simplify bulkAssignRoles (#46891)

2025-02-25 18:55:37 -06:00 · 2022-03-24 18:06:44 +01:00 · 2022-03-24 18:06:44 +01:00 · 9dc06cd21f
commit 9dc06cd21f
parent 39f14a2ec2
3 changed files with 40 additions and 71 deletions
--- a/pkg/services/sqlstore/migrations/accesscontrol/dashboard_permissions.go
+++ b/pkg/services/sqlstore/migrations/accesscontrol/dashboard_permissions.go
@ -129,7 +129,6 @@ func (m dashboardPermissionsMigrator) migratePermissions(dashboards []dashboard,

 	var allRoles []*ac.Role
 	rolesToCreate := []*ac.Role{}
-	assignments := map[int64]map[string]struct{}{}
 	for orgID, roles := range permissionMap {
 		for name := range roles {
 			role, err := m.findRole(orgID, name)
@ -138,10 +137,6 @@ func (m dashboardPermissionsMigrator) migratePermissions(dashboards []dashboard,
 			}
 			if role.ID == 0 {
 				rolesToCreate = append(rolesToCreate, &ac.Role{OrgID: orgID, Name: name})
-				if _, ok := assignments[orgID]; !ok {
-					assignments[orgID] = map[string]struct{}{}
-				}
-				assignments[orgID][name] = struct{}{}
 			} else {
 				allRoles = append(allRoles, &role)
 			}
@ -153,16 +148,11 @@ func (m dashboardPermissionsMigrator) migratePermissions(dashboards []dashboard,
 		return err
 	}

-	rolesToAssign := map[int64]map[string]*ac.Role{}
 	for i := range createdRoles {
-		if _, ok := rolesToAssign[createdRoles[i].OrgID]; !ok {
-			rolesToAssign[createdRoles[i].OrgID] = map[string]*ac.Role{}
-		}
-		rolesToAssign[createdRoles[i].OrgID][createdRoles[i].Name] = createdRoles[i]
 		allRoles = append(allRoles, createdRoles[i])
 	}

-	if err := m.bulkAssignRoles(rolesToAssign, assignments); err != nil {
+	if err := m.bulkAssignRoles(createdRoles); err != nil {
 		return err
 	}

--- a/pkg/services/sqlstore/migrations/accesscontrol/permission_migrator.go
+++ b/pkg/services/sqlstore/migrations/accesscontrol/permission_migrator.go
@ -60,8 +60,8 @@ func (m *permissionMigrator) bulkCreateRoles(allRoles []*accesscontrol.Role) ([]
 	return allCreatedRoles, err
 }

-func (m *permissionMigrator) bulkAssignRoles(rolesMap map[int64]map[string]*accesscontrol.Role, assignments map[int64]map[string]struct{}) error {
-	if len(assignments) == 0 {
+func (m *permissionMigrator) bulkAssignRoles(allRoles []*accesscontrol.Role) error {
+	if len(allRoles) == 0 {
 		return nil
 	}

@ -70,45 +70,38 @@ func (m *permissionMigrator) bulkAssignRoles(rolesMap map[int64]map[string]*acce
 	teamRoleAssignments := make([]accesscontrol.TeamRole, 0)
 	builtInRoleAssignments := make([]accesscontrol.BuiltinRole, 0)

-	for orgID, roleNames := range assignments {
-		for name := range roleNames {
-			role, ok := rolesMap[orgID][name]
-			if !ok {
-				return &ErrUnknownRole{name}
+	for _, role := range allRoles {
+		if strings.HasPrefix(role.Name, "managed:users") {
+			userID, err := strconv.ParseInt(strings.Split(role.Name, ":")[2], 10, 64)
+			if err != nil {
+				return err
 			}
-
-			if strings.HasPrefix(name, "managed:users") {
-				userID, err := strconv.ParseInt(strings.Split(name, ":")[2], 10, 64)
-				if err != nil {
-					return err
-				}
-				userRoleAssignments = append(userRoleAssignments, accesscontrol.UserRole{
-					OrgID:   role.OrgID,
-					RoleID:  role.ID,
-					UserID:  userID,
-					Created: ts,
-				})
-			} else if strings.HasPrefix(name, "managed:teams") {
-				teamID, err := strconv.ParseInt(strings.Split(name, ":")[2], 10, 64)
-				if err != nil {
-					return err
-				}
-				teamRoleAssignments = append(teamRoleAssignments, accesscontrol.TeamRole{
-					OrgID:   role.OrgID,
-					RoleID:  role.ID,
-					TeamID:  teamID,
-					Created: ts,
-				})
-			} else if strings.HasPrefix(name, "managed:builtins") {
-				builtIn := strings.Title(strings.Split(name, ":")[2])
-				builtInRoleAssignments = append(builtInRoleAssignments, accesscontrol.BuiltinRole{
-					OrgID:   role.OrgID,
-					RoleID:  role.ID,
-					Role:    builtIn,
-					Created: ts,
-					Updated: ts,
-				})
+			userRoleAssignments = append(userRoleAssignments, accesscontrol.UserRole{
+				OrgID:   role.OrgID,
+				RoleID:  role.ID,
+				UserID:  userID,
+				Created: ts,
+			})
+		} else if strings.HasPrefix(role.Name, "managed:teams") {
+			teamID, err := strconv.ParseInt(strings.Split(role.Name, ":")[2], 10, 64)
+			if err != nil {
+				return err
 			}
+			teamRoleAssignments = append(teamRoleAssignments, accesscontrol.TeamRole{
+				OrgID:   role.OrgID,
+				RoleID:  role.ID,
+				TeamID:  teamID,
+				Created: ts,
+			})
+		} else if strings.HasPrefix(role.Name, "managed:builtins") {
+			builtIn := strings.Title(strings.Split(role.Name, ":")[2])
+			builtInRoleAssignments = append(builtInRoleAssignments, accesscontrol.BuiltinRole{
+				OrgID:   role.OrgID,
+				RoleID:  role.ID,
+				Role:    builtIn,
+				Created: ts,
+				Updated: ts,
+			})
 		}
 	}

