Access Control: Remove unused option (#48317)

* Remove unused option
2025-02-25 18:55:37 -06:00 · 2022-04-29 11:05:51 +02:00 · 2022-04-29 11:05:51 +02:00 · c207ea30eb
commit c207ea30eb
parent 412dbc21e3
4 changed files with 5 additions and 84 deletions
--- a/pkg/services/accesscontrol/resourcepermissions/api.go
+++ b/pkg/services/accesscontrol/resourcepermissions/api.go
@ -56,18 +56,18 @@ func (a *api) getEvaluators(actionRead, actionWrite, scope string) (read, write
 func (a *api) registerEndpoints() {
 	auth := accesscontrol.Middleware(a.ac)
 	disable := disableMiddleware(a.ac.IsDisabled())
-	uidSolver := solveUID(a.service.options.UidSolver)
 	inheritanceSolver := solveInheritedScopes(a.service.options.InheritedScopesSolver)
+
 	a.router.Group(fmt.Sprintf("/api/access-control/%s", a.service.options.Resource), func(r routing.RouteRegister) {
 		actionRead := fmt.Sprintf("%s.permissions:read", a.service.options.Resource)
 		actionWrite := fmt.Sprintf("%s.permissions:write", a.service.options.Resource)
 		scope := accesscontrol.Scope(a.service.options.Resource, a.service.options.ResourceAttribute, accesscontrol.Parameter(":resourceID"))
 		readEvaluator, writeEvaluator := a.getEvaluators(actionRead, actionWrite, scope)
 		r.Get("/description", auth(disable, accesscontrol.EvalPermission(actionRead)), routing.Wrap(a.getDescription))
-		r.Get("/:resourceID", inheritanceSolver, uidSolver, auth(disable, readEvaluator), routing.Wrap(a.getPermissions))
-		r.Post("/:resourceID/users/:userID", inheritanceSolver, uidSolver, auth(disable, writeEvaluator), routing.Wrap(a.setUserPermission))
-		r.Post("/:resourceID/teams/:teamID", inheritanceSolver, uidSolver, auth(disable, writeEvaluator), routing.Wrap(a.setTeamPermission))
-		r.Post("/:resourceID/builtInRoles/:builtInRole", inheritanceSolver, uidSolver, auth(disable, writeEvaluator), routing.Wrap(a.setBuiltinRolePermission))
+		r.Get("/:resourceID", inheritanceSolver, auth(disable, readEvaluator), routing.Wrap(a.getPermissions))
+		r.Post("/:resourceID/users/:userID", inheritanceSolver, auth(disable, writeEvaluator), routing.Wrap(a.setUserPermission))
+		r.Post("/:resourceID/teams/:teamID", inheritanceSolver, auth(disable, writeEvaluator), routing.Wrap(a.setTeamPermission))
+		r.Post("/:resourceID/builtInRoles/:builtInRole", inheritanceSolver, auth(disable, writeEvaluator), routing.Wrap(a.setBuiltinRolePermission))
 	})
 }

--- a/pkg/services/accesscontrol/resourcepermissions/api_test.go
+++ b/pkg/services/accesscontrol/resourcepermissions/api_test.go
@ -417,59 +417,6 @@ func TestApi_setUserPermission(t *testing.T) {
 	}
 }

