IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Move SignedInUser to user service and RoleType and Roles to org (#53445)

Browse Source 
* Move SignedInUser to user service and RoleType and Roles to org

* Use go naming convention for roles

* Fix some imports and leftovers

* Fix ldap debug test

* Fix lint

* Fix lint 2

* Fix lint 3

* Fix type and not needed conversion

* Clean up messages in api tests

* Clean up api tests 2
This commit is contained in:
idafurjes
2022-08-10 11:56:48 +02:00
committed by GitHub
parent 46004037e2
commit 6afad51761
278 changed files with 1758 additions and 1543 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/services/guardian/accesscontrol_guardian.go
View File

@@ -7,7 +7,9 @@ import (
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/sqlstore"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/setting"
)
@@ -20,7 +22,7 @@ var permissionMap = map[string]models.PermissionType{
var _ DashboardGuardian = new(AccessControlDashboardGuardian)
func NewAccessControlDashboardGuardian(
ctx context.Context, dashboardId int64, user *models.SignedInUser,
ctx context.Context, dashboardId int64, user *user.SignedInUser,
store sqlstore.Store, ac accesscontrol.AccessControl,
folderPermissionsService accesscontrol.FolderPermissionsService,
dashboardPermissionsService accesscontrol.DashboardPermissionsService,
@@ -44,7 +46,7 @@ type AccessControlDashboardGuardian struct {
log log.Logger
dashboardID int64
dashboard *models.Dashboard
user *models.SignedInUser
user *user.SignedInUser
store sqlstore.Store
ac accesscontrol.AccessControl
folderPermissionsService accesscontrol.FolderPermissionsService
@@ -182,9 +184,9 @@ func (a *AccessControlDashboardGuardian) GetACL() ([]*models.DashboardACLInfoDTO
continue
}
var role *models.RoleType
var role *org.RoleType
if p.BuiltInRole != "" {
tmp := models.RoleType(p.BuiltInRole)
tmp := org.RoleType(p.BuiltInRole)
role = &tmp
}

3
pkg/services/guardian/accesscontrol_guardian_test.go
View File

@@ -6,6 +6,7 @@ import (
"testing"
"github.com/grafana/grafana/pkg/services/featuremgmt"
"github.com/grafana/grafana/pkg/services/user"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
@@ -610,7 +611,7 @@ func setupAccessControlGuardianTest(t *testing.T, uid string, permissions []acce
if dashboardSvc == nil {
dashboardSvc = &dashboards.FakeDashboardService{}
}
return NewAccessControlDashboardGuardian(context.Background(), dash.Id, &models.SignedInUser{OrgId: 1}, store, ac, folderPermissions, dashboardPermissions, dashboardSvc), dash
return NewAccessControlDashboardGuardian(context.Background(), dash.Id, &user.SignedInUser{OrgId: 1}, store, ac, folderPermissions, dashboardPermissions, dashboardSvc), dash
}
func testDashSvc(t *testing.T) dashboards.DashboardService {

