Access control: refactor RBAC checks (#48107)

* refactor RBAC checks * fix a test * another test fix * and another
2025-02-25 18:55:37 -06:00 · 2022-04-25 10:42:09 +02:00
parent 2e599643f6
commit 68ca5b2e05
13 changed files with 27 additions and 29 deletions
--- a/pkg/services/datasources/service/datasource_service.go
+++ b/pkg/services/datasources/service/datasource_service.go
@@ -33,6 +33,7 @@ type Service struct {
 	cfg                *setting.Cfg
 	features           featuremgmt.FeatureToggles
 	permissionsService accesscontrol.PermissionsService
+	ac                 accesscontrol.AccessControl

 	ptc               proxyTransportCache
 	dsDecryptionCache secureJSONDecryptionCache
@@ -74,6 +75,7 @@ func ProvideService(
 		cfg:                cfg,
 		features:           features,
 		permissionsService: permissionsServices.GetDataSourceService(),
+		ac:                 ac,
 	}

 	ac.RegisterAttributeScopeResolver(NewNameScopeResolver(store))
@@ -162,7 +164,7 @@ func (s *Service) AddDataSource(ctx context.Context, cmd *models.AddDataSourceCo
 		return err
 	}

-	if s.features.IsEnabled(featuremgmt.FlagAccesscontrol) {
+	if !s.ac.IsDisabled() {
 		// This belongs in Data source permissions, and we probably want
 		// to do this with a hook in the store and rollback on fail.
 		// We can't use events, because there's no way to communicate
--- a/pkg/services/datasources/service/datasource_service_test.go
+++ b/pkg/services/datasources/service/datasource_service_test.go
@@ -38,7 +38,7 @@ func TestService(t *testing.T) {
 	})

 	secretsService := secretsManager.SetupTestService(t, database.ProvideSecretsStore(sqlStore))
-	s := ProvideService(sqlStore, secretsService, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewPermissionsServicesMock())
+	s := ProvideService(sqlStore, secretsService, cfg, featuremgmt.WithFeatures(), acmock.New().WithDisabled(), acmock.NewPermissionsServicesMock())

 	var ds *models.DataSource