Commit Graph

72 Commits

Author SHA1 Message Date
Misi
ce1450d4d3
Chore: Configure SkipOrgRoleSync from OAuthInfo for OAuth connectors (#79443)
* Configure SkipOrgRoleSync from OAuthInfo

* Remove skipOrgRoleSync from socialbase and connectors

* Add test to socialimpl.ProvideService

* Deprecate AuthSettings' fields

* clean up misleading init of frontendsettings.Auth
2023-12-15 10:58:08 +01:00
Jo
0de66a8099
Authz: Remove use of SignedInUser copy for permission evaluation (#78448)
* remove use of SignedInUserCopies

* add extra safety to not cross assign permissions

unwind circular dependency

dashboardacl->dashboardaccess

fix missing import

* correctly set teams for permissions

* fix missing inits

* nit: check err

* exit early for api keys
2023-11-22 14:20:22 +01:00
Karl Persson
1eb19befaa
Login: refactor auth info package (#78459)
* Remove unused stats and metrics

* No longer collect metrics

* Remove unused dependency

* Move database from sub package
2023-11-21 14:47:23 +01:00
Ieva
eca45f6492
Chore: remove gcomOnlyExternalOrgRoleSync feature toggle (#78001)
remove gcomOnlyExternalOrgRoleSync feature toggle
2023-11-13 09:56:02 +00:00
Karl Persson
e53e22ef2a
Contexthandler: Remove code that is no longer used (#73101)
* Contexthandler: remove dead code

* Contexthandler: Add tests

* Update pkg/tests/api/alerting/api_alertmanager_test.go

Co-authored-by: Jo <joao.guerreiro@grafana.com>

---------

Co-authored-by: Jo <joao.guerreiro@grafana.com>
2023-08-09 15:17:59 +02:00
Ieva
f7c6491f73
Auth: add a feature toggle for locking user roles for users synced through GCom (#72202)
* add a new feature toggle for locking down role sync for users managed by GCom

* protect the frontend and the backend using the new feature toggle

* fix merge
2023-07-25 13:27:02 +01:00
Ieva
e9ba6922c0
Auth: Lock organization roles for users who are managed through an external auth provider (#72204)
remove onlyExternalOrgRoleSync feature flag
2023-07-25 10:51:47 +01:00
Ieva
900348f3d9
Chore: remove tests for legacy AC, update other tests to work with RBAC (#68895)
* remove tests for legacy AC, update other tests to work with RBAC

* update usage stat tests to use RBAC
2023-05-23 15:29:20 +01:00
Eric Leijonmarck
3cd952b8ba
Auth: Fix orgrole picker disabled if isSynced user (#64033)
* fix: disable orgrolepicker if externaluser is synced

* add disable to role picker

* just took me 2 hours to center the icon

* wip

* fix: check externallySyncedUser for API call

* remove check from store

* add: tests

* refactor authproxy and made tests run

* add: feature toggle

* set feature toggle for tests

* add: IsProviderEnabled

* refactor: featuretoggle name

* IsProviderEnabled tests

* add specific tests for isProviderEnabled

* fix: org_user tests

* add: owner to featuretoggle

* add missing authlabels

* remove fmt

* feature toggle

* change config

* add test for a different authmodule

* test refactor

* gen feature toggle again

* fix basic auth user able to change the org role

* test for basic auth role

* make err.base to error

* lowered lvl of log and input mesg
2023-03-22 17:41:59 +00:00
Jo
c8db771939
Users: Fix org user always getting org id = 1 on auto assign false (#63708)
* fix org user always getting org id = 1 on auto assign false

* make tests explicit

* use correct cfg in service accounts

* fix api tests

* fix database test of ac

* fix InsertOrgUser returning affected rows as orgID
2023-02-24 18:08:44 +01:00
Jo
f9163351fd
Support bundles: Refactor registry into separate service (#62945)
* add bundle registry service to avoid dependency cycles

* move user support bundle collector to user service

* move usage stat bundle implementation to usage stats

* add info for background service

* fix remaining imports

* whitespace
2023-02-06 17:50:03 +01:00
Jo
12d192d80e
AccessControl: Clear user permission cache for update org user role (#62745)
* clear user permission cache for update org user role