18
pkg/services/guardian/guardian.go
View File

@@ -7,7 +7,9 @@ import (
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/sqlstore"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/setting"
)
@@ -37,7 +39,7 @@ type DashboardGuardian interface {
}
type dashboardGuardianImpl struct {
user *models.SignedInUser
user *user.SignedInUser
dashId int64
orgId int64
acl []*models.DashboardACLInfoDTO
@@ -50,11 +52,11 @@ type dashboardGuardianImpl struct {
// New factory for creating a new dashboard guardian instance
// When using access control this function is replaced on startup and the AccessControlDashboardGuardian is returned
var New = func(ctx context.Context, dashId int64, orgId int64, user *models.SignedInUser) DashboardGuardian {
var New = func(ctx context.Context, dashId int64, orgId int64, user *user.SignedInUser) DashboardGuardian {
panic("no guardian factory implementation provided")
}
func newDashboardGuardian(ctx context.Context, dashId int64, orgId int64, user *models.SignedInUser, store sqlstore.Store, dashSvc dashboards.DashboardService) *dashboardGuardianImpl {
func newDashboardGuardian(ctx context.Context, dashId int64, orgId int64, user *user.SignedInUser, store sqlstore.Store, dashSvc dashboards.DashboardService) *dashboardGuardianImpl {
return &dashboardGuardianImpl{
user: user,
dashId: dashId,
@@ -97,7 +99,7 @@ func (g *dashboardGuardianImpl) CanCreate(_ int64, _ bool) (bool, error) {
}
func (g *dashboardGuardianImpl) HasPermission(permission models.PermissionType) (bool, error) {
if g.user.OrgRole == models.ROLE_ADMIN {
if g.user.OrgRole == org.RoleAdmin {
return g.logHasPermissionResult(permission, true, nil)
}
@@ -174,7 +176,7 @@ func (g *dashboardGuardianImpl) checkACL(permission models.PermissionType, acl [
func (g *dashboardGuardianImpl) CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardACL) (bool, error) {
acl := []*models.DashboardACLInfoDTO{}
adminRole := models.ROLE_ADMIN
adminRole := org.RoleAdmin
everyoneWithAdminRole := &models.DashboardACLInfoDTO{DashboardId: g.dashId, UserId: 0, TeamId: 0, Role: &adminRole, Permission: models.PERMISSION_ADMIN}
// validate that duplicate permissions don't exists
@@ -211,7 +213,7 @@ func (g *dashboardGuardianImpl) CheckPermissionBeforeUpdate(permission models.Pe
}
}
if g.user.OrgRole == models.ROLE_ADMIN {
if g.user.OrgRole == org.RoleAdmin {
return true, nil
}
@@ -316,7 +318,7 @@ func (g *dashboardGuardianImpl) GetHiddenACL(cfg *setting.Cfg) ([]*models.Dashbo
type FakeDashboardGuardian struct {
DashId int64
OrgId int64
User *models.SignedInUser
User *user.SignedInUser
CanSaveValue bool
CanEditValue bool
CanViewValue bool
@@ -374,7 +376,7 @@ func (g *FakeDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*models.Dashbo
// nolint:unused
func MockDashboardGuardian(mock *FakeDashboardGuardian) {
New = func(_ context.Context, dashId int64, orgId int64, user *models.SignedInUser) DashboardGuardian {
New = func(_ context.Context, dashId int64, orgId int64, user *user.SignedInUser) DashboardGuardian {
mock.OrgId = orgId
mock.DashId = dashId
mock.User = user

22
pkg/services/guardian/guardian_test.go
View File

@@ -12,7 +12,9 @@ import (
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/sqlstore/mockstore"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/setting"
)
@@ -29,13 +31,13 @@ const (
)
var (
adminRole = models.ROLE_ADMIN
editorRole = models.ROLE_EDITOR
viewerRole = models.ROLE_VIEWER
adminRole = org.RoleAdmin
editorRole = org.RoleEditor
viewerRole = org.RoleViewer
)
func TestGuardianAdmin(t *testing.T) {
orgRoleScenario("Given user has admin org role", t, models.ROLE_ADMIN, func(sc *scenarioContext) {
orgRoleScenario("Given user has admin org role", t, org.RoleAdmin, func(sc *scenarioContext) {
// dashboard has default permissions
sc.defaultPermissionScenario(USER, FULL_ACCESS)
@@ -82,7 +84,7 @@ func TestGuardianAdmin(t *testing.T) {
}
func TestGuardianEditor(t *testing.T) {
orgRoleScenario("Given user has editor org role", t, models.ROLE_EDITOR, func(sc *scenarioContext) {
orgRoleScenario("Given user has editor org role", t, org.RoleEditor, func(sc *scenarioContext) {
// dashboard has default permissions
sc.defaultPermissionScenario(USER, EDITOR_ACCESS)
@@ -129,7 +131,7 @@ func TestGuardianEditor(t *testing.T) {
}
func TestGuardianViewer(t *testing.T) {
orgRoleScenario("Given user has viewer org role", t, models.ROLE_VIEWER, func(sc *scenarioContext) {
orgRoleScenario("Given user has viewer org role", t, org.RoleViewer, func(sc *scenarioContext) {
// dashboard has default permissions
sc.defaultPermissionScenario(USER, VIEWER_ACCESS)
@@ -174,7 +176,7 @@ func TestGuardianViewer(t *testing.T) {
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_VIEW, VIEWER_ACCESS)
})
apiKeyScenario("Given api key with viewer role", t, models.ROLE_VIEWER, func(sc *scenarioContext) {
apiKeyScenario("Given api key with viewer role", t, org.RoleViewer, func(sc *scenarioContext) {
// dashboard has default permissions
sc.defaultPermissionScenario(VIEWER, VIEWER_ACCESS)
})
@@ -699,7 +701,7 @@ func TestGuardianGetHiddenACL(t *testing.T) {
cfg.HiddenUsers = map[string]struct{}{"user2": {}}
t.Run("Should get hidden acl", func(t *testing.T) {
user := &models.SignedInUser{
user := &user.SignedInUser{
OrgId: orgID,
UserId: 1,
Login: "user1",
@@ -714,7 +716,7 @@ func TestGuardianGetHiddenACL(t *testing.T) {
})
t.Run("Grafana admin should not get hidden acl", func(t *testing.T) {
user := &models.SignedInUser{
user := &user.SignedInUser{
OrgId: orgID,
UserId: 1,
Login: "user1",
@@ -749,7 +751,7 @@ func TestGuardianGetACLWithoutDuplicates(t *testing.T) {
}).Return(nil)
t.Run("Should get acl without duplicates", func(t *testing.T) {
user := &models.SignedInUser{
user := &user.SignedInUser{
OrgId: orgID,
UserId: 1,
Login: "user1",

