Auth: Move Org service to SignedInUser interface (#72720)

add identity interface for org service
This commit is contained in:
Jo 2023-08-03 11:02:38 +02:00 committed by GitHub
parent 1e8879a041
commit 2ef334def7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 7 deletions

View File

@ -6,7 +6,7 @@ import (
"time"
"github.com/grafana/grafana/pkg/models/roletype"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/services/auth/identity"
"github.com/grafana/grafana/pkg/util/errutil"
)
@ -174,7 +174,7 @@ type GetOrgUsersQuery struct {
// Flag used to allow oss edition to query users without access control
DontEnforceAccessControl bool
User *user.SignedInUser
User identity.Requester
}
type SearchOrgUsersQuery struct {
@ -186,7 +186,7 @@ type SearchOrgUsersQuery struct {
// Flag used to allow oss edition to query users without access control
DontEnforceAccessControl bool
User *user.SignedInUser
User identity.Requester
}
type SearchOrgUsersQueryResult struct {

View File

@ -12,6 +12,7 @@ import (
"github.com/grafana/grafana/pkg/infra/db"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/auth/identity"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/quota/quotaimpl"
"github.com/grafana/grafana/pkg/services/sqlstore"
@ -614,7 +615,7 @@ func TestIntegration_SQLStore_GetOrgUsers(t *testing.T) {
if !hasWildcardScope(tt.query.User, accesscontrol.ActionOrgUsersRead) {
for _, u := range result.OrgUsers {
assert.Contains(t, tt.query.User.Permissions[tt.query.User.OrgID][accesscontrol.ActionOrgUsersRead], fmt.Sprintf("users:id:%d", u.UserID))
assert.Contains(t, tt.query.User.GetPermissions(tt.query.User.GetOrgID())[accesscontrol.ActionOrgUsersRead], fmt.Sprintf("users:id:%d", u.UserID))
}
}
})
@ -645,8 +646,8 @@ func seedOrgUsers(t *testing.T, orgUserStore store, store *sqlstore.SQLStore, nu
}
}
func hasWildcardScope(user *user.SignedInUser, action string) bool {
for _, scope := range user.Permissions[user.OrgID][action] {
func hasWildcardScope(user identity.Requester, action string) bool {
for _, scope := range user.GetPermissions(user.GetOrgID())[action] {
if strings.HasSuffix(scope, ":*") {
return true
}
@ -791,7 +792,7 @@ func TestIntegration_SQLStore_SearchOrgUsers(t *testing.T) {
if !hasWildcardScope(tt.query.User, accesscontrol.ActionOrgUsersRead) {
for _, u := range result.OrgUsers {
assert.Contains(t, tt.query.User.Permissions[tt.query.User.OrgID][accesscontrol.ActionOrgUsersRead], fmt.Sprintf("users:id:%d", u.UserID))
assert.Contains(t, tt.query.User.GetPermissions(tt.query.User.GetOrgID())[accesscontrol.ActionOrgUsersRead], fmt.Sprintf("users:id:%d", u.UserID))
}
}
})