diff --git a/pkg/api/dashboard_permission.go b/pkg/api/dashboard_permission.go index 16da432b2b0..f681873ba98 100644 --- a/pkg/api/dashboard_permission.go +++ b/pkg/api/dashboard_permission.go @@ -212,10 +212,10 @@ func (hs *HTTPServer) getDashboardACL(ctx context.Context, user identity.Request FolderID: dashboard.FolderID, // nolint:staticcheck Created: p.Created, Updated: p.Updated, - UserID: p.UserId, + UserID: p.UserID, UserLogin: p.UserLogin, UserEmail: p.UserEmail, - TeamID: p.TeamId, + TeamID: p.TeamID, TeamEmail: p.TeamEmail, Team: p.Team, Role: role, diff --git a/pkg/api/dashboard_permission_test.go b/pkg/api/dashboard_permission_test.go index 3a89486f8ca..ced84bf8ff5 100644 --- a/pkg/api/dashboard_permission_test.go +++ b/pkg/api/dashboard_permission_test.go @@ -58,8 +58,8 @@ func TestHTTPServer_GetDashboardPermissionList(t *testing.T) { hs.DashboardService = svc hs.dashboardPermissionsService = &actest.FakePermissionsService{ ExpectedPermissions: []accesscontrol.ResourcePermission{ - {UserId: 1, UserLogin: "regular", IsManaged: true}, - {UserId: 2, UserLogin: "hidden", IsManaged: true}, + {UserID: 1, UserLogin: "regular", IsManaged: true}, + {UserID: 2, UserLogin: "hidden", IsManaged: true}, }, } }) diff --git a/pkg/api/dtos/user.go b/pkg/api/dtos/user.go index 35cdb3c78b0..76de3ebcec5 100644 --- a/pkg/api/dtos/user.go +++ b/pkg/api/dtos/user.go @@ -43,6 +43,7 @@ type ResetUserPasswordForm struct { type UserLookupDTO struct { UserID int64 `json:"userId"` + UID string `json:"uid"` Login string `json:"login"` AvatarURL string `json:"avatarUrl"` } diff --git a/pkg/api/folder_permission.go b/pkg/api/folder_permission.go index 57e6aee6a60..dd3070c823b 100644 --- a/pkg/api/folder_permission.go +++ b/pkg/api/folder_permission.go @@ -153,10 +153,12 @@ func (hs *HTTPServer) getFolderACL(ctx context.Context, user identity.Requester, FolderUID: folder.ParentUID, Created: p.Created, Updated: p.Updated, - UserID: p.UserId, + UserID: p.UserID, + UserUID: p.UserUID, UserLogin: p.UserLogin, UserEmail: p.UserEmail, - TeamID: p.TeamId, + TeamID: p.TeamID, + TeamUID: p.TeamUID, TeamEmail: p.TeamEmail, Team: p.Team, Role: role, diff --git a/pkg/api/folder_permission_test.go b/pkg/api/folder_permission_test.go index 6176bff5870..d10185a7360 100644 --- a/pkg/api/folder_permission_test.go +++ b/pkg/api/folder_permission_test.go @@ -54,8 +54,8 @@ func TestHTTPServer_GetFolderPermissionList(t *testing.T) { hs.folderPermissionsService = &actest.FakePermissionsService{ ExpectedPermissions: []accesscontrol.ResourcePermission{ - {UserId: 1, UserLogin: "regular", IsManaged: true}, - {UserId: 2, UserLogin: "hidden", IsManaged: true}, + {UserID: 1, UserLogin: "regular", IsManaged: true}, + {UserID: 2, UserLogin: "hidden", IsManaged: true}, }, } }) diff --git a/pkg/api/org_users.go b/pkg/api/org_users.go index 401148307c8..c0671fe3776 100644 --- a/pkg/api/org_users.go +++ b/pkg/api/org_users.go @@ -161,6 +161,7 @@ func (hs *HTTPServer) GetOrgUsersForCurrentOrgLookup(c *contextmodel.ReqContext) for _, u := range orgUsersResult.OrgUsers { result = append(result, &dtos.UserLookupDTO{ + UID: u.UID, UserID: u.UserID, Login: u.Login, AvatarURL: u.AvatarURL, diff --git a/pkg/services/accesscontrol/models.go b/pkg/services/accesscontrol/models.go index fbd04342f6a..2363cb7cd37 100644 --- a/pkg/services/accesscontrol/models.go +++ b/pkg/services/accesscontrol/models.go @@ -234,10 +234,12 @@ type ResourcePermission struct { RoleName string Actions []string Scope string - UserId int64 + UserID int64 + UserUID string UserLogin string UserEmail string - TeamId int64 + TeamID int64 + TeamUID string TeamEmail string Team string BuiltInRole string diff --git a/pkg/services/accesscontrol/ossaccesscontrol/receivers.go b/pkg/services/accesscontrol/ossaccesscontrol/receivers.go index 2f6ec0930a8..cc7e52f86ae 100644 --- a/pkg/services/accesscontrol/ossaccesscontrol/receivers.go +++ b/pkg/services/accesscontrol/ossaccesscontrol/receivers.go @@ -171,8 +171,8 @@ func (r ReceiverPermissionsService) toSetResourcePermissionCommands(permissions cmds = append(cmds, accesscontrol.SetResourcePermissionCommand{ Permission: permission, BuiltinRole: p.BuiltInRole, - TeamID: p.TeamId, - UserID: p.UserId, + TeamID: p.TeamID, + UserID: p.UserID, }) } return cmds diff --git a/pkg/services/accesscontrol/resourcepermissions/api.go b/pkg/services/accesscontrol/resourcepermissions/api.go index ca1346dd305..403699ebe59 100644 --- a/pkg/services/accesscontrol/resourcepermissions/api.go +++ b/pkg/services/accesscontrol/resourcepermissions/api.go @@ -134,10 +134,12 @@ type resourcePermissionDTO struct { IsInherited bool `json:"isInherited"` IsServiceAccount bool `json:"isServiceAccount"` UserID int64 `json:"userId,omitempty"` + UserUID string `json:"userUid,omitempty"` UserLogin string `json:"userLogin,omitempty"` UserAvatarUrl string `json:"userAvatarUrl,omitempty"` Team string `json:"team,omitempty"` TeamID int64 `json:"teamId,omitempty"` + TeamUID string `json:"teamUid,omitempty"` TeamAvatarUrl string `json:"teamAvatarUrl,omitempty"` BuiltInRole string `json:"builtInRole,omitempty"` Actions []string `json:"actions"` @@ -191,18 +193,20 @@ func (a *api) getPermissions(c *contextmodel.ReqContext) response.Response { for _, p := range permissions { if permission := a.service.MapActions(p); permission != "" { teamAvatarUrl := "" - if p.TeamId != 0 { + if p.TeamID != 0 { teamAvatarUrl = dtos.GetGravatarUrlWithDefault(a.cfg, p.TeamEmail, p.Team) } dto = append(dto, resourcePermissionDTO{ ID: p.ID, RoleName: p.RoleName, - UserID: p.UserId, + UserID: p.UserID, + UserUID: p.UserUID, UserLogin: p.UserLogin, UserAvatarUrl: dtos.GetGravatarUrl(a.cfg, p.UserEmail), Team: p.Team, - TeamID: p.TeamId, + TeamID: p.TeamID, + TeamUID: p.TeamUID, TeamAvatarUrl: teamAvatarUrl, BuiltInRole: p.BuiltInRole, Actions: p.Actions, diff --git a/pkg/services/accesscontrol/resourcepermissions/store.go b/pkg/services/accesscontrol/resourcepermissions/store.go index 5e42f7b2784..c146cc0b241 100644 --- a/pkg/services/accesscontrol/resourcepermissions/store.go +++ b/pkg/services/accesscontrol/resourcepermissions/store.go @@ -35,9 +35,11 @@ type flatResourcePermission struct { Action string Scope string UserId int64 + UserUid string UserLogin string UserEmail string TeamId int64 + TeamUid string TeamEmail string Team string BuiltInRole string @@ -331,10 +333,12 @@ func (s *store) getResourcePermissions(sess *db.Session, orgID int64, query GetR userSelect := rawSelect + ` ur.user_id AS user_id, u.login AS user_login, + u.uid AS user_uid, u.is_service_account AS is_service_account, u.email AS user_email, 0 AS team_id, '' AS team, + '' AS team_uid, '' AS team_email, '' AS built_in_role ` @@ -342,10 +346,12 @@ func (s *store) getResourcePermissions(sess *db.Session, orgID int64, query GetR teamSelect := rawSelect + ` 0 AS user_id, '' AS user_login, + '' AS user_uid, ` + s.sql.GetDialect().BooleanStr(false) + ` AS is_service_account, '' AS user_email, tr.team_id AS team_id, t.name AS team, + t.uid AS team_uid, t.email AS team_email, '' AS built_in_role ` @@ -353,10 +359,12 @@ func (s *store) getResourcePermissions(sess *db.Session, orgID int64, query GetR builtinSelect := rawSelect + ` 0 AS user_id, '' AS user_login, + '' AS user_uid, ` + s.sql.GetDialect().BooleanStr(false) + ` AS is_service_account, '' AS user_email, 0 as team_id, '' AS team, + '' AS team_uid, '' AS team_email, br.role AS built_in_role ` @@ -522,10 +530,12 @@ func flatPermissionsToResourcePermission(scope string, permissions []flatResourc RoleName: first.RoleName, Actions: actions, Scope: first.Scope, - UserId: first.UserId, + UserID: first.UserId, + UserUID: first.UserUid, UserLogin: first.UserLogin, UserEmail: first.UserEmail, - TeamId: first.TeamId, + TeamID: first.TeamId, + TeamUID: first.TeamUid, TeamEmail: first.TeamEmail, Team: first.Team, BuiltInRole: first.BuiltInRole, diff --git a/pkg/services/accesscontrol/resourcepermissions/store_test.go b/pkg/services/accesscontrol/resourcepermissions/store_test.go index de5b5de7c82..a3c52bbc85b 100644 --- a/pkg/services/accesscontrol/resourcepermissions/store_test.go +++ b/pkg/services/accesscontrol/resourcepermissions/store_test.go @@ -351,8 +351,8 @@ func TestIntegrationStore_SetResourcePermissions(t *testing.T) { assert.Equal(t, accesscontrol.ResourcePermission{}, permissions[i]) } else { assert.Len(t, permissions[i].Actions, len(c.Actions)) - assert.Equal(t, c.TeamID, permissions[i].TeamId) - assert.Equal(t, c.User.ID, permissions[i].UserId) + assert.Equal(t, c.TeamID, permissions[i].TeamID) + assert.Equal(t, c.User.ID, permissions[i].UserID) assert.Equal(t, c.BuiltinRole, permissions[i].BuiltInRole) assert.Equal(t, accesscontrol.Scope(c.Resource, tt.resourceAttribute, c.ResourceID), permissions[i].Scope) } diff --git a/pkg/services/dashboards/models.go b/pkg/services/dashboards/models.go index 2458c64305c..55955c1af45 100644 --- a/pkg/services/dashboards/models.go +++ b/pkg/services/dashboards/models.go @@ -388,10 +388,12 @@ type DashboardACLInfoDTO struct { Updated time.Time `json:"updated"` UserID int64 `json:"userId" xorm:"user_id"` + UserUID string `json:"userUid"` UserLogin string `json:"userLogin"` UserEmail string `json:"userEmail"` UserAvatarURL string `json:"userAvatarUrl" xorm:"user_avatar_url"` TeamID int64 `json:"teamId" xorm:"team_id"` + TeamUID string `json:"teamUid"` TeamEmail string `json:"teamEmail"` TeamAvatarURL string `json:"teamAvatarUrl" xorm:"team_avatar_url"` Team string `json:"team"` diff --git a/pkg/services/org/model.go b/pkg/services/org/model.go index 34f2f910a3e..9e2691f0340 100644 --- a/pkg/services/org/model.go +++ b/pkg/services/org/model.go @@ -143,6 +143,7 @@ type UpdateOrgUserCommand struct { type OrgUserDTO struct { OrgID int64 `json:"orgId" xorm:"org_id"` UserID int64 `json:"userId" xorm:"user_id"` + UID string `json:"uid" xorm:"uid"` Email string `json:"email"` Name string `json:"name"` AvatarURL string `json:"avatarUrl" xorm:"avatar_url"` diff --git a/pkg/services/org/orgimpl/store.go b/pkg/services/org/orgimpl/store.go index 2d987b1539e..0668934d1d0 100644 --- a/pkg/services/org/orgimpl/store.go +++ b/pkg/services/org/orgimpl/store.go @@ -602,6 +602,7 @@ func (ss *sqlStore) SearchOrgUsers(ctx context.Context, query *org.SearchOrgUser "org_user.org_id", "org_user.user_id", "u.email", + "u.uid", "u.name", "u.login", "org_user.role", diff --git a/public/api-enterprise-spec.json b/public/api-enterprise-spec.json index 74f8a21f6e4..6a4a0c77f26 100644 --- a/public/api-enterprise-spec.json +++ b/public/api-enterprise-spec.json @@ -4080,6 +4080,9 @@ "type": "integer", "format": "int64" }, + "teamUid": { + "type": "string" + }, "title": { "type": "string" }, @@ -4105,6 +4108,9 @@ }, "userLogin": { "type": "string" + }, + "userUid": { + "type": "string" } } }, @@ -6036,6 +6042,9 @@ "role": { "type": "string" }, + "uid": { + "type": "string" + }, "userId": { "type": "integer", "format": "int64" @@ -8603,6 +8612,9 @@ "login": { "type": "string" }, + "uid": { + "type": "string" + }, "userId": { "type": "integer", "format": "int64" @@ -8975,6 +8987,9 @@ "type": "integer", "format": "int64" }, + "teamUid": { + "type": "string" + }, "userAvatarUrl": { "type": "string" }, @@ -8984,6 +8999,9 @@ }, "userLogin": { "type": "string" + }, + "userUid": { + "type": "string" } } }, diff --git a/public/api-merged.json b/public/api-merged.json index 5e952dd84b3..079f4a7987b 100644 --- a/public/api-merged.json +++ b/public/api-merged.json @@ -14519,6 +14519,9 @@ "type": "integer", "format": "int64" }, + "teamUid": { + "type": "string" + }, "title": { "type": "string" }, @@ -14544,6 +14547,9 @@ }, "userLogin": { "type": "string" + }, + "userUid": { + "type": "string" } } }, @@ -17815,6 +17821,9 @@ "role": { "type": "string" }, + "uid": { + "type": "string" + }, "userId": { "type": "integer", "format": "int64" @@ -22171,6 +22180,9 @@ "login": { "type": "string" }, + "uid": { + "type": "string" + }, "userId": { "type": "integer", "format": "int64" @@ -23173,6 +23185,9 @@ "type": "integer", "format": "int64" }, + "teamUid": { + "type": "string" + }, "userAvatarUrl": { "type": "string" }, @@ -23182,6 +23197,9 @@ }, "userLogin": { "type": "string" + }, + "userUid": { + "type": "string" } } }, diff --git a/public/app/core/components/AccessControl/AddPermission.tsx b/public/app/core/components/AccessControl/AddPermission.tsx index e4d633a75a8..d1b017a53f4 100644 --- a/public/app/core/components/AccessControl/AddPermission.tsx +++ b/public/app/core/components/AccessControl/AddPermission.tsx @@ -26,8 +26,8 @@ export const AddPermission = ({ onCancel, }: Props) => { const [target, setPermissionTarget] = useState(PermissionTarget.None); - const [teamId, setTeamId] = useState(0); - const [userId, setUserId] = useState(0); + const [teamUid, setTeamUid] = useState(''); + const [userUid, setUserUid] = useState(''); const [builtInRole, setBuiltinRole] = useState(''); const [permission, setPermission] = useState(''); @@ -61,9 +61,9 @@ export const AddPermission = ({ }, [permissions]); const isValid = () => - (target === PermissionTarget.Team && teamId > 0) || - (target === PermissionTarget.User && userId > 0) || - (target === PermissionTarget.ServiceAccount && userId > 0) || + (target === PermissionTarget.Team && teamUid) || + (target === PermissionTarget.User && userUid) || + (target === PermissionTarget.ServiceAccount && userUid) || (PermissionTarget.BuiltInRole && OrgRole.hasOwnProperty(builtInRole)); return ( @@ -75,7 +75,7 @@ export const AddPermission = ({ name="addPermission" onSubmit={(event) => { event.preventDefault(); - onAdd({ userId, teamId, builtInRole, permission, target }); + onAdd({ userUid, teamUid, builtInRole, permission, target }); }} > @@ -88,13 +88,13 @@ export const AddPermission = ({ width="auto" /> - {target === PermissionTarget.User && setUserId(u?.value || 0)} />} + {target === PermissionTarget.User && setUserUid(u?.value?.uid || '')} />} {target === PermissionTarget.ServiceAccount && ( - setUserId(u?.value || 0)} /> + setUserUid(u?.value?.uid || '')} /> )} - {target === PermissionTarget.Team && setTeamId(t.value?.id || 0)} />} + {target === PermissionTarget.Team && setTeamUid(t.value?.uid || '')} />} {target === PermissionTarget.BuiltInRole && (