12
pkg/services/guardian/guardian_util_test.go
View File

@@ -12,7 +12,9 @@ import (
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/sqlstore/mockstore"
"github.com/grafana/grafana/pkg/services/user"
)
type scenarioContext struct {
@@ -20,7 +22,7 @@ type scenarioContext struct {
orgRoleScenario string
permissionScenario string
g DashboardGuardian
givenUser *models.SignedInUser
givenUser *user.SignedInUser
givenDashboardID int64
givenPermissions []*models.DashboardACLInfoDTO
givenTeams []*models.TeamDTO
@@ -32,9 +34,9 @@ type scenarioContext struct {
type scenarioFunc func(c *scenarioContext)
func orgRoleScenario(desc string, t *testing.T, role models.RoleType, fn scenarioFunc) {
func orgRoleScenario(desc string, t *testing.T, role org.RoleType, fn scenarioFunc) {
t.Run(desc, func(t *testing.T) {
user := &models.SignedInUser{
user := &user.SignedInUser{
UserId: userID,
OrgId: orgID,
OrgRole: role,
@@ -53,9 +55,9 @@ func orgRoleScenario(desc string, t *testing.T, role models.RoleType, fn scenari
})
}
func apiKeyScenario(desc string, t *testing.T, role models.RoleType, fn scenarioFunc) {
func apiKeyScenario(desc string, t *testing.T, role org.RoleType, fn scenarioFunc) {
t.Run(desc, func(t *testing.T) {
user := &models.SignedInUser{
user := &user.SignedInUser{
UserId: 0,
OrgId: orgID,
OrgRole: role,

6
pkg/services/guardian/provider.go
View File

@@ -3,10 +3,10 @@ package guardian
import (
"context"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/sqlstore"
"github.com/grafana/grafana/pkg/services/user"
)
type Provider struct{}
@@ -26,7 +26,7 @@ func ProvideService(
}
func InitLegacyGuardian(store sqlstore.Store, dashSvc dashboards.DashboardService) {
New = func(ctx context.Context, dashId int64, orgId int64, user *models.SignedInUser) DashboardGuardian {
New = func(ctx context.Context, dashId int64, orgId int64, user *user.SignedInUser) DashboardGuardian {
return newDashboardGuardian(ctx, dashId, orgId, user, store, dashSvc)
}
}
@@ -35,7 +35,7 @@ func InitAccessControlGuardian(
store sqlstore.Store, ac accesscontrol.AccessControl, folderPermissionsService accesscontrol.FolderPermissionsService,
dashboardPermissionsService accesscontrol.DashboardPermissionsService, dashboardService dashboards.DashboardService,
) {
New = func(ctx context.Context, dashId int64, orgId int64, user *models.SignedInUser) DashboardGuardian {
New = func(ctx context.Context, dashId int64, orgId int64, user *user.SignedInUser) DashboardGuardian {
return NewAccessControlDashboardGuardian(ctx, dashId, user, store, ac, folderPermissionsService, dashboardPermissionsService, dashboardService)
}
}