From 31d64161571a7241ae8548122d7bf3280135af02 Mon Sep 17 00:00:00 2001 From: Will Browne Date: Mon, 27 Mar 2023 10:15:37 +0100 Subject: [PATCH] Plugins: Migrate licensing and access control to pkg/services/pluginsintegration package (#65258) * migrate licensing + access control * update package name --- pkg/api/accesscontrol.go | 4 ++-- pkg/api/api.go | 24 +++++++++---------- pkg/api/plugin_resource_test.go | 6 ++--- pkg/api/plugins.go | 9 +++---- pkg/api/plugins_test.go | 5 ++-- pkg/middleware/auth.go | 4 ++-- .../manager/manager_integration_test.go | 2 +- .../accesscontrol/pluginutils/utils.go | 11 +++++---- pkg/services/navtree/navtreeimpl/admin.go | 4 ++-- pkg/services/navtree/navtreeimpl/applinks.go | 3 ++- .../navtree/navtreeimpl/applinks_test.go | 13 +++++----- .../licensing/licensing.go | 0 .../pluginaccesscontrol}/accesscontrol.go | 2 +- .../pluginsintegration/pluginsintegration.go | 2 +- 14 files changed, 47 insertions(+), 42 deletions(-) rename pkg/{plugins => services/pluginsintegration}/licensing/licensing.go (100%) rename pkg/{plugins => services/pluginsintegration/pluginaccesscontrol}/accesscontrol.go (98%) diff --git a/pkg/api/accesscontrol.go b/pkg/api/accesscontrol.go index 53c6032c3f3..b5de00c49f7 100644 --- a/pkg/api/accesscontrol.go +++ b/pkg/api/accesscontrol.go @@ -3,12 +3,12 @@ package api import ( "fmt" - "github.com/grafana/grafana/pkg/plugins" ac "github.com/grafana/grafana/pkg/services/accesscontrol" contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model" "github.com/grafana/grafana/pkg/services/dashboards" "github.com/grafana/grafana/pkg/services/datasources" "github.com/grafana/grafana/pkg/services/org" + "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginaccesscontrol" "github.com/grafana/grafana/pkg/tsdb/grafanads" ) @@ -32,7 +32,7 @@ var ( // that HTTPServer needs func (hs *HTTPServer) declareFixedRoles() error { // Declare plugins roles - if err := plugins.DeclareRBACRoles(hs.accesscontrolService, hs.Cfg); err != nil { + if err := pluginaccesscontrol.DeclareRBACRoles(hs.accesscontrolService, hs.Cfg); err != nil { return err } diff --git a/pkg/api/api.go b/pkg/api/api.go index 5998f5c0b40..366b632fb2e 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -33,7 +33,6 @@ import ( "github.com/grafana/grafana/pkg/api/routing" "github.com/grafana/grafana/pkg/infra/log" "github.com/grafana/grafana/pkg/middleware" - "github.com/grafana/grafana/pkg/plugins" ac "github.com/grafana/grafana/pkg/services/accesscontrol" "github.com/grafana/grafana/pkg/services/apikey" "github.com/grafana/grafana/pkg/services/auth" @@ -43,6 +42,7 @@ import ( "github.com/grafana/grafana/pkg/services/datasources" "github.com/grafana/grafana/pkg/services/featuremgmt" "github.com/grafana/grafana/pkg/services/org" + "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginaccesscontrol" publicdashboardsapi "github.com/grafana/grafana/pkg/services/publicdashboards/api" "github.com/grafana/grafana/pkg/services/serviceaccounts" "github.com/grafana/grafana/pkg/services/user" @@ -140,9 +140,9 @@ func (hs *HTTPServer) registerRoutes() { r.Get("/connections/datasources/:id/page/:page", middleware.CanAdminPlugins(hs.Cfg), hs.Index) // App Root Page - appPluginIDScope := plugins.ScopeProvider.GetResourceScope(ac.Parameter(":id")) - r.Get("/a/:id/*", authorize(reqSignedIn, ac.EvalPermission(plugins.ActionAppAccess, appPluginIDScope)), hs.Index) - r.Get("/a/:id", authorize(reqSignedIn, ac.EvalPermission(plugins.ActionAppAccess, appPluginIDScope)), hs.Index) + appPluginIDScope := pluginaccesscontrol.ScopeProvider.GetResourceScope(ac.Parameter(":id")) + r.Get("/a/:id/*", authorize(reqSignedIn, ac.EvalPermission(pluginaccesscontrol.ActionAppAccess, appPluginIDScope)), hs.Index) + r.Get("/a/:id", authorize(reqSignedIn, ac.EvalPermission(pluginaccesscontrol.ActionAppAccess, appPluginIDScope)), hs.Index) r.Get("/d/:uid/:slug", reqSignedIn, redirectFromLegacyPanelEditURL, hs.Index) r.Get("/d/:uid", reqSignedIn, redirectFromLegacyPanelEditURL, hs.Index) @@ -405,27 +405,27 @@ func (hs *HTTPServer) registerRoutes() { datasourceRoute.Get("/id/:name", authorize(reqSignedIn, ac.EvalPermission(datasources.ActionIDRead, nameScope)), routing.Wrap(hs.GetDataSourceIdByName)) }) - pluginIDScope := plugins.ScopeProvider.GetResourceScope(ac.Parameter(":pluginId")) + pluginIDScope := pluginaccesscontrol.ScopeProvider.GetResourceScope(ac.Parameter(":pluginId")) apiRoute.Get("/plugins", routing.Wrap(hs.GetPluginList)) apiRoute.Get("/plugins/:pluginId/settings", routing.Wrap(hs.GetPluginSettingByID)) // RBAC check performed in handler for App Plugins apiRoute.Get("/plugins/:pluginId/markdown/:name", routing.Wrap(hs.GetPluginMarkdown)) apiRoute.Get("/plugins/:pluginId/health", routing.Wrap(hs.CheckHealth)) - apiRoute.Any("/plugins/:pluginId/resources", authorize(reqSignedIn, ac.EvalPermission(plugins.ActionAppAccess, pluginIDScope)), hs.CallResource) - apiRoute.Any("/plugins/:pluginId/resources/*", authorize(reqSignedIn, ac.EvalPermission(plugins.ActionAppAccess, pluginIDScope)), hs.CallResource) + apiRoute.Any("/plugins/:pluginId/resources", authorize(reqSignedIn, ac.EvalPermission(pluginaccesscontrol.ActionAppAccess, pluginIDScope)), hs.CallResource) + apiRoute.Any("/plugins/:pluginId/resources/*", authorize(reqSignedIn, ac.EvalPermission(pluginaccesscontrol.ActionAppAccess, pluginIDScope)), hs.CallResource) apiRoute.Get("/plugins/errors", routing.Wrap(hs.GetPluginErrorsList)) - apiRoute.Any("/plugin-proxy/:pluginId/*", authorize(reqSignedIn, ac.EvalPermission(plugins.ActionAppAccess, pluginIDScope)), hs.ProxyPluginRequest) - apiRoute.Any("/plugin-proxy/:pluginId", authorize(reqSignedIn, ac.EvalPermission(plugins.ActionAppAccess, pluginIDScope)), hs.ProxyPluginRequest) + apiRoute.Any("/plugin-proxy/:pluginId/*", authorize(reqSignedIn, ac.EvalPermission(pluginaccesscontrol.ActionAppAccess, pluginIDScope)), hs.ProxyPluginRequest) + apiRoute.Any("/plugin-proxy/:pluginId", authorize(reqSignedIn, ac.EvalPermission(pluginaccesscontrol.ActionAppAccess, pluginIDScope)), hs.ProxyPluginRequest) if hs.Cfg.PluginAdminEnabled && !hs.Cfg.PluginAdminExternalManageEnabled { apiRoute.Group("/plugins", func(pluginRoute routing.RouteRegister) { - pluginRoute.Post("/:pluginId/install", authorize(reqGrafanaAdmin, ac.EvalPermission(plugins.ActionInstall)), routing.Wrap(hs.InstallPlugin)) - pluginRoute.Post("/:pluginId/uninstall", authorize(reqGrafanaAdmin, ac.EvalPermission(plugins.ActionInstall)), routing.Wrap(hs.UninstallPlugin)) + pluginRoute.Post("/:pluginId/install", authorize(reqGrafanaAdmin, ac.EvalPermission(pluginaccesscontrol.ActionInstall)), routing.Wrap(hs.InstallPlugin)) + pluginRoute.Post("/:pluginId/uninstall", authorize(reqGrafanaAdmin, ac.EvalPermission(pluginaccesscontrol.ActionInstall)), routing.Wrap(hs.UninstallPlugin)) }) } apiRoute.Group("/plugins", func(pluginRoute