-type uidSolverTestCase struct {
-	desc           string
-	uid            string
-	resourceID     string
-	expectedStatus int
-}
-
-func TestApi_UidSolver(t *testing.T) {
-	tests := []uidSolverTestCase{
-		{
-			desc:           "expect uid to be mapped to id",
-			uid:            "resourceUID",
-			resourceID:     "1",
-			expectedStatus: http.StatusOK,
-		},
-		{
-			desc:           "expect 404 when uid is not mapped to an id",
-			uid:            "notfound",
-			resourceID:     "1",
-			expectedStatus: http.StatusNotFound,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.desc, func(t *testing.T) {
-			userPermissions := []*accesscontrol.Permission{
-				{Action: "dashboards.permissions:read", Scope: "dashboards:id:1"},
-				{Action: accesscontrol.ActionTeamsRead, Scope: accesscontrol.ScopeTeamsAll},
-				{Action: accesscontrol.ActionOrgUsersRead, Scope: accesscontrol.ScopeUsersAll},
-			}
-
-			service, sql := setupTestEnvironment(t, userPermissions, withSolver(testOptions, testSolver))
-			server := setupTestServer(t, &models.SignedInUser{OrgId: 1, Permissions: map[int64]map[string][]string{
-				1: accesscontrol.GroupScopesByAction(userPermissions),
-			}}, service)
-
-			seedPermissions(t, tt.resourceID, sql, service)
-
-			permissions, recorder := getPermission(t, server, testOptions.Resource, tt.uid)
-			assert.Equal(t, tt.expectedStatus, recorder.Code)
-
-			if tt.expectedStatus == http.StatusOK {
-				checkSeededPermissions(t, permissions)
-			}
-		})
-	}
-}
-
-func withSolver(options Options, solver UidSolver) Options {
-	options.UidSolver = solver
-	return options
-}
-
 type inheritSolverTestCase struct {
 	desc           string
 	resourceID     string
@ -581,13 +528,6 @@ var testInheritedScopeSolver = func(ctx context.Context, orgID int64, id string)
 	return nil, errors.New("not found")
 }

-var testSolver = func(ctx context.Context, orgID int64, uid string) (int64, error) {
-	if uid == "resourceUID" {
-		return 1, nil
-	}
-	return 0, errors.New("not found")
-}
-
 func getPermission(t *testing.T, server *web.Mux, resource, resourceID string) ([]resourcePermissionDTO, *httptest.ResponseRecorder) {
 	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/api/access-control/%s/%s", resource, resourceID), nil)
 	require.NoError(t, err)
--- a/pkg/services/accesscontrol/resourcepermissions/middleware.go
+++ b/pkg/services/accesscontrol/resourcepermissions/middleware.go
@ -2,7 +2,6 @@ package resourcepermissions

 import (
 	"net/http"
-	"strconv"

 	"github.com/grafana/grafana/pkg/models"
 	ac "github.com/grafana/grafana/pkg/services/accesscontrol"
@ -10,21 +9,6 @@ import (
 	"github.com/grafana/grafana/pkg/web"
 )

-func solveUID(solve UidSolver) web.Handler {
-	return func(c *models.ReqContext) {
-		if solve != nil && util.IsValidShortUID(web.Params(c.Req)[":resourceID"]) {
-			params := web.Params(c.Req)
-			id, err := solve(c.Req.Context(), c.OrgId, params[":resourceID"])
-			if err != nil {
-				c.JsonApiErr(http.StatusNotFound, "Resource not found", err)
-				return
-			}
-			params[":resourceID"] = strconv.FormatInt(id, 10)
-			web.SetURLParams(c.Req, params)
-		}
-	}
-}
-
 // solveInheritedScopes will add the inherited scopes to the context param by prefix
 // Ex: params["folders:uid:"] = "folders:uid:BCeknZL7k"
 func solveInheritedScopes(solve InheritedScopesSolver) web.Handler {
--- a/pkg/services/accesscontrol/resourcepermissions/options.go
+++ b/pkg/services/accesscontrol/resourcepermissions/options.go
@ -7,7 +7,6 @@ import (
 	"github.com/grafana/grafana/pkg/services/sqlstore"
 )

-type UidSolver func(ctx context.Context, orgID int64, uid string) (int64, error)
 type ResourceValidator func(ctx context.Context, orgID int64, resourceID string) error
 type InheritedScopesSolver func(ctx context.Context, orgID int64, resourceID string) ([]string, error)

@ -38,8 +37,6 @@ type Options struct {
 	OnSetTeam func(session *sqlstore.DBSession, orgID, teamID int64, resourceID, permission string) error
 	// OnSetBuiltInRole if configured will be called each time a permission is set for a built-in role
 	OnSetBuiltInRole func(session *sqlstore.DBSession, orgID int64, builtInRole, resourceID, permission string) error
-	// UidSolver if configured will be used in a middleware to translate an uid to id for each request
-	UidSolver UidSolver
 	// InheritedScopesSolver if configured can generate additional scopes that will be used when fetching permissions for a resource
 	InheritedScopesSolver InheritedScopesSolver
 	// InheritedScopePrefixes if configured are used to create evaluators with the scopes returned by InheritedScopesSolver