mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
AccessControl: Create own interface and impl for each permission service (#48871)
* Create own interfaces for team, folder, dashboard and data source permissions services * Remove service container and inject them individually
This commit is contained in:
Karl Persson
GitHub
@@ -370,8 +370,11 @@ func setupHTTPServerWithCfgDb(t *testing.T, useFakeAccessControl, enableAccessCo
|
||||
RouteRegister: routeRegister,
|
||||
SQLStore: store,
|
||||
searchUsersService: searchusers.ProvideUsersService(db, filters.ProvideOSSSearchUserFilter()),
|
||||
dashboardService: dashboardservice.ProvideDashboardService(cfg, dashboardsStore, nil, features, accesscontrolmock.NewPermissionsServicesMock()),
|
||||
preferenceService: preftest.NewPreferenceServiceFake(),
|
||||
dashboardService: dashboardservice.ProvideDashboardService(
|
||||
cfg, dashboardsStore, nil, features,
|
||||
accesscontrolmock.NewMockedPermissionsService(), accesscontrolmock.NewMockedPermissionsService(),
|
||||
),
|
||||
preferenceService: preftest.NewPreferenceServiceFake(),
|
||||
}
|
||||
|
||||
// Defining the accesscontrol service has to be done before registering routes
|
||||
|
||||
@@ -203,13 +203,17 @@ func (hs *HTTPServer) updateDashboardAccessControl(ctx context.Context, orgID in
|
||||
}
|
||||
}
|
||||
|
||||
svc := hs.permissionServices.GetDashboardService()
|
||||
if isFolder {
|
||||
svc = hs.permissionServices.GetFolderService()
|
||||
if _, err := hs.folderPermissionsService.SetPermissions(ctx, orgID, uid, commands...); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
_, err := svc.SetPermissions(ctx, orgID, uid, commands...)
|
||||
return err
|
||||
if _, err := hs.dashboardPermissionsService.SetPermissions(ctx, orgID, uid, commands...); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func validatePermissionsUpdate(apiCmd dtos.UpdateDashboardAclCommand) error {
|
||||
|
||||
@@ -30,13 +30,15 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) {
|
||||
|
||||
features := featuremgmt.WithFeatures()
|
||||
mockSQLStore := mockstore.NewSQLStoreMock()
|
||||
folderPermissions := accesscontrolmock.NewMockedPermissionsService()
|
||||
dashboardPermissions := accesscontrolmock.NewMockedPermissionsService()
|
||||
|
||||
hs := &HTTPServer{
|
||||
Cfg: settings,
|
||||
SQLStore: mockSQLStore,
|
||||
Features: features,
|
||||
dashboardService: dashboardservice.ProvideDashboardService(
|
||||
settings, dashboardStore, nil, features, accesscontrolmock.NewPermissionsServicesMock(),
|
||||
settings, dashboardStore, nil, features, folderPermissions, dashboardPermissions,
|
||||
),
|
||||
AccessControl: accesscontrolmock.New().WithDisabled(),
|
||||
}
|
||||
|
||||
@@ -232,7 +232,8 @@ func TestDashboardAPIEndpoint(t *testing.T) {
|
||||
SQLStore: mockSQLStore,
|
||||
AccessControl: accesscontrolmock.New(),
|
||||
dashboardService: service.ProvideDashboardService(
|
||||
cfg, dashboardStore, nil, features, accesscontrolmock.NewPermissionsServicesMock(),
|
||||
cfg, dashboardStore, nil, features,
|
||||
accesscontrolmock.NewMockedPermissionsService(), accesscontrolmock.NewMockedPermissionsService(),
|
||||
),
|
||||
}
|
||||
hs.SQLStore = mockSQLStore
|
||||
@@ -937,7 +938,8 @@ func getDashboardShouldReturn200WithConfig(t *testing.T, sc *scenarioContext, pr
|
||||
ProvisioningService: provisioningService,
|
||||
AccessControl: accesscontrolmock.New(),
|
||||
dashboardProvisioningService: service.ProvideDashboardService(
|
||||
cfg, dashboardStore, nil, features, accesscontrolmock.NewPermissionsServicesMock(),
|
||||
cfg, dashboardStore, nil, features,
|
||||
accesscontrolmock.NewMockedPermissionsService(), accesscontrolmock.NewMockedPermissionsService(),
|
||||
),
|
||||
}
|
||||
|
||||
|
||||
@@ -5,17 +5,15 @@ import (
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
accesscontrolmock "github.com/grafana/grafana/pkg/services/accesscontrol/mock"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/stretchr/testify/mock"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/grafana/grafana/pkg/api/dtos"
|
||||
"github.com/grafana/grafana/pkg/api/response"
|
||||
"github.com/grafana/grafana/pkg/api/routing"
|
||||
"github.com/grafana/grafana/pkg/models"
|
||||
accesscontrolmock "github.com/grafana/grafana/pkg/services/accesscontrol/mock"
|
||||
"github.com/grafana/grafana/pkg/services/dashboards"
|
||||
service "github.com/grafana/grafana/pkg/services/dashboards/manager"
|
||||
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
||||
@@ -34,15 +32,17 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) {
|
||||
defer dashboardStore.AssertExpectations(t)
|
||||
|
||||
features := featuremgmt.WithFeatures()
|
||||
permissionsServices := accesscontrolmock.NewPermissionsServicesMock()
|
||||
folderPermissions := accesscontrolmock.NewMockedPermissionsService()
|
||||
dashboardPermissions := accesscontrolmock.NewMockedPermissionsService()
|
||||
|
||||
hs := &HTTPServer{
|
||||
Cfg: settings,
|
||||
Features: features,
|
||||
folderService: folderService,
|
||||
permissionServices: permissionsServices,
|
||||
Cfg: settings,
|
||||
Features: features,
|
||||
folderService: folderService,
|
||||
folderPermissionsService: folderPermissions,
|
||||
dashboardPermissionsService: dashboardPermissions,
|
||||
dashboardService: service.ProvideDashboardService(
|
||||
settings, dashboardStore, nil, features, permissionsServices,
|
||||
settings, dashboardStore, nil, features, folderPermissions, dashboardPermissions,
|
||||
),
|
||||
AccessControl: accesscontrolmock.New().WithDisabled(),
|
||||
}
|
||||
|
||||
@@ -137,8 +137,7 @@ type HTTPServer struct {
|
||||
serviceAccountsService serviceaccounts.Service
|
||||
authInfoService login.AuthInfoService
|
||||
authenticator loginpkg.Authenticator
|
||||
teamPermissionsService accesscontrol.PermissionsService
|
||||
permissionServices accesscontrol.PermissionsServices
|
||||
teamPermissionsService accesscontrol.TeamPermissionsService
|
||||
NotificationService *notifications.NotificationService
|
||||
dashboardService dashboards.DashboardService
|
||||
dashboardProvisioningService dashboards.DashboardProvisioningService
|
||||
@@ -151,6 +150,8 @@ type HTTPServer struct {
|
||||
AvatarCacheServer *avatar.AvatarCacheServer
|
||||
preferenceService pref.Service
|
||||
entityEventsService store.EntityEventsService
|
||||
folderPermissionsService accesscontrol.FolderPermissionsService
|
||||
dashboardPermissionsService accesscontrol.DashboardPermissionsService
|
||||
}
|
||||
|
||||
type ServerOptions struct {
|
||||
@@ -177,12 +178,14 @@ func ProvideHTTPServer(opts ServerOptions, cfg *setting.Cfg, routeRegister routi
|
||||
pluginsUpdateChecker *updatechecker.PluginsService, searchUsersService searchusers.Service,
|
||||
dataSourcesService datasources.DataSourceService, secretsService secrets.Service, queryDataService *query.Service,
|
||||
ldapGroups ldap.Groups, teamGuardian teamguardian.TeamGuardian, serviceaccountsService serviceaccounts.Service,
|
||||
authInfoService login.AuthInfoService, permissionsServices accesscontrol.PermissionsServices, storageService store.HTTPStorageService,
|
||||
authInfoService login.AuthInfoService, storageService store.HTTPStorageService,
|
||||
notificationService *notifications.NotificationService, dashboardService dashboards.DashboardService,
|
||||
dashboardProvisioningService dashboards.DashboardProvisioningService, folderService dashboards.FolderService,
|
||||
datasourcePermissionsService permissions.DatasourcePermissionsService, alertNotificationService *alerting.AlertNotificationService,
|
||||
dashboardsnapshotsService *dashboardsnapshots.Service, commentsService *comments.Service, pluginSettings *pluginSettings.Service,
|
||||
avatarCacheServer *avatar.AvatarCacheServer, preferenceService pref.Service, entityEventsService store.EntityEventsService,
|
||||
teamsPermissionsService accesscontrol.TeamPermissionsService, folderPermissionsService accesscontrol.FolderPermissionsService,
|
||||
dashboardPermissionsService accesscontrol.DashboardPermissionsService,
|
||||
) (*HTTPServer, error) {
|
||||
web.Env = cfg.Env
|
||||
m := web.New()
|
||||
@@ -250,14 +253,15 @@ func ProvideHTTPServer(opts ServerOptions, cfg *setting.Cfg, routeRegister routi
|
||||
folderService: folderService,
|
||||
DatasourcePermissionsService: datasourcePermissionsService,
|
||||
commentsService: commentsService,
|
||||
teamPermissionsService: permissionsServices.GetTeamService(),
|
||||
teamPermissionsService: teamsPermissionsService,
|
||||
AlertNotificationService: alertNotificationService,
|
||||
DashboardsnapshotsService: dashboardsnapshotsService,
|
||||
PluginSettings: pluginSettings,
|
||||
permissionServices: permissionsServices,
|
||||
AvatarCacheServer: avatarCacheServer,
|
||||
preferenceService: preferenceService,
|
||||
entityEventsService: entityEventsService,
|
||||
folderPermissionsService: folderPermissionsService,
|
||||
dashboardPermissionsService: dashboardPermissionsService,
|
||||
}
|
||||
if hs.Listener != nil {
|
||||
hs.log.Debug("Using provided listener")
|
||||
|
||||
@@ -202,7 +202,7 @@ func TestAPIEndpoint_Metrics_QueryMetricsFromDashboard(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
