafana-enterprise/src/pkg/build/cmd/exportversion.go \ No newline at end of file diff --git a/pkg/services/datasources/models.go b/pkg/services/datasources/models.go index db9bf3f9d42..c9697c2b161 100644 --- a/pkg/services/datasources/models.go +++ b/pkg/services/datasources/models.go @@ -5,7 +5,6 @@ import ( "errors" "time" - "github.com/grafana/grafana/pkg/apimachinery/identity" "github.com/grafana/grafana/pkg/components/simplejson" "github.com/grafana/grafana/pkg/services/quota" "github.com/grafana/grafana/pkg/services/user" @@ -177,9 +176,6 @@ type AddDataSourceCommand struct { ReadOnly bool `json:"-"` EncryptedSecureJsonData map[string][]byte `json:"-"` UpdateSecretFn UpdateSecretFn `json:"-"` - - // Refactor to use User field instead of UserRequester - UserRequester identity.Requester } // Also acts as api DTO diff --git a/pkg/services/datasources/service/datasource.go b/pkg/services/datasources/service/datasource.go index 766d2ec0296..37cc8ae84b5 100644 --- a/pkg/services/datasources/service/datasource.go +++ b/pkg/services/datasources/service/datasource.go @@ -31,6 +31,7 @@ import ( "github.com/grafana/grafana/pkg/services/quota" "github.com/grafana/grafana/pkg/services/secrets" "github.com/grafana/grafana/pkg/services/secrets/kvstore" + "github.com/grafana/grafana/pkg/services/user" "github.com/grafana/grafana/pkg/setting" ) @@ -52,6 +53,7 @@ type Service struct { pluginStore pluginstore.Store pluginClient plugins.Client basePluginContextProvider plugincontext.BasePluginContextProvider + userService user.Service ptc proxyTransportCache } @@ -71,6 +73,7 @@ func ProvideService( features featuremgmt.FeatureToggles, ac accesscontrol.AccessControl, datasourcePermissionsService accesscontrol.DatasourcePermissionsService, quotaService quota.Service, pluginStore pluginstore.Store, pluginClient plugins.Client, basePluginContextProvider plugincontext.BasePluginContextProvider, + userService user.Service, ) (*Service, error) { dslogger := log.New("datasources") store := &SqlStore{db: db, logger: dslogger, features: features} @@ -90,6 +93,7 @@ func ProvideService( pluginStore: pluginStore, pluginClient: pluginClient, basePluginContextProvider: basePluginContextProvider, + userService: userService, } ac.RegisterScopeAttributeResolver(NewNameScopeResolver(store)) @@ -291,8 +295,14 @@ func (s *Service) AddDataSource(ctx context.Context, cmd *datasources.AddDataSou {BuiltinRole: "Viewer", Permission: "Query"}, {BuiltinRole: "Editor", Permission: "Query"}, } - if cmd.UserID != 0 || (cmd.UserRequester.IsIdentityType(claims.TypeUser, claims.TypeServiceAccount)) { - permissions = append(permissions, accesscontrol.SetResourcePermissionCommand{UserID: cmd.UserID, Permission: "Admin"}) + if cmd.UserID != 0 { + usr, err := s.userService.GetSignedInUser(ctx, &user.GetSignedInUserQuery{UserID: cmd.UserID, OrgID: cmd.OrgID}) + if err != nil { + return fmt.Errorf("failed to get user: %w", err) + } + if usr.IsIdentityType(claims.TypeUser, claims.TypeServiceAccount) { + permissions = append(permissions, accesscontrol.SetResourcePermissionCommand{UserID: cmd.UserID, Permission: "Admin"}) + } } if _, err = s.permissionsService.SetPermissions(ctx, cmd.OrgID, dataSource.UID, permissions...); err != nil { return err