RBAC: Fix DeleteUserPermissions not being called on Upsert org sync (#60531)

* fix DeleteUserPermissions not being called on RemoveOrgUser

* do not error out of auth flow

* fix test missing service
This commit is contained in:
Jo 2022-12-19 16:10:31 +00:00 committed by GitHub
parent dbff9b4b97
commit 77786f236a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 3 deletions

View File

@ -310,12 +310,13 @@ func (ls *Implementation) syncOrgRoles(ctx context.Context, usr *user.User, extU
logger.Error(err.Error(), "userId", cmd.UserID, "orgId", cmd.OrgID)
continue
}
if err := ls.accessControl.DeleteUserPermissions(ctx, orgId, cmd.UserID); err != nil {
logger.Warn("failed to delete permissions for user", "userID", cmd.UserID, "orgID", orgId)
}
return err
}
if err := ls.accessControl.DeleteUserPermissions(ctx, orgId, cmd.UserID); err != nil {
logger.Warn("failed to delete permissions for user", "error", err, "userID", cmd.UserID, "orgID", orgId)
}
}
// update user's default org if needed

View File

@ -9,6 +9,7 @@ import (
"github.com/go-kit/log"
"github.com/go-kit/log/level"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/accesscontrol/actest"
"github.com/grafana/grafana/pkg/services/login"
"github.com/grafana/grafana/pkg/services/login/logintest"
"github.com/grafana/grafana/pkg/services/org"
@ -54,6 +55,7 @@ func Test_syncOrgRoles_whenTryingToRemoveLastOrgLogsError(t *testing.T) {
AuthInfoService: authInfoMock,
userService: usertest.NewUserServiceFake(),
orgService: orgService,
accessControl: &actest.FakeService{},
}
err := login.syncOrgRoles(context.Background(), &user, &externalUser)