ds := datasources.ProvideService(nil, secretsService, secretsStore, nil, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
ds := datasources.ProvideService(nil, secretsService, secretsStore, nil, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
setInitCtxSignedInViewer(sc.initCtx)
|
||||
sc.hs.queryDataService = query.ProvideService(
|
||||
|
||||
@@ -131,7 +131,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
|
||||
t.Run("When matching route path", func(t *testing.T) {
|
||||
ctx, req := setUp()
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "api/v4/some/method", cfg, httpClientProvider,
|
||||
&oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
@@ -144,7 +144,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
|
||||
t.Run("When matching route path and has dynamic url", func(t *testing.T) {
|
||||
ctx, req := setUp()
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "api/common/some/method", cfg, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
proxy.matchedRoute = routes[3]
|
||||
@@ -156,7 +156,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
|
||||
t.Run("When matching route path with no url", func(t *testing.T) {
|
||||
ctx, req := setUp()
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "", cfg, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
proxy.matchedRoute = routes[4]
|
||||
@@ -167,7 +167,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
|
||||
t.Run("When matching route path and has dynamic body", func(t *testing.T) {
|
||||
ctx, req := setUp()
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "api/body", cfg, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
proxy.matchedRoute = routes[5]
|
||||
@@ -181,7 +181,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
t.Run("Validating request", func(t *testing.T) {
|
||||
t.Run("plugin route with valid role", func(t *testing.T) {
|
||||
ctx, _ := setUp()
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "api/v4/some/method", cfg, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
err = proxy.validateRequest()
|
||||
@@ -190,7 +190,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
|
||||
t.Run("plugin route with admin role and user is editor", func(t *testing.T) {
|
||||
ctx, _ := setUp()
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "api/admin", cfg, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
err = proxy.validateRequest()
|
||||
@@ -200,7 +200,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
t.Run("plugin route with admin role and user is admin", func(t *testing.T) {
|
||||
ctx, _ := setUp()
|
||||
ctx.SignedInUser.OrgRole = models.ROLE_ADMIN
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "api/admin", cfg, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
err = proxy.validateRequest()
|
||||
@@ -290,7 +290,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
},
|
||||
}
|
||||
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "pathwithtoken1", cfg, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
ApplyRoute(proxy.ctx.Req.Context(), req, proxy.proxyPath, routes[0], dsInfo, cfg)
|
||||
@@ -306,7 +306,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
req, err := http.NewRequest("GET", "http://localhost/asd", nil)
|
||||
require.NoError(t, err)
|
||||
client = newFakeHTTPClient(t, json2)
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "pathwithtoken2", cfg, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
ApplyRoute(proxy.ctx.Req.Context(), req, proxy.proxyPath, routes[1], dsInfo, cfg)
|
||||
@@ -323,7 +323,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
client = newFakeHTTPClient(t, []byte{})
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "pathwithtoken1", cfg, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
ApplyRoute(proxy.ctx.Req.Context(), req, proxy.proxyPath, routes[0], dsInfo, cfg)
|
||||
@@ -346,7 +346,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "/render", &setting.Cfg{BuildVersion: "5.3.0"}, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
req, err := http.NewRequest(http.MethodGet, "http://grafana.com/sub", nil)
|
||||
@@ -373,7 +373,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
var routes []*plugins.Route
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "", &setting.Cfg{}, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -398,7 +398,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
var routes []*plugins.Route
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "", &setting.Cfg{}, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -427,7 +427,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
var pluginRoutes []*plugins.Route
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, pluginRoutes, ctx, "", &setting.Cfg{}, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -451,7 +451,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
var routes []*plugins.Route
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "/path/to/folder/", &setting.Cfg{}, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
req, err := http.NewRequest(http.MethodGet, "http://grafana.com/sub", nil)
|
||||
@@ -501,7 +501,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
|
||||
var routes []*plugins.Route
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "/path/to/folder/", &setting.Cfg{}, httpClientProvider, &mockAuthToken, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
req, err = http.NewRequest(http.MethodGet, "http://grafana.com/sub", nil)
|
||||
@@ -637,7 +637,7 @@ func TestDataSourceProxy_requestHandling(t *testing.T) {
|
||||
var routes []*plugins.Route
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "/render", &setting.Cfg{}, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -656,7 +656,7 @@ func TestDataSourceProxy_requestHandling(t *testing.T) {
|
||||
var routes []*plugins.Route
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "/render", &setting.Cfg{}, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -671,7 +671,7 @@ func TestDataSourceProxy_requestHandling(t *testing.T) {
|
||||
var routes []*plugins.Route
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "/render", &setting.Cfg{}, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -694,7 +694,7 @@ func TestDataSourceProxy_requestHandling(t *testing.T) {
|
||||
var routes []*plugins.Route
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "/render", &setting.Cfg{}, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -720,7 +720,7 @@ func TestDataSourceProxy_requestHandling(t *testing.T) {
|
||||
var routes []*plugins.Route
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "/path/%2Ftest%2Ftest%2F", &setting.Cfg{}, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -745,7 +745,7 @@ func TestDataSourceProxy_requestHandling(t *testing.T) {
|
||||
var routes []*plugins.Route
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "/path/%2Ftest%2Ftest%2F", &setting.Cfg{}, httpClientProvider, &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -771,7 +771,7 @@ func TestNewDataSourceProxy_InvalidURL(t *testing.T) {
|
||||
var routes []*plugins.Route
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
_, err = NewDataSourceProxy(&ds, routes, &ctx, "api/method", cfg, httpclient.NewProvider(), &oauthtoken.Service{}, dsService, tracer)
|
||||
require.Error(t, err)
|
||||
assert.True(t, strings.HasPrefix(err.Error(), `validation of data source URL "://host/root" failed`))
|
||||
@@ -793,7 +793,7 @@ func TestNewDataSourceProxy_ProtocolLessURL(t *testing.T) {
|
||||
var routes []*plugins.Route
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
_, err = NewDataSourceProxy(&ds, routes, &ctx, "api/method", cfg, httpclient.NewProvider(), &oauthtoken.Service{}, dsService, tracer)
|
||||
|
||||
require.NoError(t, err)
|
||||
@@ -837,7 +837,7 @@ func TestNewDataSourceProxy_MSSQL(t *testing.T) {
|
||||
var routes []*plugins.Route
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
p, err := NewDataSourceProxy(&ds, routes, &ctx, "api/method", cfg, httpclient.NewProvider(), &oauthtoken.Service{}, dsService, tracer)
|
||||
if tc.err == nil {
|
||||
require.NoError(t, err)
|
||||
@@ -865,7 +865,7 @@ func getDatasourceProxiedRequest(t *testing.T, ctx *models.ReqContext, cfg *sett
|
||||
var routes []*plugins.Route
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(ds, routes, ctx, "", cfg, httpclient.NewProvider(), &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
req, err := http.NewRequest(http.MethodGet, "http://grafana.com/sub", nil)
|
||||
@@ -993,7 +993,7 @@ func runDatasourceAuthTest(t *testing.T, secretsService secrets.Service, secrets
|
||||
require.NoError(t, err)
|
||||
|
||||
var routes []*plugins.Route
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(test.datasource, routes, ctx, "", &setting.Cfg{}, httpclient.NewProvider(), &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -1037,7 +1037,7 @@ func Test_PathCheck(t *testing.T) {
|
||||
ctx, _ := setUp()
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
proxy, err := NewDataSourceProxy(&models.DataSource{}, routes, ctx, "b", &setting.Cfg{}, httpclient.NewProvider(), &oauthtoken.Service{}, dsService, tracer)
|
||||
require.NoError(t, err)
|
||||
|
||||
|
||||
@@ -176,7 +176,7 @@ func (hs *HTTPServer) RemoveTeamMember(c *models.ReqContext) response.Response {
|
||||
// addOrUpdateTeamMember adds or updates a team member.
