From c4874f97f875cffc6ef082c86f3978612438dd19 Mon Sep 17 00:00:00 2001
From: Jo <joao.guerreiro@grafana.com>
Date: Fri, 6 Oct 2023 11:59:48 +0200
Subject: [PATCH] Identity: Port snapshots and annotations to Requester
 (#76103)

* Port snapshots to Requester

* Port annotations to Requester
---
 .../annotations/annotationsimpl/xorm_store.go |  9 +++++----
 pkg/services/annotations/models.go            |  4 ++--
 .../dashboardsnapshots/database/database.go   | 20 +++++++++++++++----
 .../database/database_test.go                 |  6 +++---
 pkg/services/dashboardsnapshots/models.go     |  4 ++--
 5 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/pkg/services/annotations/annotationsimpl/xorm_store.go b/pkg/services/annotations/annotationsimpl/xorm_store.go
index d80e9bbbc9e..76bb9281386 100644
--- a/pkg/services/annotations/annotationsimpl/xorm_store.go
+++ b/pkg/services/annotations/annotationsimpl/xorm_store.go
@@ -12,13 +12,13 @@ import (
 	"github.com/grafana/grafana/pkg/infra/log"
 	ac "github.com/grafana/grafana/pkg/services/accesscontrol"
 	"github.com/grafana/grafana/pkg/services/annotations"
+	"github.com/grafana/grafana/pkg/services/auth/identity"
 	"github.com/grafana/grafana/pkg/services/dashboards"
 	"github.com/grafana/grafana/pkg/services/featuremgmt"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
 	"github.com/grafana/grafana/pkg/services/sqlstore/permissions"
 	"github.com/grafana/grafana/pkg/services/sqlstore/searchstore"
 	"github.com/grafana/grafana/pkg/services/tag"
-	"github.com/grafana/grafana/pkg/services/user"
 	"github.com/grafana/grafana/pkg/setting"
 )
 
@@ -378,14 +378,15 @@ type acFilter struct {
 	recParams   []interface{}
 }
 
-func (r *xormRepositoryImpl) getAccessControlFilter(user *user.SignedInUser) (acFilter, error) {
+func (r *xormRepositoryImpl) getAccessControlFilter(user identity.Requester) (acFilter, error) {
 	var recQueries string
 	var recQueriesParams []interface{}
 
-	if user == nil || user.Permissions[user.OrgID] == nil {
+	if user == nil || user.IsNil() {
 		return acFilter{}, errors.New("missing permissions")
 	}
-	scopes, has := user.Permissions[user.OrgID][ac.ActionAnnotationsRead]
+
+	scopes, has := user.GetPermissions()[ac.ActionAnnotationsRead]
 	if !has {
 		return acFilter{}, errors.New("missing permissions")
 	}
diff --git a/pkg/services/annotations/models.go b/pkg/services/annotations/models.go
index e0b57043045..e1cef2fbe6e 100644
--- a/pkg/services/annotations/models.go
+++ b/pkg/services/annotations/models.go
@@ -2,7 +2,7 @@ package annotations
 
 import (
 	"github.com/grafana/grafana/pkg/components/simplejson"
-	"github.com/grafana/grafana/pkg/services/user"
+	"github.com/grafana/grafana/pkg/services/auth/identity"
 )
 
 type ItemQuery struct {
@@ -18,7 +18,7 @@ type ItemQuery struct {
 	Tags         []string `json:"tags"`
 	Type         string   `json:"type"`
 	MatchAny     bool     `json:"matchAny"`
-	SignedInUser *user.SignedInUser
+	SignedInUser identity.Requester
 
 	Limit int64 `json:"limit"`
 }
diff --git a/pkg/services/dashboardsnapshots/database/database.go b/pkg/services/dashboardsnapshots/database/database.go
index dab53376535..4d1bb798df9 100644
--- a/pkg/services/dashboardsnapshots/database/database.go
+++ b/pkg/services/dashboardsnapshots/database/database.go
@@ -7,6 +7,7 @@ import (
 	"github.com/grafana/grafana/pkg/components/simplejson"
 	"github.com/grafana/grafana/pkg/infra/db"
 	"github.com/grafana/grafana/pkg/infra/log"
+	"github.com/grafana/grafana/pkg/services/auth/identity"
 	"github.com/grafana/grafana/pkg/services/dashboardsnapshots"
 	"github.com/grafana/grafana/pkg/services/org"
 	"github.com/grafana/grafana/pkg/setting"
@@ -124,12 +125,23 @@ func (d *DashboardSnapshotStore) SearchDashboardSnapshots(ctx context.Context, q
 			sess.Where("name LIKE ?", query.Name)
 		}
 
