* RBAC: add viewer grand if dspermissions enforcement is not enabled
* RBAC: Change permissions based on role prefix
* RBAC: Add option to for permission service to add a license middleware
* RBAC: Remove actions from query struct
* RBAC: Add an endpoint to see all user permissions
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
* Fix mock
* Add feature flag
* Fix merging
* Return normal permissions instead of simplified ones
* Fix test
* Fix tests
* Fix tests
* Create benchtests
* Split function to get basic roles
* Comments
* Reorg
* Add two more tests to the bench
* bench comment
* Re-ran the test
* Rename GetUsersPermissions to SearchUsersPermissions and prepare search options
* Remove from model unused struct
* Start adding option to get permissions by Action+Scope
* Wrong import
* Action and Scope
* slightly tweak users permissions actionPrefix query param validation logic
* Fix xor check
* Lint
* Account for suggeston
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Add search
* Remove comment on global scope
* use union all and update test to make it run on all dbs
* Fix MySQL needs a space
* Account for suggestion.
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
Co-authored-by: Joey Orlando <joseph.t.orlando@gmail.com>
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* remove legacy createorg from org service
* remove another createorg from orgimpl
* remove createorg from api pref tests
* remove createorg from api org tests
* fix tests
* remove createorg from annotations test
* remove createorg from team tests
* remove createorg from service accounts
* remove createorg from accesscontrol tests
* remove createorg from provisioning
* Use quotaservice from sc.hs
* Auth: move interface to its own file
* Auth: move to test package
* Auth: move quota consts to auth file
* Auth: move service to impl package
* Auth: move interfaces and related models to auth package
* Auth: Create sub package and type alias to avoid circular dependency
* RBAC: Remove name from role registration
* Inline accesscontrol service
* test fix
* use fmt
Co-Authored-By: marefr <marcus.efraimsson@gmail.com>
Co-authored-by: marefr <marcus.efraimsson@gmail.com>
* clean up and document integration test convention
* clarify integration test conventions
* clean up integration tests that don't follow convention
* mark testIntegration* functions as helpers to avoid confusion
* RBAC: Remove the access control evaluator fake
* API: Change to use access control implementation instead of mocks with
rbac disabled in tests
* Tests: Set cfg and access control defaults after applying options
* Tests: Rewrite team legacy access control tests
* Tests: Add helper function to create user with permissions
* Tests: set fake quota service as default
* Team: Add ExpectedTeamDTO and set in query result
* RBAC: Revert change
* RBAC: Add deprecation notice to mock
* chore: add alias for InitTestDB and Session
Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store.
* next pass of removing sqlstore imports
* last little bit
* remove mockstore where possible
* Copy sqlstore methods to suer store
* Adjust ProvideService signatures in test
* Add xorm tags and tests for search
* Remove methods from sqlstore
* fix lint in tests
* Chore: Copy user methods over to user store
* Fix some tests and bugs
* Add some more tests
* Move tests to user store
* Move back the tests
* Add some tests
* SQLStore: Ensure that sessions are always closed
Delete `NewSession()` in favour of `WithDbSession()`
* Add WithDbSessionForceNewSession to the interface
* Apply suggestions from code review
* add users-manager command
* add users-manager command
* rename files
* refactor: imports and renaming
* Command: add conflict merge user command
- MergeUser will
- replace all user_ids from conflicting users to the chosen userId
- delete users whose user_ids are not the chosen user
- SameIdentification will
- update chosen user with chosen email,login details
- delete users whose user_ids are not the chosen user
* refactor: clean up
* refactor: create structure for read, validate, ingest
* feat: ls and generate-file for conflicting users
* remove usagestats
* added back pkg/services/login/authinfoservice/database/stats.go
* Revert "added back pkg/services/login/authinfoservice/database/stats.go"
This reverts commit 2ba6e3c4d6.
* Revert "remove usagestats"
This reverts commit 1e3fa97810.
* cherry pick
* Revert "cherry pick"
This reverts commit 461626c306.