|
||||
//
|
||||
// Stubbable by tests.
|
||||
var addOrUpdateTeamMember = func(ctx context.Context, resourcePermissionService accesscontrol.PermissionsService, userID, orgID, teamID int64, permission string) error {
|
||||
var addOrUpdateTeamMember = func(ctx context.Context, resourcePermissionService accesscontrol.TeamPermissionsService, userID, orgID, teamID int64, permission string) error {
|
||||
teamIDString := strconv.FormatInt(teamID, 10)
|
||||
if _, err := resourcePermissionService.SetUserPermission(ctx, orgID, accesscontrol.User{ID: userID}, teamIDString, permission); err != nil {
|
||||
return fmt.Errorf("failed setting permissions for user %d in team %d: %w", userID, teamID, err)
|
||||
|
||||
@@ -104,7 +104,7 @@ func TestTeamAPIEndpoint(t *testing.T) {
|
||||
teamName := "team foo"
|
||||
|
||||
addTeamMemberCalled := 0
|
||||
addOrUpdateTeamMember = func(ctx context.Context, resourcePermissionService accesscontrol.PermissionsService, userID, orgID, teamID int64,
|
||||
addOrUpdateTeamMember = func(ctx context.Context, resourcePermissionService accesscontrol.TeamPermissionsService, userID, orgID, teamID int64,
|
||||
permission string) error {
|
||||
addTeamMemberCalled++
|
||||
return nil
|
||||
|
||||
@@ -34,6 +34,8 @@ import (
|
||||
"github.com/grafana/grafana/pkg/plugins/manager"
|
||||
"github.com/grafana/grafana/pkg/plugins/manager/loader"
|
||||
"github.com/grafana/grafana/pkg/plugins/plugincontext"
|
||||
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
||||
"github.com/grafana/grafana/pkg/services/accesscontrol/ossaccesscontrol"
|
||||
"github.com/grafana/grafana/pkg/services/alerting"
|
||||
"github.com/grafana/grafana/pkg/services/auth/jwt"
|
||||
"github.com/grafana/grafana/pkg/services/cleanup"
|
||||
@@ -250,6 +252,12 @@ var wireBasicSet = wire.NewSet(
|
||||
cmreg.ProvideRegistry,
|
||||
cuectx.ProvideCUEContext,
|
||||
cuectx.ProvideThemaLibrary,
|
||||
ossaccesscontrol.ProvideTeamPermissions,
|
||||
wire.Bind(new(accesscontrol.TeamPermissionsService), new(*ossaccesscontrol.TeamPermissionsService)),
|
||||
ossaccesscontrol.ProvideFolderPermissions,
|
||||
wire.Bind(new(accesscontrol.FolderPermissionsService), new(*ossaccesscontrol.FolderPermissionsService)),
|
||||
ossaccesscontrol.ProvideDashboardPermissions,
|
||||
wire.Bind(new(accesscontrol.DashboardPermissionsService), new(*ossaccesscontrol.DashboardPermissionsService)),
|
||||
)
|
||||
|
||||
var wireSet = wire.NewSet(
|
||||
|
||||
@@ -81,10 +81,10 @@ var wireExtsBasicSet = wire.NewSet(
|
||||
wire.Bind(new(ldap.Groups), new(*ldap.OSSGroups)),
|
||||
permissions.ProvideDatasourcePermissionsService,
|
||||
wire.Bind(new(permissions.DatasourcePermissionsService), new(*permissions.OSSDatasourcePermissionsService)),
|
||||
ossaccesscontrol.ProvidePermissionsServices,
|
||||
wire.Bind(new(accesscontrol.PermissionsServices), new(*ossaccesscontrol.PermissionsServices)),
|
||||
usagestatssvcs.ProvideUsageStatsProvidersRegistry,
|
||||
wire.Bind(new(registry.UsageStatsProvidersRegistry), new(*usagestatssvcs.UsageStatsProvidersRegistry)),
|
||||
ossaccesscontrol.ProvideDatasourcePermissionsService,
|
||||
wire.Bind(new(accesscontrol.DatasourcePermissionsService), new(*ossaccesscontrol.DatasourcePermissionsService)),
|
||||
)
|
||||
|
||||
var wireExtsSet = wire.NewSet(
|
||||
|
||||
@@ -43,11 +43,21 @@ type PermissionsProvider interface {
|
||||
GetUserPermissions(ctx context.Context, query GetUserPermissionsQuery) ([]*Permission, error)
|
||||
}
|
||||
|
||||
type PermissionsServices interface {
|
||||
GetTeamService() PermissionsService
|
||||
GetFolderService() PermissionsService
|
||||
GetDashboardService() PermissionsService
|
||||
GetDataSourceService() PermissionsService
|
||||
type TeamPermissionsService interface {
|
||||
GetPermissions(ctx context.Context, user *models.SignedInUser, resourceID string) ([]ResourcePermission, error)
|
||||
SetUserPermission(ctx context.Context, orgID int64, user User, resourceID, permission string) (*ResourcePermission, error)
|
||||
}
|
||||
|
||||
type FolderPermissionsService interface {
|
||||
PermissionsService
|
||||
}
|
||||
|
||||
type DashboardPermissionsService interface {
|
||||
PermissionsService
|
||||
}
|
||||
|
||||
type DatasourcePermissionsService interface {
|
||||
PermissionsService
|
||||
}
|
||||
|
||||
type PermissionsService interface {
|
||||
|
||||
@@ -1,39 +0,0 @@
|
||||
package mock
|
||||
|
||||
import (
|
||||
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
||||
)
|
||||
|
||||
var _ accesscontrol.PermissionsServices = new(PermissionsServicesMock)
|
||||
|
||||
func NewPermissionsServicesMock() *PermissionsServicesMock {
|
||||
return &PermissionsServicesMock{
|
||||
Teams: &MockPermissionsService{},
|
||||
Folders: &MockPermissionsService{},
|
||||
Dashboards: &MockPermissionsService{},
|
||||
Datasources: &MockPermissionsService{},
|
||||
}
|
||||
}
|
||||
|
||||
type PermissionsServicesMock struct {
|
||||
Teams *MockPermissionsService
|
||||
Folders *MockPermissionsService
|
||||
Dashboards *MockPermissionsService
|
||||
Datasources *MockPermissionsService
|
||||
}
|
||||
|
||||
func (p PermissionsServicesMock) GetTeamService() accesscontrol.PermissionsService {
|
||||
return p.Teams
|
||||
}
|
||||
|
||||
func (p PermissionsServicesMock) GetFolderService() accesscontrol.PermissionsService {
|
||||
return p.Folders
|
||||
}
|
||||
|
||||
func (p PermissionsServicesMock) GetDashboardService() accesscontrol.PermissionsService {
|
||||
return p.Dashboards
|
||||
}
|
||||
|
||||
func (p PermissionsServicesMock) GetDataSourceService() accesscontrol.PermissionsService {
|
||||
return p.Datasources
|
||||
}
|
||||
@@ -11,6 +11,10 @@ import (
|
||||
|
||||
var _ accesscontrol.PermissionsService = new(MockPermissionsService)
|
||||
|
||||
func NewMockedPermissionsService() *MockPermissionsService {
|
||||
return &MockPermissionsService{}
|
||||
}
|
||||
|
||||
type MockPermissionsService struct {
|
||||
mock.Mock
|
||||
}
|
||||
|
||||
@@ -15,52 +15,8 @@ import (
|
||||
"github.com/grafana/grafana/pkg/setting"
|
||||
)
|
||||
|
||||
func ProvidePermissionsServices(
|
||||
cfg *setting.Cfg, router routing.RouteRegister, sql *sqlstore.SQLStore,