--- a/pkg/services/sqlstore/migrations/accesscontrol/team_membership.go
+++ b/pkg/services/sqlstore/migrations/accesscontrol/team_membership.go
@ -130,9 +130,9 @@ func (p *teamPermissionMigrator) migrateMemberships() error {
 	}

 	// Sort roles that:
-	// * need to be created and assigned (rolesToCreate, assignments)
+	// * need to be created and assigned (rolesToCreate)
 	// * are already created and assigned (rolesByOrg)
-	rolesToCreate, assignments, rolesByOrg, errOrganizeRoles := p.sortRolesToAssign(userPermissionsByOrg)
+	rolesToCreate, rolesByOrg, errOrganizeRoles := p.sortRolesToAssign(userPermissionsByOrg)
 	if errOrganizeRoles != nil {
 		return errOrganizeRoles
 	}
@ -149,7 +149,7 @@ func (p *teamPermissionMigrator) migrateMemberships() error {
 	}

 	// Assign newly created roles
-	if errAssign := p.bulkAssignRoles(rolesByOrg, assignments); errAssign != nil {
+	if errAssign := p.bulkAssignRoles(createdRoles); errAssign != nil {
 		return errAssign
 	}

@ -173,18 +173,16 @@ func (p *teamPermissionMigrator) setRolePermissionsForOrgs(userPermissionsByOrg
 	return nil
 }

-func (p *teamPermissionMigrator) sortRolesToAssign(userPermissionsByOrg map[int64]map[int64][]accesscontrol.Permission) ([]*accesscontrol.Role, map[int64]map[string]struct{}, map[int64]map[string]*accesscontrol.Role, error) {
+func (p *teamPermissionMigrator) sortRolesToAssign(userPermissionsByOrg map[int64]map[int64][]accesscontrol.Permission) ([]*accesscontrol.Role, map[int64]map[string]*accesscontrol.Role, error) {
 	var rolesToCreate []*accesscontrol.Role

-	assignments := map[int64]map[string]struct{}{}
-
 	rolesByOrg := map[int64]map[string]*accesscontrol.Role{}
 	for orgID, userPermissions := range userPermissionsByOrg {
 		for userID := range userPermissions {
 			roleName := fmt.Sprintf("managed:users:%d:permissions", userID)
 			role, errFindingRoles := p.findRole(orgID, roleName)
 			if errFindingRoles != nil {
-				return nil, nil, nil, errFindingRoles
+				return nil, nil, errFindingRoles
 			}

 			if rolesByOrg[orgID] == nil {
@ -194,24 +192,12 @@ func (p *teamPermissionMigrator) sortRolesToAssign(userPermissionsByOrg map[int6
 			if role.ID != 0 {
 				rolesByOrg[orgID][roleName] = &role
 			} else {
-				roleToCreate := &accesscontrol.Role{
-					Name:  roleName,
-					OrgID: orgID,
-				}
-				rolesToCreate = append(rolesToCreate, roleToCreate)
-
-				userAssignments, initialized := assignments[orgID]
-				if !initialized {
-					userAssignments = map[string]struct{}{}
-				}
-
-				userAssignments[roleName] = struct{}{}
-				assignments[orgID] = userAssignments
+				rolesToCreate = append(rolesToCreate, &accesscontrol.Role{Name: roleName, OrgID: orgID})
 			}
 		}
 	}

-	return rolesToCreate, assignments, rolesByOrg, nil
+	return rolesToCreate, rolesByOrg, nil
 }

 func (p *teamPermissionMigrator) generateAssociatedPermissions(teamMemberships []*models.TeamMember,