* check enabled state of ac
2023-02-03 08:37:41 -05:00
Karl Persson
1204d607a5
RBAC: Rewrite org users rbac tests (#62469)
* API: refactor legacy org users access control tests
2023-02-02 15:33:25 +01:00
Kristin Laemmert
e8b8a9e276
chore: move dashboard_acl models into dashboard service (#62151) 2023-01-26 08:46:30 -05:00
idafurjes
68445a7c77
Chore: Remove dashboard ACL from models (#61749)
* Remove dashboard ACL from models

* Remove unused comment
2023-01-20 14:58:47 +01:00
Serge Zaitsev
fa36591380
Chore: Remove mockstore and use dbtest instead (#61629)
* remove mockstore and use dbtest instead

* fix wire

* remove unused expected fields

* fix more tests in alerting

* fix api tests
2023-01-18 16:01:25 +01:00
idafurjes
7c2522c477
Chore: Move dashboard models to dashboard pkg (#61458)
* Copy dashboard models to dashboard pkg

* Use some models from current pkg instead of models

* Adjust api pkg

* Adjust pkg services

* Fix lint
2023-01-16 16:33:55 +01:00
idafurjes
f2ffce4351
Chore: Move team models to models pkg (#61262)
* Chore: Move team models to models pkg

* Fix ACL tests

* More ACL tests

* Change Id to ID in conflict user command test

* Remove team from models

* Fix ac test lint
2023-01-11 14:20:09 +01:00
idafurjes
7dcb502b33
Chore: Remove org model duplicates (#61025)
Remove org model duplicates
2023-01-09 14:39:53 +01:00
Alexander Zobnin
f1b5014efd
Preferences: Add pagination to org configuration page (#60896)
* Add auth labels and access control metadata to org users search results

* Fix search result JSON model

* Org users: Use API for pagination

* Fix default page size

* Refactor: UsersListPage to functional component

* Refactor: update UsersTable component code style

* Add pagination to the /orgs/{org_id}/users endpoint

* Use pagination on the AdminEditOrgPage

* Add /orgs/{org_id}/users/search endpoint to prevent breaking API

* Use existing search store method

* Remove unnecessary error

* Remove unused

* Add query param to search endpoint

* Fix endpoint docs

* Minor refactor

* Fix number of pages calculation

* Use SearchOrgUsers for all org users methods

* Refactor: GetOrgUsers as a service method

* Minor refactor: rename orgId => orgID

* Fix integration tests

* Fix tests
2023-01-09 11:54:33 +03:00
Kristin Laemmert
70fbf47022
chore: remove CreateUser from sqlstore & replace with userService.CreateUserForTests (#59910) 2022-12-07 11:03:22 -05:00
Gabriel MABILLE
bf49c20050
RBAC: Add an endpoint to list all user permissions (#57644)
* RBAC: Add an endpoint to see all user permissions

Co-authored-by: Joey Orlando <joey.orlando@grafana.com>

* Fix mock

* Add feature flag

* Fix merging

* Return normal permissions instead of simplified ones

* Fix test

* Fix tests

* Fix tests

* Create benchtests

* Split function to get basic roles

* Comments

* Reorg

* Add two more tests to the bench

* bench comment

* Re-ran the test

* Rename GetUsersPermissions to SearchUsersPermissions and prepare search options

* Remove from model unused struct

* Start adding option to get permissions by Action+Scope

* Wrong import

* Action and Scope

* slightly tweak users permissions actionPrefix query param validation logic

* Fix xor check

* Lint

* Account for suggeston

Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>

* Add search

* Remove comment on global scope

* use union all and update test to make it run on all dbs

* Fix MySQL needs a space

* Account for suggestion.

Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>

Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
Co-authored-by: Joey Orlando <joseph.t.orlando@gmail.com>
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
2022-11-30 15:38:49 +01:00
Serge Zaitsev
5b861faec3
Chore: Reduce the usage of sqlstore.createorg and use orgservice instead (#59356)
* remove legacy createorg from org service

