mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
AuthZ: Extend /api/search to work with self-contained permissions (#70749)
* Search sql filter draft, unfinished * Search works for empty roles * Add current AuthModule to SignedInUser * clean up, changes to the search * Use constant prefixes * Change AuthModule to AuthenticatedBy * Add tests for using the permissions from the SignedInUser * Refactor and simplify code * Fix sql generation for pg and mysql * Fixes, clean up * Add test for empty permission list * Fix * Fix any vs all in case of edit permission * Update pkg/services/authn/authn.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/sqlstore/permissions/dashboard_test.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Fixes, changes based on the review --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
This commit is contained in:
Misi
GitHub
@@ -268,12 +268,12 @@ func TestUserSync_SyncUserHook(t *testing.T) {
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
id: &authn.Identity{
|
||||
ID: "",
|
||||
AuthID: "2032",
|
||||
AuthModule: "oauth",
|
||||
Login: "test",
|
||||
Name: "test",
|
||||
Email: "test",
|
||||
ID: "",
|
||||
AuthID: "2032",
|
||||
AuthenticatedBy: "oauth",
|
||||
Login: "test",
|
||||
Name: "test",
|
||||
Email: "test",
|
||||
ClientParams: authn.ClientParams{
|
||||
SyncUser: true,
|
||||
LookUpParams: login.UserLookupParams{
|
||||
@@ -286,13 +286,13 @@ func TestUserSync_SyncUserHook(t *testing.T) {
|
||||
},
|
||||
wantErr: false,
|
||||
wantID: &authn.Identity{
|
||||
ID: "user:1",
|
||||
AuthID: "2032",
|
||||
AuthModule: "oauth",
|
||||
Login: "test",
|
||||
Name: "test",
|
||||
Email: "test",
|
||||
IsGrafanaAdmin: ptrBool(false),
|
||||
ID: "user:1",
|
||||
AuthID: "2032",
|
||||
AuthenticatedBy: "oauth",
|
||||
Login: "test",
|
||||
Name: "test",
|
||||
Email: "test",
|
||||
IsGrafanaAdmin: ptrBool(false),
|
||||
ClientParams: authn.ClientParams{
|
||||
SyncUser: true,
|
||||
LookUpParams: login.UserLookupParams{
|
||||
@@ -313,12 +313,12 @@ func TestUserSync_SyncUserHook(t *testing.T) {
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
id: &authn.Identity{
|
||||
ID: "",
|
||||
Login: "test",
|
||||
Name: "test",
|
||||
Email: "test",
|
||||
AuthModule: "oauth",
|
||||
AuthID: "2032",
|
||||
ID: "",
|
||||
Login: "test",
|
||||
Name: "test",
|
||||
Email: "test",
|
||||
AuthenticatedBy: "oauth",
|
||||
AuthID: "2032",
|
||||
ClientParams: authn.ClientParams{
|
||||
SyncUser: true,
|
||||
LookUpParams: login.UserLookupParams{
|
||||
@@ -341,13 +341,13 @@ func TestUserSync_SyncUserHook(t *testing.T) {
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
id: &authn.Identity{
|
||||
ID: "",
|
||||
Login: "test_create",
|
||||
Name: "test_create",
|
||||
IsGrafanaAdmin: ptrBool(true),
|
||||
Email: "test_create",
|
||||
AuthModule: "oauth",
|
||||
AuthID: "2032",
|
||||
ID: "",
|
||||
Login: "test_create",
|
||||
Name: "test_create",
|
||||
IsGrafanaAdmin: ptrBool(true),
|
||||
Email: "test_create",
|
||||
AuthenticatedBy: "oauth",
|
||||
AuthID: "2032",
|
||||
ClientParams: authn.ClientParams{
|
||||
SyncUser: true,
|
||||
AllowSignUp: true,
|
||||
@@ -362,13 +362,13 @@ func TestUserSync_SyncUserHook(t *testing.T) {
|
||||
},
|
||||
wantErr: false,
|
||||
wantID: &authn.Identity{
|
||||
ID: "user:2",
|
||||
Login: "test_create",
|
||||
Name: "test_create",
|
||||
Email: "test_create",
|
||||
AuthModule: "oauth",
|
||||
AuthID: "2032",
|
||||
IsGrafanaAdmin: ptrBool(true),
|
||||
ID: "user:2",
|
||||
Login: "test_create",
|
||||
Name: "test_create",
|
||||
Email: "test_create",
|
||||
AuthenticatedBy: "oauth",
|
||||
AuthID: "2032",
|
||||
IsGrafanaAdmin: ptrBool(true),
|
||||
ClientParams: authn.ClientParams{
|
||||
SyncUser: true,
|
||||
AllowSignUp: true,
|
||||
|
||||
Reference in New Issue
Block a user