|
||||
ac accesscontrol.AccessControl, store resourcepermissions.Store,
|
||||
) (*PermissionsServices, error) {
|
||||
teamPermissions, err := ProvideTeamPermissions(cfg, router, sql, ac, store)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
folderPermissions, err := ProvideFolderPermissions(cfg, router, sql, ac, store)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
dashboardPermissions, err := ProvideDashboardPermissions(cfg, router, sql, ac, store)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &PermissionsServices{
|
||||
teams: teamPermissions,
|
||||
folder: folderPermissions,
|
||||
dashboard: dashboardPermissions,
|
||||
datasources: provideEmptyPermissionsService(),
|
||||
}, nil
|
||||
}
|
||||
|
||||
type PermissionsServices struct {
|
||||
teams accesscontrol.PermissionsService
|
||||
folder accesscontrol.PermissionsService
|
||||
dashboard accesscontrol.PermissionsService
|
||||
datasources accesscontrol.PermissionsService
|
||||
}
|
||||
|
||||
func (s *PermissionsServices) GetTeamService() accesscontrol.PermissionsService {
|
||||
return s.teams
|
||||
}
|
||||
|
||||
func (s *PermissionsServices) GetFolderService() accesscontrol.PermissionsService {
|
||||
return s.folder
|
||||
}
|
||||
|
||||
func (s *PermissionsServices) GetDashboardService() accesscontrol.PermissionsService {
|
||||
return s.dashboard
|
||||
}
|
||||
|
||||
func (s *PermissionsServices) GetDataSourceService() accesscontrol.PermissionsService {
|
||||
return s.datasources
|
||||
type TeamPermissionsService struct {
|
||||
*resourcepermissions.Service
|
||||
}
|
||||
|
||||
var (
|
||||
@@ -80,7 +36,7 @@ var (
|
||||
func ProvideTeamPermissions(
|
||||
cfg *setting.Cfg, router routing.RouteRegister, sql *sqlstore.SQLStore,
|
||||
ac accesscontrol.AccessControl, store resourcepermissions.Store,
|
||||
) (*resourcepermissions.Service, error) {
|
||||
) (*TeamPermissionsService, error) {
|
||||
options := resourcepermissions.Options{
|
||||
Resource: "teams",
|
||||
ResourceAttribute: "id",
|
||||
@@ -135,7 +91,15 @@ func ProvideTeamPermissions(
|
||||
},
|
||||
}
|
||||
|
||||
return resourcepermissions.New(options, cfg, router, ac, store, sql)
|
||||
srv, err := resourcepermissions.New(options, cfg, router, ac, store, sql)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &TeamPermissionsService{srv}, nil
|
||||
}
|
||||
|
||||
type DashboardPermissionsService struct {
|
||||
*resourcepermissions.Service
|
||||
}
|
||||
|
||||
var DashboardViewActions = []string{dashboards.ActionDashboardsRead}
|
||||
@@ -145,7 +109,7 @@ var DashboardAdminActions = append(DashboardEditActions, []string{dashboards.Act
|
||||
func ProvideDashboardPermissions(
|
||||
cfg *setting.Cfg, router routing.RouteRegister, sql *sqlstore.SQLStore,
|
||||
ac accesscontrol.AccessControl, store resourcepermissions.Store,
|
||||
) (*resourcepermissions.Service, error) {
|
||||
) (*DashboardPermissionsService, error) {
|
||||
getDashboard := func(ctx context.Context, orgID int64, resourceID string) (*models.Dashboard, error) {
|
||||
query := &models.GetDashboardQuery{Uid: resourceID, OrgId: orgID}
|
||||
if err := sql.GetDashboard(ctx, query); err != nil {
|
||||
@@ -199,7 +163,15 @@ func ProvideDashboardPermissions(
|
||||
RoleGroup: "Dashboards",
|
||||
}
|
||||
|
||||
return resourcepermissions.New(options, cfg, router, ac, store, sql)
|
||||
srv, err := resourcepermissions.New(options, cfg, router, ac, store, sql)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &DashboardPermissionsService{srv}, nil
|
||||
}
|
||||
|
||||
type FolderPermissionsService struct {
|
||||
*resourcepermissions.Service
|
||||
}
|
||||
|
||||
var FolderViewActions = []string{dashboards.ActionFoldersRead}
|
||||
@@ -209,7 +181,7 @@ var FolderAdminActions = append(FolderEditActions, []string{dashboards.ActionFol
|
||||
func ProvideFolderPermissions(
|
||||
cfg *setting.Cfg, router routing.RouteRegister, sql *sqlstore.SQLStore,
|
||||
accesscontrol accesscontrol.AccessControl, store resourcepermissions.Store,
|
||||
) (*resourcepermissions.Service, error) {
|
||||
) (*FolderPermissionsService, error) {
|
||||
options := resourcepermissions.Options{
|
||||
Resource: "folders",
|
||||
ResourceAttribute: "uid",
|
||||
@@ -239,38 +211,41 @@ func ProvideFolderPermissions(
|
||||
WriterRoleName: "Folder permission writer",
|
||||
RoleGroup: "Folders",
|
||||
}
|
||||
|
||||
return resourcepermissions.New(options, cfg, router, accesscontrol, store, sql)
|
||||
srv, err := resourcepermissions.New(options, cfg, router, accesscontrol, store, sql)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &FolderPermissionsService{srv}, nil
|
||||
}
|
||||
|
||||
func provideEmptyPermissionsService() accesscontrol.PermissionsService {
|
||||
return &emptyPermissionsService{}
|
||||
func ProvideDatasourcePermissionsService() *DatasourcePermissionsService {
|
||||
return &DatasourcePermissionsService{}
|
||||
}
|
||||
|
||||
var _ accesscontrol.PermissionsService = new(emptyPermissionsService)
|
||||
var _ accesscontrol.DatasourcePermissionsService = new(DatasourcePermissionsService)
|
||||
|
||||
type emptyPermissionsService struct{}
|
||||
type DatasourcePermissionsService struct{}
|
||||
|
||||
func (e emptyPermissionsService) GetPermissions(ctx context.Context, user *models.SignedInUser, resourceID string) ([]accesscontrol.ResourcePermission, error) {
|
||||
func (e DatasourcePermissionsService) GetPermissions(ctx context.Context, user *models.SignedInUser, resourceID string) ([]accesscontrol.ResourcePermission, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func (e emptyPermissionsService) SetUserPermission(ctx context.Context, orgID int64, user accesscontrol.User, resourceID, permission string) (*accesscontrol.ResourcePermission, error) {
|
||||
func (e DatasourcePermissionsService) SetUserPermission(ctx context.Context, orgID int64, user accesscontrol.User, resourceID, permission string) (*accesscontrol.ResourcePermission, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func (e emptyPermissionsService) SetTeamPermission(ctx context.Context, orgID, teamID int64, resourceID, permission string) (*accesscontrol.ResourcePermission, error) {