* remove another createorg from orgimpl

* remove createorg from api pref tests

* remove createorg from api org tests

* fix tests

* remove createorg from annotations test

* remove createorg from team tests

* remove createorg from service accounts

* remove createorg from accesscontrol tests

* remove createorg from provisioning

* Use quotaservice from sc.hs
2022-11-28 12:05:46 +01:00
Serge Zaitsev
c2e847d0b0
Chore: Remove createorgwithmember (#59161)
remove createorgwithmember
2022-11-23 10:37:04 +01:00
Serge Zaitsev
b875ca08c6
SQLStore: Make addOrgUser private (#59142)
make addOrgUser private
2022-11-22 17:02:39 +00:00
Sofia Papagiannaki
9855e74b92
Chore: Refactor quota service (#58643)
Chore: Refactor quota service (#57586)

* Chore: refactore quota service

* Apply suggestions from code review
2022-11-14 21:08:10 +02:00
Sofia Papagiannaki
96cdf77995
Revert "Chore: Refactor quota service (#57586)" (#58394)
This reverts commit 326ea86a57.
2022-11-08 11:52:07 +02:00
Sofia Papagiannaki
326ea86a57
Chore: Refactor quota service (#57586)
* Chore: refactore quota service

* Apply suggestions from code review
2022-11-08 10:25:34 +02:00
Kristin Laemmert
05709ce411
chore: remove sqlstore & mockstore dependencies from (most) packages (#57087)
* chore: add alias for InitTestDB and Session

Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store.

* next pass of removing sqlstore imports
* last little bit
* remove mockstore where possible
2022-10-19 09:02:15 -04:00
idafurjes
5167c55760
Chore: Move methods from sqlstore to user store (#56305)
* Copy sqlstore methods to suer store

* Adjust ProvideService signatures in test

* Add xorm tags and tests for search

* Remove methods from sqlstore

* fix lint in tests
2022-10-05 09:34:36 +02:00
idafurjes
a863a4d95d
Chore: Copy user methods over to user store (#56000)
* Chore: Copy user methods over to user store

* Fix some tests and bugs

* Add some more tests

* Move tests to user store

* Move back the tests

* Add some tests
2022-10-04 12:17:55 +02:00
idafurjes
a45ef61d25
Chore: Remove GetUserByEmail and GetUserByLogin from sqlstore (#55903)
* Chore: Remove GetUserByEmail and GetUserByLogin from sqlstore
 Rename GetUserProfile to GetProfile

* Fix lint

* Skip test for mysql

* Add missing method to sqlstore mock
2022-09-28 13:18:19 +02:00
Kristin Laemmert
701f6d5436
UserService: use the UserService instead of calling sqlstore directly (#55745)
* UserService: update callers to use the UserService instead of calling sqlstore directly

There is one major change hiding in this PR. UserService.Delete originally called a number of services to delete user-related records. I moved everything except the actual call to the user table, and moved those into the API. This was done to avoid dependencies cycles; many of our services depend on the user service, so the user service itself should have as few dependencies as possible.
2022-09-27 07:58:49 -04:00
idafurjes
2bfd26249b
Chore: Remove methods from store interface (#55765)
* Chore: Remove methods from store interface

* Fix api tests

* Remove sqlstore methods, add org store tests, add GetOrgUsers to org store interface

* Fix lint

* Remove debug logs

* Remove commented out methods
2022-09-27 10:34:31 +02:00
idafurjes
846a4510b4
Chore: Use org service methods (#55738)
* Chore: Use org service methods

* Fix loginservice test

* User Serach from org service

* Fix test
2022-09-26 18:53:17 +02:00
idafurjes
178cd0a232
Use OrgUser method from org service (#55674)
* Use OrgUser method from org service

* Use GetOrgUser from org service
2022-09-26 10:27:38 +02:00
ying-jeanne
7b4cea8151
Chore: StoreSplit tag service (#55453)
* move tag service outside

* fix dashboard

* fix test

* lint

* fix linter

* remove spew
2022-09-21 08:04:01 -04:00
Serge Zaitsev
305d494902
Chore: Switch over to team.Service instead of sqlstore (#55497)
* switch to using team service

* trying to fix tests

* more tests to fix

* add missing teamtest package
2022-09-20 18:58:04 +02:00
Serge Zaitsev
8f1e2ed658
Chore: Split temporary user (invite) service (#55397)
* Chore: Split temporary users

* change references to tempuser service

* fix api tests

* restore tests
2022-09-20 11:29:17 +02:00
Karl Persson
55c7b8add2
RBAC: Split up service into several components (#54002)
* RBAC: Rename interface to Store

