From dcf06658eb879e8f632fa34a103047e83a97b7f5 Mon Sep 17 00:00:00 2001 From: Jo Date: Thu, 31 Aug 2023 09:46:55 +0200 Subject: [PATCH] Chore: Implement requester in util pkg (#74105) implement requester changes that do not impact functionality --- pkg/services/team/model.go | 3 +-- pkg/services/team/teamimpl/store_test.go | 7 ++++--- pkg/util/proxyutil/proxyutil.go | 15 +++++++++++---- 3 files changed, 16 insertions(+), 9 deletions(-) diff --git a/pkg/services/team/model.go b/pkg/services/team/model.go index c4e16e9d647..704d4febbb2 100644 --- a/pkg/services/team/model.go +++ b/pkg/services/team/model.go @@ -9,7 +9,6 @@ import ( "github.com/grafana/grafana/pkg/kinds/team" "github.com/grafana/grafana/pkg/services/auth/identity" "github.com/grafana/grafana/pkg/services/dashboards" - "github.com/grafana/grafana/pkg/services/user" ) // Typed errors @@ -160,7 +159,7 @@ type GetTeamMembersQuery struct { TeamUID string UserID int64 External bool - SignedInUser *user.SignedInUser + SignedInUser identity.Requester } // ---------------------- diff --git a/pkg/services/team/teamimpl/store_test.go b/pkg/services/team/teamimpl/store_test.go index 3b1215cb618..e8787a9c105 100644 --- a/pkg/services/team/teamimpl/store_test.go +++ b/pkg/services/team/teamimpl/store_test.go @@ -12,6 +12,7 @@ import ( "github.com/grafana/grafana/pkg/infra/db" ac "github.com/grafana/grafana/pkg/services/accesscontrol" + "github.com/grafana/grafana/pkg/services/auth/identity" "github.com/grafana/grafana/pkg/services/dashboards" "github.com/grafana/grafana/pkg/services/org/orgimpl" "github.com/grafana/grafana/pkg/services/quota/quotaimpl" @@ -573,7 +574,7 @@ func TestIntegrationSQLStore_GetTeamMembers_ACFilter(t *testing.T) { if !hasWildcardScope(tt.query.SignedInUser, ac.ActionOrgUsersRead) { for _, member := range queryResult { assert.Contains(t, - tt.query.SignedInUser.Permissions[tt.query.SignedInUser.OrgID][ac.ActionOrgUsersRead], + tt.query.SignedInUser.GetPermissions()[ac.ActionOrgUsersRead], ac.Scope("users", "id", fmt.Sprintf("%d", member.UserID)), ) } @@ -582,8 +583,8 @@ func TestIntegrationSQLStore_GetTeamMembers_ACFilter(t *testing.T) { } } -func hasWildcardScope(user *user.SignedInUser, action string) bool { - for _, scope := range user.Permissions[user.OrgID][action] { +func hasWildcardScope(user identity.Requester, action string) bool { + for _, scope := range user.GetPermissions()[action] { if strings.HasSuffix(scope, ":*") { return true } diff --git a/pkg/util/proxyutil/proxyutil.go b/pkg/util/proxyutil/proxyutil.go index 01875643ceb..52ac7ef4b9f 100644 --- a/pkg/util/proxyutil/proxyutil.go +++ b/pkg/util/proxyutil/proxyutil.go @@ -7,7 +7,7 @@ import ( "sort" "strings" - "github.com/grafana/grafana/pkg/services/user" + "github.com/grafana/grafana/pkg/services/auth/identity" ) // UserHeaderName name of the header used when forwarding the Grafana user login. @@ -103,9 +103,16 @@ func SetViaHeader(header http.Header, major, minor int) { } // ApplyUserHeader Set the X-Grafana-User header if needed (and remove if not). -func ApplyUserHeader(sendUserHeader bool, req *http.Request, user *user.SignedInUser) { +func ApplyUserHeader(sendUserHeader bool, req *http.Request, user identity.Requester) { req.Header.Del(UserHeaderName) - if sendUserHeader && user != nil && !user.IsAnonymous { - req.Header.Set(UserHeaderName, user.Login) + + if !sendUserHeader || user == nil || user.IsNil() { + return + } + + namespace, _ := user.GetNamespacedID() + switch namespace { + case identity.NamespaceUser, identity.NamespaceServiceAccount: + req.Header.Set(UserHeaderName, user.GetLogin()) } }