|
||||
func (e DatasourcePermissionsService) SetTeamPermission(ctx context.Context, orgID, teamID int64, resourceID, permission string) (*accesscontrol.ResourcePermission, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func (e emptyPermissionsService) SetBuiltInRolePermission(ctx context.Context, orgID int64, builtInRole string, resourceID string, permission string) (*accesscontrol.ResourcePermission, error) {
|
||||
func (e DatasourcePermissionsService) SetBuiltInRolePermission(ctx context.Context, orgID int64, builtInRole string, resourceID string, permission string) (*accesscontrol.ResourcePermission, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func (e emptyPermissionsService) SetPermissions(ctx context.Context, orgID int64, resourceID string, commands ...accesscontrol.SetResourcePermissionCommand) ([]accesscontrol.ResourcePermission, error) {
|
||||
func (e DatasourcePermissionsService) SetPermissions(ctx context.Context, orgID int64, resourceID string, commands ...accesscontrol.SetResourcePermissionCommand) ([]accesscontrol.ResourcePermission, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func (e emptyPermissionsService) MapActions(permission accesscontrol.ResourcePermission) string {
|
||||
func (e DatasourcePermissionsService) MapActions(permission accesscontrol.ResourcePermission) string {
|
||||
return ""
|
||||
}
|
||||
|
||||
@@ -65,9 +65,15 @@ func (a *api) registerEndpoints() {
|
||||
readEvaluator, writeEvaluator := a.getEvaluators(actionRead, actionWrite, scope)
|
||||
r.Get("/description", auth(disable, accesscontrol.EvalPermission(actionRead)), routing.Wrap(a.getDescription))
|
||||
r.Get("/:resourceID", inheritanceSolver, auth(disable, readEvaluator), routing.Wrap(a.getPermissions))
|
||||
r.Post("/:resourceID/users/:userID", inheritanceSolver, auth(disable, writeEvaluator), routing.Wrap(a.setUserPermission))
|
||||
r.Post("/:resourceID/teams/:teamID", inheritanceSolver, auth(disable, writeEvaluator), routing.Wrap(a.setTeamPermission))
|
||||
r.Post("/:resourceID/builtInRoles/:builtInRole", inheritanceSolver, auth(disable, writeEvaluator), routing.Wrap(a.setBuiltinRolePermission))
|
||||
if a.service.options.Assignments.Users {
|
||||
r.Post("/:resourceID/users/:userID", inheritanceSolver, auth(disable, writeEvaluator), routing.Wrap(a.setUserPermission))
|
||||
}
|
||||
if a.service.options.Assignments.Teams {
|
||||
r.Post("/:resourceID/teams/:teamID", inheritanceSolver, auth(disable, writeEvaluator), routing.Wrap(a.setTeamPermission))
|
||||
}
|
||||
if a.service.options.Assignments.BuiltInRoles {
|
||||
r.Post("/:resourceID/builtInRoles/:builtInRole", inheritanceSolver, auth(disable, writeEvaluator), routing.Wrap(a.setBuiltinRolePermission))
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
@@ -35,13 +35,14 @@ type DashboardServiceImpl struct {
|
||||
dashboardStore m.Store
|
||||
dashAlertExtractor alerting.DashAlertExtractor
|
||||
features featuremgmt.FeatureToggles
|
||||
folderPermissions accesscontrol.PermissionsService
|
||||
dashboardPermissions accesscontrol.PermissionsService
|
||||
folderPermissions accesscontrol.FolderPermissionsService
|
||||
dashboardPermissions accesscontrol.DashboardPermissionsService
|
||||
}
|
||||
|
||||
func ProvideDashboardService(
|
||||
cfg *setting.Cfg, store m.Store, dashAlertExtractor alerting.DashAlertExtractor,
|
||||
features featuremgmt.FeatureToggles, permissionsServices accesscontrol.PermissionsServices,
|
||||
features featuremgmt.FeatureToggles, folderPermissionsService accesscontrol.FolderPermissionsService,
|
||||
dashboardPermissionsService accesscontrol.DashboardPermissionsService,
|
||||
) *DashboardServiceImpl {
|
||||
return &DashboardServiceImpl{
|
||||
cfg: cfg,
|
||||
@@ -49,8 +50,8 @@ func ProvideDashboardService(
|
||||
dashboardStore: store,
|
||||
dashAlertExtractor: dashAlertExtractor,
|
||||
features: features,
|
||||
folderPermissions: permissionsServices.GetFolderService(),
|
||||
dashboardPermissions: permissionsServices.GetDashboardService(),
|
||||
folderPermissions: folderPermissionsService,
|
||||
dashboardPermissions: dashboardPermissionsService,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -862,7 +862,9 @@ func callSaveWithResult(t *testing.T, cmd models.SaveDashboardCommand, sqlStore
|
||||
cfg.IsFeatureToggleEnabled = featuremgmt.WithFeatures().IsEnabled
|
||||
service := ProvideDashboardService(
|
||||
cfg, dashboardStore, &dummyDashAlertExtractor{},
|
||||
featuremgmt.WithFeatures(), accesscontrolmock.NewPermissionsServicesMock(),
|
||||
featuremgmt.WithFeatures(),
|
||||
accesscontrolmock.NewMockedPermissionsService(),
|
||||
accesscontrolmock.NewMockedPermissionsService(),
|
||||
)
|
||||
res, err := service.SaveDashboard(context.Background(), &dto, false)
|
||||
require.NoError(t, err)
|
||||
@@ -877,7 +879,9 @@ func callSaveWithError(cmd models.SaveDashboardCommand, sqlStore *sqlstore.SQLSt
|
||||
cfg.IsFeatureToggleEnabled = featuremgmt.WithFeatures().IsEnabled
|
||||
service := ProvideDashboardService(
|
||||
cfg, dashboardStore, &dummyDashAlertExtractor{},
|
||||
featuremgmt.WithFeatures(), accesscontrolmock.NewPermissionsServicesMock(),
|
||||
featuremgmt.WithFeatures(),
|
||||
accesscontrolmock.NewMockedPermissionsService(),
|
||||
accesscontrolmock.NewMockedPermissionsService(),
|
||||
)
|
||||
_, err := service.SaveDashboard(context.Background(), &dto, false)
|
||||
return err
|
||||
@@ -910,7 +914,8 @@ func saveTestDashboard(t *testing.T, title string, orgID, folderID int64, sqlSto
|
||||
cfg.IsFeatureToggleEnabled = featuremgmt.WithFeatures().IsEnabled
|
||||
service := ProvideDashboardService(
|
||||
cfg, dashboardStore, &dummyDashAlertExtractor{},
|
||||
featuremgmt.WithFeatures(), accesscontrolmock.NewPermissionsServicesMock(),
|
||||
featuremgmt.WithFeatures(),
|
||||
accesscontrolmock.NewMockedPermissionsService(), accesscontrolmock.NewMockedPermissionsService(),
|
||||
)
|
||||
res, err := service.SaveDashboard(context.Background(), &dto, false)
|
||||
require.NoError(t, err)
|
||||
@@ -944,7 +949,8 @@ func saveTestFolder(t *testing.T, title string, orgID int64, sqlStore *sqlstore.