routing.RouteRegister) { pluginRoute.Get("/:pluginId/dashboards/", reqOrgAdmin, routing.Wrap(hs.GetPluginDashboards)) - pluginRoute.Post("/:pluginId/settings", authorize(reqOrgAdmin, ac.EvalPermission(plugins.ActionWrite, pluginIDScope)), routing.Wrap(hs.UpdatePluginSetting)) + pluginRoute.Post("/:pluginId/settings", authorize(reqOrgAdmin, ac.EvalPermission(pluginaccesscontrol.ActionWrite, pluginIDScope)), routing.Wrap(hs.UpdatePluginSetting)) pluginRoute.Get("/:pluginId/metrics", reqOrgAdmin, routing.Wrap(hs.CollectPluginMetrics)) }) diff --git a/pkg/api/plugin_resource_test.go b/pkg/api/plugin_resource_test.go index f6ceff36c0b..0efd79f0014 100644 --- a/pkg/api/plugin_resource_test.go +++ b/pkg/api/plugin_resource_test.go @@ -15,7 +15,6 @@ import ( "github.com/grafana/grafana/pkg/infra/db" "github.com/grafana/grafana/pkg/infra/localcache" - "github.com/grafana/grafana/pkg/plugins" "github.com/grafana/grafana/pkg/plugins/backendplugin/coreplugin" "github.com/grafana/grafana/pkg/plugins/backendplugin/provider" "github.com/grafana/grafana/pkg/plugins/config" @@ -34,6 +33,7 @@ import ( "github.com/grafana/grafana/pkg/services/featuremgmt" "github.com/grafana/grafana/pkg/services/oauthtoken/oauthtokentest" "github.com/grafana/grafana/pkg/services/pluginsintegration" + "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginaccesscontrol" "github.com/grafana/grafana/pkg/services/pluginsintegration/plugincontext" pluginSettings "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginsettings/service" "github.com/grafana/grafana/pkg/services/quota/quotatest" @@ -80,7 +80,7 @@ func TestCallResource(t *testing.T) { req := srv.NewPostRequest("/api/plugins/testdata/resources/test", strings.NewReader("{ \"test\": true }")) webtest.RequestWithSignedInUser(req, &user.SignedInUser{UserID: 1, OrgID: 1, Permissions: map[int64]map[string][]string{ 1: accesscontrol.GroupScopesByAction([]accesscontrol.Permission{ - {Action: plugins.ActionAppAccess, Scope: plugins.ScopeProvider.GetResourceAllScope()}, + {Action: pluginaccesscontrol.ActionAppAccess, Scope: pluginaccesscontrol.ScopeProvider.GetResourceAllScope()}, }), }}) resp, err := srv.SendJSON(req) @@ -118,7 +118,7 @@ func TestCallResource(t *testing.T) { req := srv.NewGetRequest("/api/plugins/testdata/resources/scenarios") webtest.RequestWithSignedInUser(req, &user.SignedInUser{UserID: 1, OrgID: 1, Permissions: map[int64]map[string][]string{ 1: accesscontrol.GroupScopesByAction([]accesscontrol.Permission{ - {Action: plugins.ActionAppAccess, Scope: plugins.ScopeProvider.GetResourceAllScope()}, + {Action: pluginaccesscontrol.ActionAppAccess, Scope: pluginaccesscontrol.ScopeProvider.GetResourceAllScope()}, }), }}) resp, err := srv.SendJSON(req) diff --git a/pkg/api/plugins.go b/pkg/api/plugins.go index 952e679e755..0bf5e17fd3e 100644 --- a/pkg/api/plugins.go +++ b/pkg/api/plugins.go @@ -28,6 +28,7 @@ import ( contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model" "github.com/grafana/grafana/pkg/services/datasources" "github.com/grafana/grafana/pkg/services/org" + "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginaccesscontrol" "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginsettings" "github.com/grafana/grafana/pkg/setting" "github.com/grafana/grafana/pkg/util" @@ -60,7 +61,7 @@ func (hs *HTTPServer) GetPluginList(c *contextmodel.ReqContext) response.Respons hasAccess := ac.HasAccess(hs.AccessControl, c) canListNonCorePlugins := reqOrgAdmin(c) || hasAccess(reqOrgAdmin, ac.EvalAny( ac.EvalPermission(datasources.ActionCreate), - ac.EvalPermission(plugins.ActionInstall), + ac.EvalPermission(pluginaccesscontrol.ActionInstall), )) pluginSettingsMap, err := hs.pluginSettings(c.Req.Context(), c.OrgID) @@ -90,7 +91,7 @@ func (hs *HTTPServer) GetPluginList(c *contextmodel.ReqContext) response.Respons // Should be able to list this installed plugin: // * anyone that can edit its settings if !pluginDef.IsCorePlugin() && !canListNonCorePlugins && !hasAccess(reqOrgAdmin, - ac.EvalPermission(plugins.ActionWrite, plugins.ScopeProvider.GetResourceScope(pluginDef.ID))) { + ac.EvalPermission(pluginaccesscontrol.ActionWrite, pluginaccesscontrol.ScopeProvider.GetResourceScope(pluginDef.ID))) { continue } @@ -121,7 +122,7 @@ func (hs *HTTPServer) GetPluginList(c *contextmodel.ReqContext) response.Respons // Compute metadata pluginsMetadata := hs.getMultiAccessControlMetadata(c, c.OrgID, - plugins.ScopeProvider.GetResourceScope(""), filteredPluginIDs) + pluginaccesscontrol.ScopeProvider.GetResourceScope(""), filteredPluginIDs) // Prepare DTO result := make(dtos.PluginList, 0) @@ -176,7 +177,7 @@ func (hs *HTTPServer) GetPluginSettingByID(c *contextmodel.ReqContext) response. if plugin.IsApp() { hasAccess := ac.HasAccess(hs.AccessControl, c) if !hasAccess(ac.ReqSignedIn, - ac.EvalPermission(plugins.ActionAppAccess, plugins.ScopeProvider.GetResourceScope(plugin.ID))) { + ac.EvalPermission(pluginaccesscontrol.ActionAppAccess, pluginaccesscontrol.ScopeProvider.GetResourceScope(plugin.ID))) { return response.Error(http.StatusForbidden, "Access Denied", nil) } } diff --git a/pkg/api/plugins_test.go b/pkg/api/plugins_test.go index 5e4946976f4..26079123ac7 100644 --- a/pkg/api/plugins_test.go +++ b/pkg/api/plugins_test.go @@ -27,6 +27,7 @@ import ( contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model" "github.com/grafana/grafana/pkg/services/org" "github.com/grafana/grafana/pkg/services/org/orgtest" + "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginaccesscontrol" "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginsettings" "github.com/grafana/grafana/pkg/services/quota/quotatest" "github.com/grafana/grafana/pkg/services/updatechecker" @@ -104,7 +105,7 @@ func Test_PluginsInstallAndUninstall(t *testing.T) { } func Test_PluginsInstallAndUninstall_AccessControl(t *testing.T) { - canInstall := []ac.Permission{{Action: plugins.ActionInstall}} + canInstall := []ac.Permission{{Action: pluginaccesscontrol.ActionInstall}} cannotInstall := []ac.Permission{{Action: "plugins:cannotinstall"}} type testCase struct { @@ -568,7 +569,7 @@ func Test_PluginsList_AccessControl(t *testing.T) { }, { desc: "should be able to list core plugins and plugins user has permission to", - permissions: []ac.Permission{{Action: plugins.ActionWrite, Scope: "plugins:id:test-app"}}, + permissions: []ac.Permission{{Action: pluginaccesscontrol.ActionWrite, Scope: "plugins:id:test-app"}}, expectedCode: http.StatusOK, expectedPlugins: []string{"mysql", "test-app"}, }, diff --git a/pkg/middleware/auth.go b/pkg/middleware/auth.go index 40599c2d8cf..450ff7d0db4 100644 --- a/pkg/middleware/auth.go +++ b/pkg/middleware/auth.go @@ -10,13 +10,13 @@ import ( "github.com/grafana/grafana/pkg/infra/db" "github.com/grafana/grafana/pkg/middleware/cookies" - "github.com/grafana/grafana/pkg/plugins" "github.com/grafana/grafana/pkg/services/auth" "github.com/grafana/grafana/pkg/services/authn" contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model" "github.com/grafana/grafana/pkg/services/dashboards" "github.com/grafana/grafana/pkg/services/folder" "github.com/grafana/grafana/pkg/services/org" + "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginaccesscontrol" "github.com/grafana/grafana/pkg/services/team" "github.com/grafana/grafana/pkg/setting" "github.com/grafana/grafana/pkg/web" @@ -100,7 +100,7 @@ func EnsureEditorOrViewerCanEdit(cfg *setting.Cfg) func(c *contextmodel.ReqConte func CanAdminPlugins(cfg *setting.Cfg) func(c *contextmodel.ReqContext) { return func(c *contextmodel.ReqContext) { - if !plugins.ReqCanAdminPlugins(cfg)(c) { + if !pluginaccesscontrol.ReqCanAdminPlugins(cfg)(c) { accessForbidden(c) return } diff --git a/pkg/plugins/manager/manager_integration_test.go b/pkg/plugins/manager/manager_integration_test.go index 945a057e815..7dcc5636812 100644 --- a/pkg/plugins/manager/manager_integration_test.go +++ b/pkg/plugins/manager/manager_integration_test.go @@ -19,7 +19,6 @@ import ( "github.com/grafana/grafana/pkg/plugins/backendplugin/coreplugin" "github.com/grafana/grafana/pkg/plugins/backendplugin/provider" "github.com/grafana/grafana/pkg/plugins/config" - plicensing "github.com/grafana/grafana/pkg/plugins/licensing" "github.com/grafana/grafana/pkg/plugins/manager/client" "github.com/grafana/grafana/pkg/plugins/manager/fakes" "github.com/grafana/grafana/pkg/plugins/manager/loader" @@ -32,6 +31,7 @@ import ( "github.com/grafana/grafana/pkg/plugins/pluginscdn" "github.com/grafana/grafana/pkg/services/featuremgmt" "github.com/grafana/grafana/pkg/services/licensing" + plicensing "github.com/grafana/grafana/pkg/services/pluginsintegration/licensing" "github.com/grafana/grafana/pkg/services/searchV2" "github.com/grafana/grafana/pkg/setting" "github.com/grafana/grafana/pkg/tsdb/azuremonitor" diff --git a/pkg/services/accesscontrol/pluginutils/utils.go b/pkg/services/accesscontrol/pluginutils/utils.go index b246706668f..11890217748 100644 --- a/pkg/services/accesscontrol/pluginutils/utils.go +++ b/pkg/services/accesscontrol/pluginutils/utils.go @@ -6,21 +6,22 @@ import ( "github.com/grafana/grafana/pkg/plugins" ac "github.com/grafana/grafana/pkg/services/accesscontrol" + "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginaccesscontrol" ) // ValidatePluginPermissions errors when a permission does not match expected pattern for plugins func ValidatePluginPermissions(pluginID string, permissions []ac.Permission) error { for i := range permissions { - if permissions[i].Action != plugins.ActionAppAccess && + if permissions[i].Action != pluginaccesscontrol.ActionAppAccess && !strings.HasPrefix(permissions[i].Action, pluginID+":") && !strings.HasPrefix(permissions[i].Action, pluginID+".") { return &ac.ErrorActionPrefixMissing{Action: permissions[i].Action, - Prefixes: []string{plugins.ActionAppAccess, pluginID + ":", pluginID + "."}} + Prefixes: []string{pluginaccesscontrol.ActionAppAccess, pluginID + ":", pluginID + "."}} } - if strings.HasPrefix(permissions[i].Action, plugins.ActionAppAccess) && - permissions[i].Scope != plugins.ScopeProvider.GetResourceScope(pluginID) { + if strings.HasPrefix(permissions[i].Action, pluginaccesscontrol.ActionAppAccess) && + permissions[i].Scope != pluginaccesscontrol.ScopeProvider.GetResourceScope(pluginID) { return &ac.ErrorScopeTarget{Action: permissions[i].Action, Scope: permissions[i].Scope, - ExpectedScope: plugins.ScopeProvider.GetResourceScope(pluginID)} + ExpectedScope: pluginaccesscontrol.ScopeProvider.GetResourceScope(pluginID)} } } diff --git a/pkg/services/navtree/navtreeimpl/admin.go b/pkg/services/navtree/navtreeimpl/admin.go index 35dbda6d71f..ae43cded0ec 100644 --- a/pkg/services/navtree/navtreeimpl/admin.go +++ b/pkg/services/navtree/navtreeimpl/admin.go @@ -1,7 +1,6 @@ package navtreeimpl import ( - "github.com/grafana/grafana/pkg/plugins" ac "github.com/grafana/grafana/pkg/services/accesscontrol" contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model" "github.com/grafana/grafana/pkg/services/correlations" @@ -9,6 +8,7 @@ import ( "github.com/grafana/grafana/pkg/services/featuremgmt" "github.com/grafana/grafana/pkg/services/navtree" "github.com/grafana/grafana/pkg/services/org" + "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginaccesscontrol" "github.com/grafana/grafana/pkg/services/serviceaccounts" ) @@ -59,7 +59,7 @@ func (s *ServiceImpl) getOrgAdminNode(c *contextmodel.ReqContext) (*navtree.NavL } // FIXME: while we don't have a permissions for listing plugins the legacy check has to stay as a default - if plugins.ReqCanAdminPlugins(s.cfg)(c) || hasAccess(plugins.ReqCanAdminPlugins(s.cfg), plugins.AdminAccessEvaluator) { + if pluginaccesscontrol.ReqCanAdminPlugins(s.cfg)(c) || hasAccess(pluginaccesscontrol.ReqCanAdminPlugins(s.cfg), pluginaccesscontrol.AdminAccessEvaluator) { configNodes = append(configNodes, &navtree.NavLink{ Text: "Plugins", Id: "plugins", diff --git a/pkg/services/navtree/navtreeimpl/applinks.go b/pkg/services/navtree/navtreeimpl/applinks.go index 89192e03916..eed1ff9f0e9 100644 --- a/pkg/services/navtree/navtreeimpl/applinks.go +++ b/pkg/services/navtree/navtreeimpl/applinks.go @@ -10,6 +10,7 @@ import ( contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model" "github.com/grafana/grafana/pkg/services/featuremgmt" "github.com/grafana/grafana/pkg/services/navtree" + "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginaccesscontrol" "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginsettings" "github.com/grafana/grafana/pkg/util" ) @@ -42,7 +43,7 @@ func (s *ServiceImpl) addAppLinks(treeRoot *navtree.NavTreeRoot, c *contextmodel } if !hasAccess(ac.ReqSignedIn, - ac.EvalPermission(plugins.ActionAppAccess, plugins.ScopeProvider.GetResourceScope(plugin.ID))) { + ac.EvalPermission(pluginaccesscontrol.ActionAppAccess, pluginaccesscontrol.ScopeProvider.GetResourceScope(plugin.ID))) { continue } diff --git a/pkg/services/navtree/navtreeimpl/applinks_test.go b/pkg/services/navtree/navtreeimpl/applinks_test.go index 0a19e39cc51..ac937d601e3 100644 --- a/pkg/services/navtree/navtreeimpl/applinks_test.go +++ b/pkg/services/navtree/navtreeimpl/applinks_test.go @@ -16,6 +16,7 @@ import ( "github.com/grafana/grafana/pkg/services/datasources" "github.com/grafana/grafana/pkg/services/featuremgmt" "github.com/grafana/grafana/pkg/services/navtree" + "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginaccesscontrol" "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginsettings" "github.com/grafana/grafana/pkg/services/user" "github.com/grafana/grafana/pkg/setting" @@ -26,8 +27,8 @@ func TestAddAppLinks(t *testing.T) { httpReq, _ := http.NewRequest(http.MethodGet, "", nil) reqCtx := &contextmodel.ReqContext{SignedInUser: &user.SignedInUser{}, Context: &web.Context{Req: httpReq}} permissions := []ac.Permission{ - {Action: plugins.ActionAppAccess, Scope: "*"}, - {Action: plugins.ActionInstall, Scope: "*"}, + {Action: pluginaccesscontrol.ActionAppAccess, Scope: "*"}, + {Action: pluginaccesscontrol.ActionInstall, Scope: "*"}, {Action: datasources.ActionCreate, Scope: "*"}, {Action: datasources.ActionRead, Scope: "*"}, } @@ -459,7 +460,7 @@ func TestAddAppLinksAccessControl(t *testing.T) { t.Run("Should add both includes when the user is an editor", func(t *testing.T) { treeRoot := navtree.NavTreeRoot{} user.Permissions = map[int64]map[string][]string{ - 1: {plugins.ActionAppAccess: []string{"*"}}, + 1: {pluginaccesscontrol.ActionAppAccess: []string{"*"}}, } user.OrgRole = roletype.RoleEditor @@ -474,7 +475,7 @@ func TestAddAppLinksAccessControl(t *testing.T) { t.Run("Should add one include when the user is a viewer", func(t *testing.T) { treeRoot := navtree.NavTreeRoot{} user.Permissions = map[int64]map[string][]string{ - 1: {plugins.ActionAppAccess: []string{"*"}}, + 1: {pluginaccesscontrol.ActionAppAccess: []string{"*"}}, } user.OrgRole = roletype.RoleViewer @@ -488,7 +489,7 @@ func TestAddAppLinksAccessControl(t *testing.T) { t.Run("Should add both includes when the user is a viewer with catalog read", func(t *testing.T) { treeRoot := navtree.NavTreeRoot{} user.Permissions = map[int64]map[string][]string{ - 1: {plugins.ActionAppAccess: []string{"*"}, catalogReadAction: []string{}}, + 1: {pluginaccesscontrol.ActionAppAccess: []string{"*"}, catalogReadAction: []string{}}, } user.OrgRole = roletype.RoleViewer service.features = featuremgmt.WithFeatures(featuremgmt.FlagAccessControlOnCall) @@ -504,7 +505,7 @@ func TestAddAppLinksAccessControl(t *testing.T) { t.Run("Should add one include when the user is an editor without catalog read", func(t *testing.T) { treeRoot := navtree.NavTreeRoot{} user.Permissions = map[int64]map[string][]string{ - 1: {plugins.ActionAppAccess: []string{"*"}}, + 1: {pluginaccesscontrol.ActionAppAccess: []string{"*"}}, } user.OrgRole = roletype.RoleEditor service.features = featuremgmt.WithFeatures(featuremgmt.FlagAccessControlOnCall) diff --git a/pkg/plugins/licensing/licensing.go b/pkg/services/pluginsintegration/licensing/licensing.go similarity index 100% rename from pkg/plugins/licensing/licensing.go rename to pkg/services/pluginsintegration/licensing/licensing.go diff --git a/pkg/plugins/accesscontrol.go b/pkg/services/pluginsintegration/pluginaccesscontrol/accesscontrol.go similarity index 98% rename from pkg/plugins/accesscontrol.go rename to pkg/services/pluginsintegration/pluginaccesscontrol/accesscontrol.go index cc8c1b59e65..bb0b0aa4a95 100644 --- a/pkg/plugins/accesscontrol.go +++ b/pkg/services/pluginsintegration/pluginaccesscontrol/accesscontrol.go @@ -1,4 +1,4 @@ -package plugins +package pluginaccesscontrol import ( ac "github.com/grafana/grafana/pkg/services/accesscontrol" diff --git a/pkg/services/pluginsintegration/pluginsintegration.go b/pkg/services/pluginsintegration/pluginsintegration.go index d0807781e6b..04b7346bb72 100644 --- a/pkg/services/pluginsintegration/pluginsintegration.go +++ b/pkg/services/pluginsintegration/pluginsintegration.go @@ -7,7 +7,6 @@ import ( "github.com/grafana/grafana/pkg/plugins/backendplugin/coreplugin" "github.com/grafana/grafana/pkg/plugins/backendplugin/provider" "github.com/grafana/grafana/pkg/plugins/config" - "github.com/grafana/grafana/pkg/plugins/licensing" "github.com/grafana/grafana/pkg/plugins/manager" "github.com/grafana/grafana/pkg/plugins/manager/client" "github.com/grafana/grafana/pkg/plugins/manager/loader" @@ -22,6 +21,7 @@ import ( "github.com/grafana/grafana/pkg/plugins/repo" "github.com/grafana/grafana/pkg/services/oauthtoken" "github.com/grafana/grafana/pkg/services/pluginsintegration/clientmiddleware" + "github.com/grafana/grafana/pkg/services/pluginsintegration/licensing" "github.com/grafana/grafana/pkg/services/pluginsintegration/plugincontext" "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginsettings" pluginSettings "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginsettings/service"