* Add function to get the namespaced id
* Add function to resolve an identity through authn.Service from org and namespace id
* Switch to resolve identity for re-authenticate in another org
* Access control: Extend GetUserPermissions() to query permissions in specific org
* Use db query to fetch permissions in org
* refactor
* refactor
* use conditional join
* minor refactor
* Add test cases
* Search permissions correctly in OSS vs Enterprise
* Get permissions from memory
* Refactor
* remove unused func
* Add tests for GetUserPermissionsInOrg
* fix linter
* Chore: Replace response status with const var
* Apply suggestions from code review
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Add net/http import
---------
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Configure SkipOrgRoleSync from OAuthInfo
* Remove skipOrgRoleSync from socialbase and connectors
* Add test to socialimpl.ProvideService
* Deprecate AuthSettings' fields
* clean up misleading init of frontendsettings.Auth
* Chore: Replace grafana-authnz-team with identity-access-team as code owner
* Chore: Replace grafana-authnz-team with identity-access-team as code owner
* Fix the failing test
* User: Add sort option to user search
* Switch to an approach that uses the dashboard search options
* Cable user sort on the org endpoint
* Alias user table with u in org store
* Add test and cover orgs/:orgID/users/search endpoint
* Add test to userimpl store
* Simplify the store_test with sortopts.ParseSortQueryParam
* Account for PR feedback
* Positive check
* Update docs
* Update docs
* Switch to ErrOrFallback
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* move access control api to SignedInUser interface
* remove unused code
* add logic for reading perms from a specific org
* move the specific org logic to org_user.go
* add a comment
---------
Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
* add a new feature toggle for locking down role sync for users managed by GCom
* protect the frontend and the backend using the new feature toggle
* fix merge
* fix: disable orgrolepicker if externaluser is synced
* add disable to role picker
* just took me 2 hours to center the icon
* wip
* fix: check externallySyncedUser for API call
* remove check from store
* add: tests
* refactor authproxy and made tests run
* add: feature toggle
* set feature toggle for tests
* add: IsProviderEnabled
* refactor: featuretoggle name
* IsProviderEnabled tests
* add specific tests for isProviderEnabled
* fix: org_user tests
* add: owner to featuretoggle
* add missing authlabels
* remove fmt
* feature toggle
* change config
* add test for a different authmodule
* test refactor
* gen feature toggle again
* fix basic auth user able to change the org role
* test for basic auth role
* make err.base to error
* lowered lvl of log and input mesg
* Add auth labels and access control metadata to org users search results
* Fix search result JSON model
* Org users: Use API for pagination
* Fix default page size
* Refactor: UsersListPage to functional component
* Refactor: update UsersTable component code style
* Add pagination to the /orgs/{org_id}/users endpoint
* Use pagination on the AdminEditOrgPage
* Add /orgs/{org_id}/users/search endpoint to prevent breaking API
* Use existing search store method
* Remove unnecessary error
* Remove unused
* Add query param to search endpoint
* Fix endpoint docs
* Minor refactor
* Fix number of pages calculation
* Use SearchOrgUsers for all org users methods
* Refactor: GetOrgUsers as a service method
* Minor refactor: rename orgId => orgID
* Fix integration tests
* Fix tests
* Chore: Copy methods from sqlstore to org store
* Rename method, add test
* Add comments of tests
* Chore: Add methods from sqlstore to org service interface
* Avoiding import cycle
* Add and remove some methods
* User AddOrgUSer from org service in api
* Fix test function calls
* RBAC: Rename interface to Store
* RBAC: Move ranme scopeInjector
* RBAC: Rename files to service
* RBAC: Rename to service
* RBAC: Split up accesscontrol into two components
* RBAC: Add DeclareFixedRoles to AccessControl interface
* Wire: Fix wire bindings
* RBAC: Move resolvers to root
* RBAC: Remove invalid test
* RBAC: Inject access control service
* RBAC: Implement the RoleRegistry interface in fake
* RBAC: Add orgID to DeleteUserPermissions
* RBAC: Refactor query to delete all permissions in specified org, 0
deletes all permissions
* Delete user permission in org when user is removed
* Remove call to delete permissions in frontend
* Remove user permissions if removed orgs is detected during oauth sync
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* Chore: Add user service method SetUsingOrg
* Chore: Add user service method GetSignedInUserWithCacheCtx
* Use method GetSignedInUserWithCacheCtx from user service
* Fix lint after rebase
* Fix lint
* Fix lint error
* roll back some changes
* Roll back changes in api and middleware
* Add xorm tags to SignedInUser ID fields
* Move SignedInUser to user service and RoleType and Roles to org
* Use go naming convention for roles
* Fix some imports and leftovers
* Fix ldap debug test
* Fix lint
* Fix lint 2
* Fix lint 3
* Fix type and not needed conversion
* Clean up messages in api tests
* Clean up api tests 2
* Add wrapper around sqlstore method GetUserByLogin
* Use new method from user service
* Fix lint
* Fix lint 2
* fix middleware basic auth test
* Fix grafana login returning a user by login
* Remove GetUserByLogin from store interface
* Merge commit
* Split Create User
* Use new create user and User from package user
* Add service to wire
* Making create user work
* Replace user from user pkg
* One more
* Move Insert to orguser Service/Store
* Remove unnecessary conversion
* Cleaunp
* Fix Get User and add fakes
* Fixing get org id for user logic, adding fakes and other adjustments
* Add some tests for ourguser service and store
* Fix insert org logic
* Add comment about deprecation
* Fix after merge with main
* Move orguser service/store to org service/store
* Remove orguser from wire
* Unimplement new Create user and use User from pkg user
* Fix wire generation
* Fix lint
* Fix lint - use only User and CrateUserCommand from user pkg
* Remove User and CreateUserCommand from models
* Fix lint 2
* Add option to set ResourceAttribute for a permissions service
* Use prefix in access control sql filter to parse scopes
* Use prefix in access control metadata to check access
* AccessControl: Add endpoint to get user permissions
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Fix SA tests
* Linter is wrong :p
* Wait I was wrong
* Adding the route for teams:creator too
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* AccessControl: Add user metadata to user detail view
* AccessControl: Do not present delete or disable buttons based on ac metadata in admin/users
* AccessControl: do not allow password changing or user editing without permission
* AccessControl: Fetch global:users scope for admin
* AccessControl: optimize org.user metadata fetch
* Chore: early return if ac metadata is not available
* AccessControl: Add access control metadata to OrgUserDTO
* AccessControl: get User AC metadata
* AccessControl: return User Access Control metadata when requested
* Chore: Refactor api handlers to use web.Bind
* fix comments
* fix comment
* trying to fix most of the tests and force routing.Wrap type check
* fix library panels tests
* fix frontend logging tests
* allow passing nil as a response to skip writing
* return nil instead of the response
* rewrite login handler function types
* remove handlerFuncCtx
* make linter happy
* remove old bindings from the libraryelements
* restore comments
* AccessControl: Check permissions in target org
* Remove org scopes and add an authorizeInOrg middleware
* Use query result org id and perform users permission check globally for GetOrgByName
* Remove scope translation for orgs current
* Suggestion from Ieva