|
||||
cfg.IsFeatureToggleEnabled = featuremgmt.WithFeatures().IsEnabled
|
||||
service := ProvideDashboardService(
|
||||
cfg, dashboardStore, &dummyDashAlertExtractor{},
|
||||
featuremgmt.WithFeatures(), accesscontrolmock.NewPermissionsServicesMock(),
|
||||
featuremgmt.WithFeatures(),
|
||||
accesscontrolmock.NewMockedPermissionsService(), accesscontrolmock.NewMockedPermissionsService(),
|
||||
)
|
||||
res, err := service.SaveDashboard(context.Background(), &dto, false)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -23,13 +23,13 @@ type FolderServiceImpl struct {
|
||||
dashboardStore dashboards.Store
|
||||
searchService *search.SearchService
|
||||
features featuremgmt.FeatureToggles
|
||||
permissions accesscontrol.PermissionsService
|
||||
permissions accesscontrol.FolderPermissionsService
|
||||
sqlStore sqlstore.Store
|
||||
}
|
||||
|
||||
func ProvideFolderService(
|
||||
cfg *setting.Cfg, dashboardService dashboards.DashboardService, dashboardStore dashboards.Store,
|
||||
searchService *search.SearchService, features featuremgmt.FeatureToggles, permissionsServices accesscontrol.PermissionsServices,
|
||||
searchService *search.SearchService, features featuremgmt.FeatureToggles, folderPermissionsService accesscontrol.FolderPermissionsService,
|
||||
ac accesscontrol.AccessControl, sqlStore sqlstore.Store,
|
||||
) *FolderServiceImpl {
|
||||
ac.RegisterScopeAttributeResolver(dashboards.NewFolderNameScopeResolver(dashboardStore))
|
||||
@@ -42,7 +42,7 @@ func ProvideFolderService(
|
||||
dashboardStore: dashboardStore,
|
||||
searchService: searchService,
|
||||
features: features,
|
||||
permissions: permissionsServices.GetFolderService(),
|
||||
permissions: folderPermissionsService,
|
||||
sqlStore: sqlStore,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -32,13 +32,14 @@ func TestProvideFolderService(t *testing.T) {
|
||||
cfg := setting.NewCfg()
|
||||
features := featuremgmt.WithFeatures()
|
||||
cfg.IsFeatureToggleEnabled = features.IsEnabled
|
||||
permissionsServices := acmock.NewPermissionsServicesMock()
|
||||
dashboardService := ProvideDashboardService(cfg, store, nil, features, permissionsServices)
|
||||
folderPermissions := acmock.NewMockedPermissionsService()
|
||||
dashboardPermissions := acmock.NewMockedPermissionsService()
|
||||
dashboardService := ProvideDashboardService(cfg, store, nil, features, folderPermissions, dashboardPermissions)
|
||||
ac := acmock.New()
|
||||
|
||||
ProvideFolderService(
|
||||
cfg, &dashboards.FakeDashboardService{DashboardService: dashboardService},
|
||||
store, nil, features, permissionsServices, ac, mockstore.NewSQLStoreMock(),
|
||||
store, nil, features, folderPermissions, ac, mockstore.NewSQLStoreMock(),
|
||||
)
|
||||
|
||||
require.Len(t, ac.Calls.RegisterAttributeScopeResolver, 2)
|
||||
@@ -51,8 +52,9 @@ func TestFolderService(t *testing.T) {
|
||||
cfg := setting.NewCfg()
|
||||
features := featuremgmt.WithFeatures()
|
||||
cfg.IsFeatureToggleEnabled = features.IsEnabled
|
||||
permissionsServices := acmock.NewPermissionsServicesMock()
|
||||
dashboardService := ProvideDashboardService(cfg, store, nil, features, permissionsServices)
|
||||
folderPermissions := acmock.NewMockedPermissionsService()
|
||||
dashboardPermissions := acmock.NewMockedPermissionsService()
|
||||
dashboardService := ProvideDashboardService(cfg, store, nil, features, folderPermissions, dashboardPermissions)
|
||||
mockStore := mockstore.NewSQLStoreMock()
|
||||
|
||||
service := FolderServiceImpl{
|
||||
@@ -62,7 +64,7 @@ func TestFolderService(t *testing.T) {
|
||||
dashboardStore: store,
|
||||
searchService: nil,
|
||||
features: features,
|
||||
permissions: permissionsServices.GetFolderService(),
|
||||
permissions: folderPermissions,
|
||||
sqlStore: mockStore,
|
||||
}
|
||||
|
||||
|
||||
@@ -35,7 +35,7 @@ type Service struct {
|
||||
SecretsService secrets.Service
|
||||
cfg *setting.Cfg
|
||||
features featuremgmt.FeatureToggles
|
||||
permissionsService accesscontrol.PermissionsService
|
||||
permissionsService accesscontrol.DatasourcePermissionsService
|
||||
ac accesscontrol.AccessControl
|
||||
|
||||
ptc proxyTransportCache
|
||||
@@ -53,7 +53,7 @@ type cachedRoundTripper struct {
|
||||
|
||||
func ProvideService(
|
||||
store *sqlstore.SQLStore, secretsService secrets.Service, secretsStore kvstore.SecretsKVStore, cfg *setting.Cfg,
|
||||
features featuremgmt.FeatureToggles, ac accesscontrol.AccessControl, permissionsServices accesscontrol.PermissionsServices,
|
||||
features featuremgmt.FeatureToggles, ac accesscontrol.AccessControl, datasourcePermissionsService accesscontrol.DatasourcePermissionsService,
|
||||
) *Service {
|
||||
s := &Service{
|
||||
SQLStore: store,
|
||||
@@ -64,7 +64,7 @@ func ProvideService(
|
||||
},
|
||||
cfg: cfg,
|
||||
features: features,
|
||||
permissionsService: permissionsServices.GetDataSourceService(),
|
||||
permissionsService: datasourcePermissionsService,
|
||||
ac: ac,
|
||||
}
|
||||
|
||||
|
||||
@@ -198,7 +198,7 @@ func TestService_GetHttpTransport(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
rt1, err := dsService.GetHTTPTransport(context.Background(), &ds, provider)
|
||||
require.NoError(t, err)
|
||||
@@ -232,7 +232,7 @@ func TestService_GetHttpTransport(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
ds := models.DataSource{
|
||||
Id: 1,
|
||||
@@ -280,7 +280,7 @@ func TestService_GetHttpTransport(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
ds := models.DataSource{
|
||||
Id: 1,
|
||||
@@ -325,7 +325,7 @@ func TestService_GetHttpTransport(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
ds := models.DataSource{
|
||||
Id: 1,
|
||||
@@ -367,7 +367,7 @@ func TestService_GetHttpTransport(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
ds := models.DataSource{
|
||||
Id: 1,
|
||||
@@ -399,7 +399,7 @@ func TestService_GetHttpTransport(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
ds := models.DataSource{
|
||||
Id: 1,
|
||||
@@ -465,7 +465,7 @@ func TestService_GetHttpTransport(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
ds := models.DataSource{
|
||||
Id: 1,
|
||||
@@ -499,7 +499,7 @@ func TestService_GetHttpTransport(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
ds := models.DataSource{
|
||||
Type: models.DS_ES,
|
||||
@@ -535,7 +535,7 @@ func TestService_getTimeout(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
for _, tc := range testCases {
|
||||
ds := &models.DataSource{
|
||||
@@ -576,7 +576,7 @@ func TestService_HTTPClientOptions(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
opts, err := dsService.httpClientOptions(context.Background(), &ds)
|
||||
require.NoError(t, err)
|
||||
@@ -594,7 +594,7 @@ func TestService_HTTPClientOptions(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
opts, err := dsService.httpClientOptions(context.Background(), &ds)
|
||||
require.NoError(t, err)
|
||||
@@ -614,7 +614,7 @@ func TestService_HTTPClientOptions(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
_, err := dsService.httpClientOptions(context.Background(), &ds)
|
||||
assert.Error(t, err)
|
||||
@@ -633,7 +633,7 @@ func TestService_HTTPClientOptions(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
opts, err := dsService.httpClientOptions(context.Background(), &ds)
|
||||
require.NoError(t, err)
|
||||
@@ -652,7 +652,7 @@ func TestService_HTTPClientOptions(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
opts, err := dsService.httpClientOptions(context.Background(), &ds)
|
||||
require.NoError(t, err)
|
||||
@@ -675,7 +675,7 @@ func TestService_HTTPClientOptions(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, features, acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