* validation of picked merge user
* fix test
* make lint
* make test run
* tests for ingest working
* clean up and refactored to align with downstream refactoring
* formatting
* refactor: name list instead of ls
* fix: static lint error use trimprefix
* WIP: permissions for validation
* fix: remove unused functions in sqlstore
* fix: remove unused function
* handling of multiple users and resolve discarded users
* fix tests
* fix: bug that did not exclude the blocks
* ioutil is blacklisted
* WIP: validation
* tests for merging a user working
* add latest changes to output print
* refactor: removed conflictEmail and conflictLogin that was not used
* refactor: code clean up, showChanges working
* test and linting fixes
* test and linting fixes
* refactor: removed logging of config and added more info for vlidation command
* refactor: fix order of code
* fix time now
* refactor: no longer need for check casesensitive login/email
* removed unnessecary loop
* refactor: move functions around
* test: working
* docs: add docuemntationf for file
* Add failing test for generating the conflict login block
* Fix regex
* Fix some stuff/tests
Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
* add: docs for conflict file
* add: conflict_email, conflict_login fields
* add: conflict_email, conflict_login fields
* WIP
* fix: tests working as intended
* Update pkg/cmd/grafana-cli/commands/conflict_user_command.go
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* review comments
* Update pkg/cmd/grafana-cli/commands/conflict_user_command.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Update pkg/cmd/grafana-cli/commands/conflict_user_command.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* missspelling
* trailing new line
* update to use userimpl store
* remove newline
* remove newline
* refactor: initializing of resolver for conflicts
* fix: test sqlStore
* refactor: removed lines
* refactor: remove TODOs
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* UserService: update callers to use the UserService instead of calling sqlstore directly
There is one major change hiding in this PR. UserService.Delete originally called a number of services to delete user-related records. I moved everything except the actual call to the user table, and moved those into the API. This was done to avoid dependencies cycles; many of our services depend on the user service, so the user service itself should have as few dependencies as possible.
* Chore: move team store implementation to a separate package
* trying to fix more tests
* fix tests in service accounts and access control
* fix common tests
* restore commented out test
* add todos
* access control to log user name if it does not have permissions
* update ngalert Evaluator to accept user instead of creating a pseudo one
* update alerting eval (rule\query testing) API to provide the real user to the Evaluator
* update scheduler to create a pseudo user with proper permissions
* RBAC: Add cache for oss permissions
* RBAC: include service account actions
* RBAC: revert changes to fetch service account permissions
* Update comment for setting
* RBAC: Disable permission chache for tests
* RBAC: Allow app plugins restriction
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* Moving declaration to HttpServer
Co-Authored-By: marefr <marcus.efraimsson@gmail.com>
* Picking changes from the other branch
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Rename plugins.settings to plugins
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* Account for PluginAdminExternalManageEnabled
Co-authored-by: Will Browne <will.browne@grafana.com>
* Set metadata on instantiation
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: marefr <marcus.efraimsson@gmail.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
Co-authored-by: Will Browne <will.browne@grafana.com>
Co-authored-by: Jguer <joao.guerreiro@grafana.com>
* RBAC: Remove service dependency for Evaluator component
* RBAC: Add service and load permissions in target org if they are not
there
* RBAC: Use service if we need to load permissions for org
* API: remove service injection into evaluator
* API: set new user for each request in tests
* PublicDashboards: Use fake service to provide permissions
* RBAC: Set org id for dashboard provisioning user
* RBAC: Move metadata to own file
* RBAC: Rename test files
* RBAC: Add wildcard structure and helper function to generate wildcards
from prefix
* RBAC: Refactor filter to use WildcardsFromPrefix
* RBAC: Refactor GetResourceMetadata to use WildcardsFromPrefix
* RBAC: Test evaluation before attaching mutator
* RBAC: Return error if no resolver is found for scope
* RBAC: Sync changes to evaluation in mock
* RBAC: Check for resolver not found error and just fail the evaluation in that case