+		namespace, id := query.SignedInUser.GetNamespacedID()
+		var userID int64
+		switch namespace {
+		case identity.NamespaceServiceAccount, identity.NamespaceUser:
+			var err error
+			userID, err = identity.IntIdentifier(namespace, id)
+			if err != nil {
+				return err
+			}
+		}
+
 		// admins can see all snapshots, everyone else can only see their own snapshots
 		switch {
-		case query.SignedInUser.OrgRole == org.RoleAdmin:
-			sess.Where("org_id = ?", query.OrgID)
-		case !query.SignedInUser.IsAnonymous:
-			sess.Where("org_id = ? AND user_id = ?", query.OrgID, query.SignedInUser.UserID)
+		case query.SignedInUser.GetOrgRole() == org.RoleAdmin:
+			sess.Where("org_id = ?", query.SignedInUser.GetOrgID())
+		case namespace != identity.NamespaceAnonymous:
+			sess.Where("org_id = ? AND user_id = ?", query.OrgID, userID)
 		default:
 			queryResult = snapshots
 			return nil
diff --git a/pkg/services/dashboardsnapshots/database/database_test.go b/pkg/services/dashboardsnapshots/database/database_test.go
index a3f945cfd26..7646a02e4ef 100644
--- a/pkg/services/dashboardsnapshots/database/database_test.go
+++ b/pkg/services/dashboardsnapshots/database/database_test.go
@@ -72,7 +72,7 @@ func TestIntegrationDashboardSnapshotDBAccess(t *testing.T) {
 		t.Run("And the user has the admin role", func(t *testing.T) {
 			query := dashboardsnapshots.GetDashboardSnapshotsQuery{
 				OrgID:        1,
-				SignedInUser: &user.SignedInUser{OrgRole: org.RoleAdmin},
+				SignedInUser: &user.SignedInUser{OrgRole: org.RoleAdmin, UserID: 1000, OrgID: 1},
 			}
 			queryResult, err := dashStore.SearchDashboardSnapshots(context.Background(), &query)
 			require.NoError(t, err)
@@ -168,7 +168,7 @@ func TestIntegrationDeleteExpiredSnapshots(t *testing.T) {
 
 		query := dashboardsnapshots.GetDashboardSnapshotsQuery{
 			OrgID:        1,
-			SignedInUser: &user.SignedInUser{OrgRole: org.RoleAdmin},
+			SignedInUser: &user.SignedInUser{OrgRole: org.RoleAdmin, UserID: 1000, OrgID: 1},
 		}
 		queryResult, err := dashStore.SearchDashboardSnapshots(context.Background(), &query)
 		require.NoError(t, err)
@@ -181,7 +181,7 @@ func TestIntegrationDeleteExpiredSnapshots(t *testing.T) {
 
 		query = dashboardsnapshots.GetDashboardSnapshotsQuery{
 			OrgID:        1,
-			SignedInUser: &user.SignedInUser{OrgRole: org.RoleAdmin},
+			SignedInUser: &user.SignedInUser{OrgRole: org.RoleAdmin, UserID: 1000, OrgID: 1},
 		}
 		queryResult, err = dashStore.SearchDashboardSnapshots(context.Background(), &query)
 		require.NoError(t, err)
diff --git a/pkg/services/dashboardsnapshots/models.go b/pkg/services/dashboardsnapshots/models.go
index e145113b73c..00e5b4582e3 100644
--- a/pkg/services/dashboardsnapshots/models.go
+++ b/pkg/services/dashboardsnapshots/models.go
@@ -4,7 +4,7 @@ import (
 	"time"
 
 	"github.com/grafana/grafana/pkg/components/simplejson"
-	"github.com/grafana/grafana/pkg/services/user"
+	"github.com/grafana/grafana/pkg/services/auth/identity"
 )
 
 // DashboardSnapshot model
@@ -98,5 +98,5 @@ type GetDashboardSnapshotsQuery struct {
 	Name         string
 	Limit        int
 	OrgID        int64
-	SignedInUser *user.SignedInUser
+	SignedInUser identity.Requester
 }