Commit Graph

292 Commits

Author SHA1 Message Date
Ieva
d8b66d5c4b
RBAC: remove some IsDisabled checks (#69272)
* remove some access contorl IsDisabled() checks

* cleaning up tests

* update tests

* linting
2023-05-31 09:58:57 +01:00
Ieva
d98813796c
RBAC: Remove legacy AC from HasAccess permission check (#68995)
* remove unused HasAdmin and HasEdit permission methods

* remove legacy AC from HasAccess method

* remove unused function

* update alerting tests to work with RBAC
2023-05-30 14:39:09 +01:00
Gabriel MABILLE
edf1775d49
AuthN: Embed an OAuth2 server for external service authentication (#68086)
* Moving POC files from #64283 to a new branch

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

* Adding missing permission definition

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

* Force the service instantiation while client isn't merged

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

* Merge conf with main

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

* Leave go-sqlite3 version unchanged

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

* tidy

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

* User SearchUserPermissions instead of SearchUsersPermissions

* Replace DummyKeyService with signingkeys.Service

* Use user🆔<id> as subject

* Fix introspection endpoint issue

* Add X-Grafana-Org-Id to get_resources.bash script

* Regenerate toggles_gen.go
* Fix basic.go

* Add GetExternalService tests

* Add GetPublicKeyScopes tests

* Add GetScopesOnUser tests

* Add GetScopes tests

* Add ParsePublicKeyPem tests

* Add database test for GetByName

* re-add comments

* client tests added

* Add GetExternalServicePublicKey tests

* Add other test case to GetExternalServicePublicKey

* client_credentials grant test

* Add test to jwtbearer grant

* Test Comments

* Add handleKeyOptions tests

* Add RSA key generation test

* Add ECDSA by default to EmbeddedSigningKeysService

* Clean up org id scope and audiences

* Add audiences to the DB

* Fix check on Audience

* Fix double import

* Add AC Store mock and align oauthserver tests

* Fix test after rebase

* Adding missing store function to mock

* Fix double import

* Add CODEOWNER

* Fix some linting errors

* errors don't need type assertion

* Typo codeowners

* use mockery for oauthserver store

* Add feature toggle check

* Fix db tests to handle the feature flag

* Adding call to DeleteExternalServiceRole

* Fix flaky test

* Re-organize routes comments and plan futur work

* Add client_id check to Extended JWT client

* Clean up

* Fix

* Remove background service registry instantiation of the OAuth server

* Comment cleanup

* Remove unused client function

* Update go.mod to use the latest ory/fosite commit

* Remove oauth2_server related configs from defaults.ini

* Add audiences to DTO

* Fix flaky test

* Remove registration endpoint and demo scripts. Document code

* Rename packages

* Remove the OAuthService vs OAuthServer confusion

* fix incorrect import ext_jwt_test

* Comments and order

* Comment basic auth

* Remove unecessary todo

* Clean api

* Moving ParsePublicKeyPem to utils

* re ordering functions in service.go

* Fix comment

* comment on the redirect uri

* Add RBAC actions, not only scopes

* Fix tests

* re-import featuremgmt in migrations

* Fix wire

* Fix scopes in test

* Fix flaky test

* Remove todo, the intersection should always return the minimal set

* Remove unecessary check from intersection code

* Allow env overrides on settings

* remove the term app name

* Remove app keyword for client instead and use Name instead of ExternalServiceName

* LogID remove ExternalService ref

* Use Name instead of ExternalServiceName

* Imports order

* Inline

* Using ExternalService and ExternalServiceDTO

* Remove xorm tags

* comment

* Rename client files

* client -> external service

* comments

* Move test to correct package

* slimmer test

* cachedUser -> cachedExternalService

* Fix aggregate store test

* PluginAuthSession -> AuthSession

* Revert the nil cehcks

* Remove unecessary extra

* Removing custom session

* fix typo in test

* Use constants for tests

* Simplify HandleToken tests

* Refactor the HandleTokenRequest test

* test message

* Review test

* Prevent flacky test on client as well

* go imports

* Revert changes from 526e48ad45

* AuthN: Change the External Service registration form (#68649)

* AuthN: change the External Service registration form

* Gen default permissions

* Change demo script registration form

* Remove unecessary comment

* Nit.

* Reduce cyclomatic complexity

* Remove demo_scripts

* Handle case with no service account

* Comments

* Group key gen

* Nit.