_, err := dsService.httpClientOptions(context.Background(), &ds)
|
||||
assert.Error(t, err)
|
||||
@@ -696,7 +696,7 @@ func TestService_HTTPClientOptions(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
opts, err := dsService.httpClientOptions(context.Background(), &ds)
|
||||
require.NoError(t, err)
|
||||
@@ -719,7 +719,7 @@ func TestService_GetDecryptedValues(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, nil, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, nil, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
jsonData := map[string]string{
|
||||
"password": "securePassword",
|
||||
@@ -744,7 +744,7 @@ func TestService_GetDecryptedValues(t *testing.T) {
|
||||
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, nil, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
dsService := ProvideService(nil, secretsService, secretsStore, nil, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
jsonData := map[string]string{
|
||||
"password": "securePassword",
|
||||
|
||||
@@ -22,29 +22,33 @@ var _ DashboardGuardian = new(AccessControlDashboardGuardian)
|
||||
|
||||
func NewAccessControlDashboardGuardian(
|
||||
ctx context.Context, dashboardId int64, user *models.SignedInUser,
|
||||
store sqlstore.Store, ac accesscontrol.AccessControl, permissionsServices accesscontrol.PermissionsServices,
|
||||
store sqlstore.Store, ac accesscontrol.AccessControl,
|
||||
folderPermissionsService accesscontrol.FolderPermissionsService,
|
||||
dashboardPermissionsService accesscontrol.DashboardPermissionsService,
|
||||
) *AccessControlDashboardGuardian {
|
||||
return &AccessControlDashboardGuardian{
|
||||
ctx: ctx,
|
||||
log: log.New("dashboard.permissions"),
|
||||
dashboardID: dashboardId,
|
||||
user: user,
|
||||
store: store,
|
||||
ac: ac,
|
||||
permissionServices: permissionsServices,
|
||||
ctx: ctx,
|
||||
log: log.New("dashboard.permissions"),
|
||||
dashboardID: dashboardId,
|
||||
user: user,
|
||||
store: store,
|
||||
ac: ac,
|
||||
folderPermissionsService: folderPermissionsService,
|
||||
dashboardPermissionsService: dashboardPermissionsService,
|
||||
}
|
||||
}
|
||||
|
||||
type AccessControlDashboardGuardian struct {
|
||||
ctx context.Context
|
||||
log log.Logger
|
||||
dashboardID int64
|
||||
dashboard *models.Dashboard
|
||||
parentFolderUID string
|
||||
user *models.SignedInUser
|
||||
store sqlstore.Store
|
||||
ac accesscontrol.AccessControl
|
||||
permissionServices accesscontrol.PermissionsServices
|
||||
ctx context.Context
|
||||
log log.Logger
|
||||
dashboardID int64
|
||||
dashboard *models.Dashboard
|
||||
parentFolderUID string
|
||||
user *models.SignedInUser
|
||||
store sqlstore.Store
|
||||
ac accesscontrol.AccessControl
|
||||
folderPermissionsService accesscontrol.FolderPermissionsService
|
||||
dashboardPermissionsService accesscontrol.DashboardPermissionsService
|
||||
}
|
||||
|
||||
func (a *AccessControlDashboardGuardian) CanSave() (bool, error) {
|
||||
@@ -169,9 +173,11 @@ func (a *AccessControlDashboardGuardian) GetAcl() ([]*models.DashboardAclInfoDTO
|
||||
return nil, err
|
||||
}
|
||||
|
||||
svc := a.permissionServices.GetDashboardService()
|
||||
var svc accesscontrol.PermissionsService
|
||||
if a.dashboard.IsFolder {
|
||||
svc = a.permissionServices.GetFolderService()
|
||||
svc = a.folderPermissionsService
|
||||
} else {
|
||||
svc = a.dashboardPermissionsService
|
||||
}
|
||||
|
||||
permissions, err := svc.GetPermissions(a.ctx, a.user, strconv.FormatInt(a.dashboard.Id, 10))
|
||||
|
||||
@@ -559,10 +559,10 @@ func TestAccessControlDashboardGuardian_GetHiddenACL(t *testing.T) {
|
||||
t.Run(tt.desc, func(t *testing.T) {
|
||||
guardian, _ := setupAccessControlGuardianTest(t, "1", nil)
|
||||
|
||||
mocked := accesscontrolmock.NewPermissionsServicesMock()
|
||||
guardian.permissionServices = mocked
|
||||
mocked.Dashboards.On("MapActions", mock.Anything).Return("View")
|
||||
mocked.Dashboards.On("GetPermissions", mock.Anything, mock.Anything, mock.Anything).Return(tt.permissions, nil)
|
||||
mocked := accesscontrolmock.NewMockedPermissionsService()
|
||||
guardian.dashboardPermissionsService = mocked
|
||||
mocked.On("MapActions", mock.Anything).Return("View")
|
||||
mocked.On("GetPermissions", mock.Anything, mock.Anything, mock.Anything).Return(tt.permissions, nil)
|
||||
cfg := setting.NewCfg()
|
||||
cfg.HiddenUsers = tt.hiddenUsers
|
||||
permissions, err := guardian.GetHiddenACL(cfg)
|
||||
@@ -595,8 +595,10 @@ func setupAccessControlGuardianTest(t *testing.T, uid string, permissions []*acc
|
||||
})
|
||||
require.NoError(t, err)
|
||||
ac := accesscontrolmock.New().WithPermissions(permissions)
|
||||
services, err := ossaccesscontrol.ProvidePermissionsServices(setting.NewCfg(), routing.NewRouteRegister(), store, ac, database.ProvideService(store))
|
||||
folderPermissions, err := ossaccesscontrol.ProvideFolderPermissions(setting.NewCfg(), routing.NewRouteRegister(), store, ac, database.ProvideService(store))
|
||||
require.NoError(t, err)
|
||||
dashboardPermissions, err := ossaccesscontrol.ProvideDashboardPermissions(setting.NewCfg(), routing.NewRouteRegister(), store, ac, database.ProvideService(store))
|
||||
require.NoError(t, err)
|
||||
|
||||
return NewAccessControlDashboardGuardian(context.Background(), dash.Id, &models.SignedInUser{OrgId: 1}, store, ac, services), dash
|
||||
return NewAccessControlDashboardGuardian(context.Background(), dash.Id, &models.SignedInUser{OrgId: 1}, store, ac, folderPermissions, dashboardPermissions), dash
|
||||
}
|
||||
|
||||
@@ -5,16 +5,18 @@ import (
|
||||
|
||||
"github.com/grafana/grafana/pkg/models"
|
||||
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
||||
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
||||
"github.com/grafana/grafana/pkg/services/sqlstore"
|
||||
)
|
||||
|
||||
type Provider struct{}
|
||||
|
||||
func ProvideService(store *sqlstore.SQLStore, ac accesscontrol.AccessControl, permissionsServices accesscontrol.PermissionsServices, features featuremgmt.FeatureToggles) *Provider {
|
||||
func ProvideService(
|
||||
store *sqlstore.SQLStore, ac accesscontrol.AccessControl,
|
||||
folderPermissionsService accesscontrol.FolderPermissionsService, dashboardPermissionsService accesscontrol.DashboardPermissionsService,
|
||||
) *Provider {
|
||||
if !ac.IsDisabled() {
|
||||
// TODO: Fix this hack, see https://github.com/grafana/grafana-enterprise/issues/2935
|
||||
InitAcessControlGuardian(store, ac, permissionsServices)
|
||||
InitAccessControlGuardian(store, ac, folderPermissionsService, dashboardPermissionsService)
|
||||
} else {
|
||||
InitLegacyGuardian(store)
|
||||
}
|
||||
@@ -27,8 +29,11 @@ func InitLegacyGuardian(store sqlstore.Store) {
|
||||
}
|
||||
}
|
||||
|
||||
func InitAcessControlGuardian(store sqlstore.Store, ac accesscontrol.AccessControl, permissionsServices accesscontrol.PermissionsServices) {
|
||||
func InitAccessControlGuardian(
|
||||
store sqlstore.Store, ac accesscontrol.AccessControl, folderPermissionsService accesscontrol.FolderPermissionsService,
|
||||
dashboardPermissionsService accesscontrol.DashboardPermissionsService,
|
||||
) {
|
||||
New = func(ctx context.Context, dashId int64, orgId int64, user *models.SignedInUser) DashboardGuardian {
|
||||
return NewAccessControlDashboardGuardian(ctx, dashId, user, store, ac, permissionsServices)
|
||||
return NewAccessControlDashboardGuardian(ctx, dashId, user, store, ac, folderPermissionsService, dashboardPermissionsService)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -205,9 +205,11 @@ func createDashboard(t *testing.T, sqlStore *sqlstore.SQLStore, user models.Sign