* RBAC: Move ranme scopeInjector

* RBAC: Rename files to service

* RBAC: Rename to service

* RBAC: Split up accesscontrol into two components

* RBAC: Add DeclareFixedRoles to AccessControl interface

* Wire: Fix wire bindings

* RBAC: Move resolvers to root

* RBAC: Remove invalid test

* RBAC: Inject access control service

* RBAC: Implement the RoleRegistry interface in fake
2022-08-24 13:29:17 +02:00
Karl Persson
57d87389e0
RBAC: Remove user permissions in org when user is removed (#53782)
* RBAC: Add orgID to DeleteUserPermissions

* RBAC: Refactor query to delete all permissions in specified org, 0
deletes all permissions

* Delete user permission in org when user is removed

* Remove call to delete permissions in frontend

* Remove user permissions if removed orgs is detected during oauth sync

Co-authored-by: Jo <joao.guerreiro@grafana.com>
2022-08-17 16:32:02 +02:00
idafurjes
fa2e74cd6e
Chore: Remove GetSignedInUserWithCacheCtx from store interface (#53734)
* Remove delete suer from store interface

* Remove get signed in user with cache ctx from store interface

* Support options when setting up access control tests

* Fix broken tests

* Fix lint

* Add user fake to middleware

* Fix middleware tests, remove usertest being initialised twice

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2022-08-16 16:08:59 +02:00
Karl Persson
c08fe3a53c
RBAC: Enable rbac when creating new settings (#53531)
* Settings: Set RBACEnabled to true by default

* Remove accessControlEnabledFlag and explicitly set to false when needed

* Disable rbac for tests
2022-08-11 15:37:31 +02:00
idafurjes
a14621fff6
Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343)
* Chore: Add user service method SetUsingOrg

* Chore: Add user service method GetSignedInUserWithCacheCtx

* Use method GetSignedInUserWithCacheCtx from user service

* Fix lint after rebase

* Fix lint

* Fix lint error

* roll back some changes

* Roll back changes in api and middleware

* Add xorm tags to SignedInUser ID fields
2022-08-11 13:28:55 +02:00
idafurjes
6afad51761
Move SignedInUser to user service and RoleType and Roles to org (#53445)
* Move SignedInUser to user service and RoleType and Roles to org

* Use go naming convention for roles

* Fix some imports and leftovers

* Fix ldap debug test

* Fix lint

* Fix lint 2

* Fix lint 3

* Fix type and not needed conversion

* Clean up messages in api tests

* Clean up api tests 2
2022-08-10 11:56:48 +02:00
idafurjes
1ecbe22751
Chore: Add user service method GetByLogin (#53204)
* Add wrapper around sqlstore method GetUserByLogin

* Use new method from user service

* Fix lint

* Fix lint 2

* fix middleware basic auth test

* Fix grafana login returning a user by login

* Remove GetUserByLogin from store interface

* Merge commit
2022-08-04 13:22:43 +02:00
Ieva
0d324e931d
Access Control: Allow org admins to invite new users (#52894)
* allow org admins to invite new users to Grafana

* doc updates

* fix test
2022-07-27 17:37:27 +01:00
idafurjes
f5cace8bbd
Rename Acl to ACL (#52342)
* Rename Acl to ACL

* Fix yaml files

* Add xorm tags and fix test
2022-07-18 15:14:58 +02:00
idafurjes
6c43eb0b4d
Split Create User (#50502)
* Split Create User

* Use new create user and User from package user

* Add service to wire

* Making create user work

* Replace user from user pkg

* One more

* Move Insert to orguser Service/Store

* Remove unnecessary conversion

* Cleaunp

* Fix Get User and add fakes

* Fixing get org id for user logic, adding fakes and other adjustments

* Add some tests for ourguser service and store

* Fix insert org logic

* Add comment about deprecation

* Fix after merge with main

* Move orguser service/store to org service/store

* Remove orguser from wire

* Unimplement new Create user and use User from pkg user

* Fix wire generation

* Fix lint

* Fix lint - use only User and CrateUserCommand from user pkg

* Remove User and CreateUserCommand from models

* Fix lint 2
2022-06-28 14:32:25 +02:00
Ieva
0c0cf36ab8
Access control: role checks before updates (#51449)
* add role checks

* linting
2022-06-27 12:40:12 -04:00