Access Control: Support other attributes than id for resource permissions (#46727)

* Add option to set ResourceAttribute for a permissions service * Use prefix in access control sql filter to parse scopes * Use prefix in access control metadata to check access
2025-02-25 18:55:37 -06:00 · 2022-03-21 17:58:18 +01:00
parent 79f5c7d7a7
commit 7ab1ef8d6e
26 changed files with 363 additions and 288 deletions
--- a/pkg/api/org_users.go
+++ b/pkg/api/org_users.go
@@ -150,7 +150,7 @@ func (hs *HTTPServer) getOrgUsersHelper(c *models.ReqContext, query *models.GetO
 		filteredUsers = append(filteredUsers, user)
 	}

-	accessControlMetadata := hs.getMultiAccessControlMetadata(c, "users", userIDs)
+	accessControlMetadata := hs.getMultiAccessControlMetadata(c, "users:id:", userIDs)
 	if len(accessControlMetadata) > 0 {
 		for i := range filteredUsers {
 			filteredUsers[i].AccessControl = accessControlMetadata[fmt.Sprint(filteredUsers[i].UserId)]