mirror of
https://github.com/grafana/grafana.git
synced 2024-11-23 01:16:31 -06:00
Auth: Move Org service to SignedInUser interface (#72720)
add identity interface for org service
This commit is contained in:
parent
1e8879a041
commit
2ef334def7
@ -6,7 +6,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/grafana/grafana/pkg/models/roletype"
|
||||
"github.com/grafana/grafana/pkg/services/user"
|
||||
"github.com/grafana/grafana/pkg/services/auth/identity"
|
||||
"github.com/grafana/grafana/pkg/util/errutil"
|
||||
)
|
||||
|
||||
@ -174,7 +174,7 @@ type GetOrgUsersQuery struct {
|
||||
// Flag used to allow oss edition to query users without access control
|
||||
DontEnforceAccessControl bool
|
||||
|
||||
User *user.SignedInUser
|
||||
User identity.Requester
|
||||
}
|
||||
|
||||
type SearchOrgUsersQuery struct {
|
||||
@ -186,7 +186,7 @@ type SearchOrgUsersQuery struct {
|
||||
// Flag used to allow oss edition to query users without access control
|
||||
DontEnforceAccessControl bool
|
||||
|
||||
User *user.SignedInUser
|
||||
User identity.Requester
|
||||
}
|
||||
|
||||
type SearchOrgUsersQueryResult struct {
|
||||
|
@ -12,6 +12,7 @@ import (
|
||||
|
||||
"github.com/grafana/grafana/pkg/infra/db"
|
||||
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
||||
"github.com/grafana/grafana/pkg/services/auth/identity"
|
||||
"github.com/grafana/grafana/pkg/services/org"
|
||||
"github.com/grafana/grafana/pkg/services/quota/quotaimpl"
|
||||
"github.com/grafana/grafana/pkg/services/sqlstore"
|
||||
@ -614,7 +615,7 @@ func TestIntegration_SQLStore_GetOrgUsers(t *testing.T) {
|
||||
|
||||
if !hasWildcardScope(tt.query.User, accesscontrol.ActionOrgUsersRead) {
|
||||
for _, u := range result.OrgUsers {
|
||||
assert.Contains(t, tt.query.User.Permissions[tt.query.User.OrgID][accesscontrol.ActionOrgUsersRead], fmt.Sprintf("users:id:%d", u.UserID))
|
||||
assert.Contains(t, tt.query.User.GetPermissions(tt.query.User.GetOrgID())[accesscontrol.ActionOrgUsersRead], fmt.Sprintf("users:id:%d", u.UserID))
|
||||
}
|
||||
}
|
||||
})
|
||||
@ -645,8 +646,8 @@ func seedOrgUsers(t *testing.T, orgUserStore store, store *sqlstore.SQLStore, nu
|
||||
}
|
||||
}
|
||||
|
||||
func hasWildcardScope(user *user.SignedInUser, action string) bool {
|
||||
for _, scope := range user.Permissions[user.OrgID][action] {
|
||||
func hasWildcardScope(user identity.Requester, action string) bool {
|
||||
for _, scope := range user.GetPermissions(user.GetOrgID())[action] {
|
||||
if strings.HasSuffix(scope, ":*") {
|
||||
return true
|
||||
}
|
||||
@ -791,7 +792,7 @@ func TestIntegration_SQLStore_SearchOrgUsers(t *testing.T) {
|
||||
|
||||
if !hasWildcardScope(tt.query.User, accesscontrol.ActionOrgUsersRead) {
|
||||
for _, u := range result.OrgUsers {
|
||||
assert.Contains(t, tt.query.User.Permissions[tt.query.User.OrgID][accesscontrol.ActionOrgUsersRead], fmt.Sprintf("users:id:%d", u.UserID))
|
||||
assert.Contains(t, tt.query.User.GetPermissions(tt.query.User.GetOrgID())[accesscontrol.ActionOrgUsersRead], fmt.Sprintf("users:id:%d", u.UserID))
|
||||
}
|
||||
}
|
||||
})
|
||||
|
Loading…
Reference in New Issue
Block a user