RBAC: Search fix userID filter (#81337)

pkg/services/accesscontrol/api/api.go

@@ -68,18 +68,21 @@ func (api *AccessControlAPI) getUserPermissions(c *contextmodel.ReqContext) resp
 
 // GET /api/access-control/users/permissions/search
 func (api *AccessControlAPI) searchUsersPermissions(c *contextmodel.ReqContext) response.Response {
-	userIDString := c.Query("userId")
-	userID, err := strconv.ParseInt(userIDString, 10, 64)
-	if err != nil {
-		return response.Error(http.StatusBadRequest, "user ID is invalid", err)
-	}
 	searchOptions := ac.SearchOptions{
 		UserLogin:    c.Query("userLogin"),
 		ActionPrefix: c.Query("actionPrefix"),
 		Action:       c.Query("action"),
 		Scope:        c.Query("scope"),
 	}
-	searchOptions.UserID = userID
+
+	userIDString := c.Query("userId")
+	if userIDString != "" {
+		userID, err := strconv.ParseInt(userIDString, 10, 64)
+		if err != nil {
+			return response.Error(http.StatusBadRequest, "user ID is invalid", err)
+		}
+		searchOptions.UserID = userID
+	}
 
 	// Validate inputs
 	if (searchOptions.ActionPrefix != "") && (searchOptions.Action != "") {

pkg/services/accesscontrol/api/api_test.go

@@ -162,6 +162,19 @@ func TestAccessControlAPI_searchUsersPermissions(t *testing.T) {
 			expectedCode:   http.StatusOK,
 			expectedOutput: map[int64]map[string][]string{2: {"users:read": {"users:*"}}},
 		},
+		{
+			desc:    "Should work with valid action filter",
+			filters: "?actionPrefix=users:",
+			permissions: map[int64][]ac.Permission{
+				1: {{Action: "users:write", Scope: "users:id:1"}},
+				2: {{Action: "users:read", Scope: "users:id:2"}},
+			},
+			expectedCode: http.StatusOK,
+			expectedOutput: map[int64]map[string][]string{
+				1: {"users:write": {"users:id:1"}},
+				2: {"users:read": {"users:id:2"}},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {