IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Access control: further reduce access control feature toggle checks (#48171)

Browse Source 
* reduce the usage of access control flag further by removing it from SQL store methods

* fixing tests

* fix another test

* linting

* remove AC feature toggle use from API keys

* remove unneeded function
This commit is contained in:
Ieva
2022-05-05 16:31:14 +01:00
committed by GitHub
parent fca52a1c83
commit a5672758d8
16 changed files with 61 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/services/sqlstore/team.go
View File

@@ -9,7 +9,6 @@ import (
"github.com/grafana/grafana/pkg/models"
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/featuremgmt"
)
type TeamStore interface {
@@ -214,7 +213,7 @@ func (ss *SQLStore) SearchTeams(ctx context.Context, query *models.SearchTeamsQu
acFilter ac.SQLFilter
err error
)
if ss.Cfg.IsFeatureToggleEnabled(featuremgmt.FlagAccesscontrol) {
if !ac.IsDisabled(ss.Cfg) {
acFilter, err = ac.Filter(query.SignedInUser, "team.id", "teams:id:", ac.ActionTeamsRead)
if err != nil {
return err
@@ -259,7 +258,7 @@ func (ss *SQLStore) SearchTeams(ctx context.Context, query *models.SearchTeamsQu
}
// Only count teams user can see
if ss.Cfg.IsFeatureToggleEnabled(featuremgmt.FlagAccesscontrol) {
if !ac.IsDisabled(ss.Cfg) {
countSess.Where(acFilter.Where, acFilter.Args...)
}
@@ -516,7 +515,7 @@ func (ss *SQLStore) GetTeamMembers(ctx context.Context, query *models.GetTeamMem
// With accesscontrol we filter out users based on the SignedInUser's permissions
// Note we assume that checking SignedInUser is allowed to see team members for this team has already been performed
// If the signed in user is not set no member will be returned
if ss.Cfg.IsFeatureToggleEnabled(featuremgmt.FlagAccesscontrol) {
if !ac.IsDisabled(ss.Cfg) {
sqlID := fmt.Sprintf("%s.%s", ss.engine.Dialect().Quote("user"), ss.engine.Dialect().Quote("id"))
*acFilter, err = ac.Filter(query.SignedInUser, sqlID, "users:id:", ac.ActionOrgUsersRead)
if err != nil {