* Check the SaveExternalService test

* Rename cachedUser to cachedClient in test

* One more test case to database test

* Comments

* Remove last org scope

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

* Update pkg/services/oauthserver/utils/utils_test.go

* Update pkg/services/sqlstore/migrations/oauthserver/migrations.go

Remove comment

* Update pkg/setting/setting.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

---------

Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
2023-05-25 15:38:30 +02:00
Ryan McKinley
e7da2a179e
Schema: Add schema for role+access policies (#68047) 2023-05-24 10:31:57 -07:00
Ieva
4980b64274
RBAC: Remove legacy ac from authorization middleware (#68898)
remove legacy AC fallback from RBAC middleware, and some unused auth logic
2023-05-24 09:49:42 +01:00
Gabriel MABILLE
3ffff632be
RBAC: Refine validation of external services permissions (#68633)
* RBAC: Refine validation of external services permissions

* Forgot to log the ext-id
2023-05-17 16:28:14 +02:00
Gabriel MABILLE
d7eea0d207
RBAC: Add a function to delete external service roles (#68317)
* RBAC: Add function to delete external service roles

* Adding a test to the service

* Update pkg/services/accesscontrol/acimpl/service_test.go

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

---------

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-05-16 15:01:27 +02:00
Misi
23d8f7c2fe
RBAC: Fix SearchUsersPermissions when the filter is empty (#68176)
Fix SearchUsersPermission action filter
2023-05-10 11:24:37 +02:00
Gabriel MABILLE
8c6b5a4319
RBAC: Add a function to save external service roles (#66299)
* AuthN: Save external services RBAC roles

* Add missing test

* Placing roles in the same group

* Split function to gen role and assignment

* add test case and comments

* Ensure we check external service roles are assigned once only

* Update pkg/services/accesscontrol/models_test.go

Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>

---------

Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
2023-05-09 13:19:38 +02:00
Ieva
533f8caafd
SAML: change the config option for making SAML UI accessible to org Admins (#67399)
* change from role grant overrides to SAML UI specific config option

* update permissions needed to access SAML UI

* PR feedback: change config name, change required perms to write, add a comment
2023-04-28 11:48:26 +01:00
Alexander Zobnin
1d99500b3e
SAML UI: Fix permissions for fixed:authentication.config:writer role (#67290)
* SAML UI: Fix permissions for fixed:authentication.config:writer role

* Remove read permissions for auth settings
2023-04-27 15:46:47 +02:00
Gabriel MABILLE
3b63844390
RBAC: Feature to override default assignments (#66561)
* RBAC: Feature to override default assignments

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>

* Add test and trim spaces

* Pass linting

* Apply the rbac overrides to fixed_authentication.config_writer

* Removing from the default ini file for now

* Add grants overrides section to cfg

* slimmer handleGrantOverrides function

---------

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
2023-04-14 17:17:59 +02:00
Alexander Zobnin
7476219b0c
SAML: Configuration UI (#64054)
* Add initial authentication config page skeleton

* Add initial SAML config page WIP

* Add few more pages

* Add connect to IdP page

* Assertion mappings page stub and url params

* Able to save settings

* Some tweaks for authentication page

* Tweak behaviour

* Tweak provider name

* Move SAML config pages to enterprise

* minor refactor

* Able to reset settings

* Configure key and cert from UI

* Refactor WIP

* Tweak styles

* Optional save button

* Some tweaks for the page

* Don't show info popup when save settings

* Improve key/cert validation

* Fetch provider status and display on auth page

* Add settings list to the auth page

* Show call to action card if no auth configured

* clean up

* Show authentication page only if SAML available

* Add access control for SSO config page

* Add feature toggle for auth config UI

* Add code owners for auth config page

* Auth config UI disabled by default

* Fix feature toggle check

* Apply suggestions from review

* Refactor: use forms for steps

* Clean up

* Improve authentication page loading

* Fix CTA link

* Minor tweaks

* Fix page route

* Fix formatting

* Fix generated code formatting
2023-04-13 16:07:43 +02:00
Michael Mandrus
5626461b3c
Caching: Refactor enterprise query caching middleware to a wire service (#65616)
* define initial service and add to wire

* update caching service interface

* add skipQueryCache header handler and update metrics query function to use it

* add caching service as a dependency to query service

* working caching impl

* propagate cache status to frontend in response

* beginning of improvements suggested by Lean - separate caching logic from query logic.