|
||||
features := featuremgmt.WithFeatures()
|
||||
cfg := setting.NewCfg()
|
||||
cfg.IsFeatureToggleEnabled = features.IsEnabled
|
||||
folderPermissions := acmock.NewMockedPermissionsService()
|
||||
dashboardPermissions := acmock.NewMockedPermissionsService()
|
||||
service := dashboardservice.ProvideDashboardService(
|
||||
cfg, dashboardStore, dashAlertExtractor,
|
||||
features, acmock.NewPermissionsServicesMock(),
|
||||
features, folderPermissions, dashboardPermissions,
|
||||
)
|
||||
dashboard, err := service.SaveDashboard(context.Background(), dashItem, true)
|
||||
require.NoError(t, err)
|
||||
@@ -222,17 +224,18 @@ func createFolderWithACL(t *testing.T, sqlStore *sqlstore.SQLStore, title string
|
||||
cfg := setting.NewCfg()
|
||||
features := featuremgmt.WithFeatures()
|
||||
cfg.IsFeatureToggleEnabled = features.IsEnabled
|
||||
permissionsServices := acmock.NewPermissionsServicesMock()
|
||||
folderPermissions := acmock.NewMockedPermissionsService()
|
||||
dashboardPermissions := acmock.NewMockedPermissionsService()
|
||||
dashboardStore := database.ProvideDashboardStore(sqlStore)
|
||||
|
||||
d := dashboardservice.ProvideDashboardService(
|
||||
cfg, dashboardStore, nil,
|
||||
features, permissionsServices,
|
||||
features, folderPermissions, dashboardPermissions,
|
||||
)
|
||||
ac := acmock.New()
|
||||
s := dashboardservice.ProvideFolderService(
|
||||
cfg, d, dashboardStore, nil,
|
||||
features, permissionsServices, ac, nil,
|
||||
features, folderPermissions, ac, nil,
|
||||
)
|
||||
t.Logf("Creating folder with title and UID %q", title)
|
||||
folder, err := s.CreateFolder(context.Background(), &user, user.OrgId, title, title)
|
||||
@@ -324,9 +327,12 @@ func testScenario(t *testing.T, desc string, fn func(t *testing.T, sc scenarioCo
|
||||
features := featuremgmt.WithFeatures()
|
||||
cfg := setting.NewCfg()
|
||||
cfg.IsFeatureToggleEnabled = features.IsEnabled
|
||||
folderPermissions := acmock.NewMockedPermissionsService()
|
||||
dashboardPermissions := acmock.NewMockedPermissionsService()
|
||||
|
||||
dashboardService := dashboardservice.ProvideDashboardService(
|
||||
cfg, dashboardStore, nil,
|
||||
features, acmock.NewPermissionsServicesMock(),
|
||||
features, folderPermissions, dashboardPermissions,
|
||||
)
|
||||
ac := acmock.New()
|
||||
service := LibraryElementService{
|
||||
@@ -334,7 +340,7 @@ func testScenario(t *testing.T, desc string, fn func(t *testing.T, sc scenarioCo
|
||||
SQLStore: sqlStore,
|
||||
folderService: dashboardservice.ProvideFolderService(
|
||||
cfg, dashboardService, dashboardStore, nil,
|
||||
features, acmock.NewPermissionsServicesMock(), ac, nil,
|
||||
features, folderPermissions, ac, nil,
|
||||
),
|
||||
}
|
||||
|
||||
|
||||
@@ -1372,7 +1372,7 @@ func createDashboard(t *testing.T, sqlStore *sqlstore.SQLStore, user *models.Sig
|
||||
cfg.IsFeatureToggleEnabled = featuremgmt.WithFeatures().IsEnabled
|
||||
service := dashboardservice.ProvideDashboardService(
|
||||
cfg, dashboardStore, dashAlertService,
|
||||
featuremgmt.WithFeatures(), acmock.NewPermissionsServicesMock(),
|
||||
featuremgmt.WithFeatures(), acmock.NewMockedPermissionsService(), acmock.NewMockedPermissionsService(),
|
||||
)
|
||||
dashboard, err := service.SaveDashboard(context.Background(), dashItem, true)
|
||||
require.NoError(t, err)
|
||||
@@ -1384,14 +1384,15 @@ func createFolderWithACL(t *testing.T, sqlStore *sqlstore.SQLStore, title string
|
||||
items []folderACLItem) *models.Folder {
|
||||
t.Helper()
|
||||
|
||||
ac := acmock.New()
|
||||
cfg := setting.NewCfg()
|
||||
cfg.IsFeatureToggleEnabled = featuremgmt.WithFeatures().IsEnabled
|
||||
features := featuremgmt.WithFeatures()
|
||||
permissionsServices := acmock.NewPermissionsServicesMock()
|
||||
folderPermissions := acmock.NewMockedPermissionsService()
|
||||
dashboardPermissions := acmock.NewMockedPermissionsService()
|
||||
dashboardStore := database.ProvideDashboardStore(sqlStore)
|
||||
d := dashboardservice.ProvideDashboardService(cfg, dashboardStore, nil, features, permissionsServices)
|
||||
ac := acmock.New()
|
||||
s := dashboardservice.ProvideFolderService(cfg, d, dashboardStore, nil, features, permissionsServices, ac, nil)
|
||||
d := dashboardservice.ProvideDashboardService(cfg, dashboardStore, nil, features, folderPermissions, dashboardPermissions)
|
||||
s := dashboardservice.ProvideFolderService(cfg, d, dashboardStore, nil, features, folderPermissions, ac, nil)
|
||||
|
||||
t.Logf("Creating folder with title and UID %q", title)
|
||||
folder, err := s.CreateFolder(context.Background(), user, user.OrgId, title, title)
|
||||
@@ -1484,17 +1485,18 @@ func testScenario(t *testing.T, desc string, fn func(t *testing.T, sc scenarioCo
|
||||
dashboardStore := database.ProvideDashboardStore(sqlStore)
|
||||
|
||||
features := featuremgmt.WithFeatures()
|
||||
permissionsServices := acmock.NewPermissionsServicesMock()
|
||||
folderPermissions := acmock.NewMockedPermissionsService()
|
||||
dashboardPermissions := acmock.NewMockedPermissionsService()
|
||||
|
||||
dashboardService := dashboardservice.ProvideDashboardService(
|
||||
cfg, dashboardStore, &alerting.DashAlertExtractorService{},
|
||||
features, permissionsServices,
|
||||
features, folderPermissions, dashboardPermissions,
|
||||
)
|
||||
ac := acmock.New()
|
||||
|
||||
folderService := dashboardservice.ProvideFolderService(
|
||||
cfg, dashboardService, dashboardStore, nil,
|
||||
features, permissionsServices, ac, nil,
|
||||
features, folderPermissions, ac, nil,
|
||||
)
|
||||
|
||||
elementService := libraryelements.ProvideService(cfg, sqlStore, routing.NewRouteRegister(), folderService)
|
||||
|
||||
@@ -51,15 +51,16 @@ func SetupTestEnv(t *testing.T, baseInterval time.Duration) (*ngalert.AlertNG, *
|
||||
|
||||
ac := acmock.New()
|
||||
features := featuremgmt.WithFeatures()
|
||||
permissionsServices := acmock.NewPermissionsServicesMock()
|
||||
folderPermissions := acmock.NewMockedPermissionsService()
|
||||
dashboardPermissions := acmock.NewMockedPermissionsService()
|
||||
|
||||
dashboardService := dashboardservice.ProvideDashboardService(
|
||||
cfg, dashboardStore, nil,
|
||||
features, permissionsServices,
|
||||
features, folderPermissions, dashboardPermissions,
|
||||
)
|
||||
folderService := dashboardservice.ProvideFolderService(
|
||||
cfg, dashboardService, dashboardStore, nil,
|
||||
features, permissionsServices, ac, nil,
|
||||
features, folderPermissions, ac, nil,
|
||||
)
|
||||
|
||||
ng, err := ngalert.ProvideService(
|
||||
|
||||
@@ -71,7 +71,7 @@ func setup(t *testing.T) *testContext {
|
||||
|
||||
ss := kvstore.SetupTestService(t)
|
||||
ssvc := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
ds := datasources.ProvideService(nil, ssvc, ss, nil, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
ds := datasources.ProvideService(nil, ssvc, ss, nil, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
|
||||
|
||||
return &testContext{
|
||||
pluginContext: pc,
|
||||
|
||||
@@ -41,7 +41,8 @@ func TestHandleRequest(t *testing.T) {
|
||||
}
|
||||
secretsStore := kvstore.SetupTestService(t)
|
||||
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
|
||||
datasourcePermissions := acmock.NewMockedPermissionsService()
|
||||
dsService := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), datasourcePermissions)
|
||||
s := ProvideService(client, nil, dsService)
|
||||
|
||||
ds := &models.DataSource{Id: 12, Type: "unregisteredType", JsonData: simplejson.New()}
|
||||
|
||||
Reference in New Issue
Block a user