Replace signed in user for identity.requester (#73750)

* Make identity.Requester available at Context * Clean pkg/services/guardian/guardian.go * Clean guardian provider and guardian AC * Clean pkg/api/team.go * Clean ctxhandler, datasources, plugin and live * Question: what to do with the UserDisplayDTO? * Clean dashboards and guardian * Remove identity.Requester from ReqContext * Implement NewUserDisplayDTOFromRequester * Fix tests * Change status code numbers for http constants * Upgrade signature of ngalert services * log parsing errors instead of throwing error * Fix tests and add logs * linting
2025-02-25 18:55:37 -06:00 · 2023-08-28 19:04:36 +02:00
parent b043d8d0e8
commit 9b9c9e83dc
43 changed files with 523 additions and 359 deletions
--- a/pkg/services/folder/folderimpl/folder.go
+++ b/pkg/services/folder/folderimpl/folder.go
@@ -12,6 +12,7 @@ import (
 	"github.com/grafana/grafana/pkg/infra/db"
 	"github.com/grafana/grafana/pkg/infra/log"
 	"github.com/grafana/grafana/pkg/services/accesscontrol"
+	"github.com/grafana/grafana/pkg/services/auth/identity"
 	"github.com/grafana/grafana/pkg/services/dashboards"
 	"github.com/grafana/grafana/pkg/services/featuremgmt"
 	"github.com/grafana/grafana/pkg/services/folder"
@@ -280,7 +281,12 @@ func (s *Service) Create(ctx context.Context, cmd *folder.CreateFolderCommand) (
 	dashFolder.SetUID(trimmedUID)

 	user := cmd.SignedInUser
-	userID := user.UserID
+	namespaceID, userIDstr := user.GetNamespacedID()
+	userID, err := identity.IntIdentifier(namespaceID, userIDstr)
+	if err != nil {
+		s.log.Warn("failed to parse user ID", "namespaceID", namespaceID, "userID", userIDstr, "error", err)
+	}
+
 	if userID == 0 {
 		userID = -1
 	}
@@ -763,12 +769,18 @@ func (s *Service) BuildSaveDashboardCommand(ctx context.Context, dto *dashboards
 		}
 	}

+	namespaceID, userIDstr := dto.User.GetNamespacedID()
+	userID, err := identity.IntIdentifier(namespaceID, userIDstr)
+	if err != nil {
+		s.log.Warn("failed to parse user ID", "namespaceID", namespaceID, "userID", userIDstr, "error", err)
+	}
+
 	cmd := &dashboards.SaveDashboardCommand{
 		Dashboard: dash.Data,
 		Message:   dto.Message,
 		OrgID:     dto.OrgID,
 		Overwrite: dto.Overwrite,
-		UserID:    dto.User.UserID,
+		UserID:    userID,
 		FolderID:  dash.FolderID,
 		IsFolder:  dash.IsFolder,
 		PluginID:  dash.PluginID,
@@ -783,7 +795,7 @@ func (s *Service) BuildSaveDashboardCommand(ctx context.Context, dto *dashboards

 // getGuardianForSavePermissionCheck returns the guardian to be used for checking permission of dashboard
 // It replaces deleted Dashboard.GetDashboardIdForSavePermissionCheck()
-func getGuardianForSavePermissionCheck(ctx context.Context, d *dashboards.Dashboard, user *user.SignedInUser) (guardian.DashboardGuardian, error) {
+func getGuardianForSavePermissionCheck(ctx context.Context, d *dashboards.Dashboard, user identity.Requester) (guardian.DashboardGuardian, error) {
 	newDashboard := d.ID == 0

 	if newDashboard {