* more changes to simplify query function

* Decided to revert renaming of function

* Remove error status from cache request

* add extra documentation

* Move query caching duration metric to query package

* add a little bit of documentation

* wip: convert resource caching

* Change return type of query service QueryData to a QueryDataResponse with Headers

* update codeowners

* change X-Cache value to const

* use resource caching in endpoint handlers

* write resource headers to response even if it's not a cache hit

* fix panic caused by lack of nil check

* update unit test

* remove NONE header - shouldn't show up in OSS

* Convert everything to use the plugin middleware

* revert a few more things

* clean up unused vars

* start reverting resource caching, start to implement in plugin middleware

* revert more, fix typo

* Update caching interfaces - resource caching now has a separate cache method

* continue wiring up new resource caching conventions - still in progress

* add more safety to implementation

* remove some unused objects

* remove some code that I left in by accident

* add some comments, fix codeowners, fix duplicate registration

* fix source of panic in resource middleware

* Update client decorator test to provide an empty response object

* create tests for caching middleware

* fix unit test

* Update pkg/services/caching/service.go

Co-authored-by: Arati R. <33031346+suntala@users.noreply.github.com>

* improve error message in error log

* quick docs update

* Remove use of mockery. Update return signature to return an explicit hit/miss bool

* create unit test for empty request context

* rename caching metrics to make it clear they pertain to caching

* Update pkg/services/pluginsintegration/clientmiddleware/caching_middleware.go

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>

* Add clarifying comments to cache skip middleware func

* Add comment pointing to the resource cache update call

* fix unit tests (missing dependency)

* try to fix mystery syntax error

* fix a panic

* Caching: Introduce feature toggle to caching service refactor (#66323)

* introduce new feature toggle

* hide calls to new service behind a feature flag

* remove licensing flag from toggle (misunderstood what it was for)

* fix unit tests

* rerun toggle gen

---------

Co-authored-by: Arati R. <33031346+suntala@users.noreply.github.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2023-04-12 12:30:33 -04:00
Will Browne
31d6416157
Plugins: Migrate licensing and access control to pkg/services/pluginsintegration package (#65258)
* migrate licensing + access control

* update package name
2023-03-27 11:15:37 +02:00
Karl Persson
382b24742a
Auth: Add feature flag to move token rotation to client (#65060)
* FeatureToggle: Add toggle to use a new way of rotating tokens

* API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd

* Auth: Aling not authorized handling between auth middleware and access
control middleware

* API: add utility function to get redirect for login

* API: Handle token rotation redirect for login page

* Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request

* ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated

* AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated

* Cookies: Add option NotHttpOnly

* AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated

* AuthN: Add function to delete session cookie and set expiry cookie

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-03-23 14:39:04 +01:00
Sofia Papagiannaki
fde96c91c1
Chore: Differentiate the ErrOrgNotFound error messages (#64131)
* Better org not found error messages
2023-03-06 09:57:46 +02:00
Jo
c8db771939
Users: Fix org user always getting org id = 1 on auto assign false (#63708)
* fix org user always getting org id = 1 on auto assign false

* make tests explicit

* use correct cfg in service accounts

* fix api tests

* fix database test of ac

* fix InsertOrgUser returning affected rows as orgID
2023-02-24 18:08:44 +01:00
suntala
49b3027049
Chore: Remove Result field from datasources (#63048)
* Remove Result field from AddDataSourceCommand
* Remove DatasourcesPermissionFilterQuery Result
* Remove GetDataSourceQuery Result
* Remove GetDataSourcesByTypeQuery Result
* Remove GetDataSourcesQuery Result
* Remove GetDefaultDataSourceQuery Result
* Remove UpdateDataSourceCommand Result
2023-02-09 15:49:44 +01:00
Ryan McKinley
804bd08f11
Chore: remove unused feature flag showFeatureFlagsInUI (#62908) 2023-02-08 19:01:34 -05:00
Jo
f9163351fd
Support bundles: Refactor registry into separate service (#62945)
* add bundle registry service to avoid dependency cycles

* move user support bundle collector to user service

* move usage stat bundle implementation to usage stats

* add info for background service

* fix remaining imports

* whitespace
2023-02-06 17:50:03 +01:00
Eric Leijonmarck
ed18a249b8
Refactor: move displayname logic from backend to frontend (#62845)
* remove fallback from backend

* add: displayname logic to frontend

* Update public/app/core/components/RolePicker/utils.ts

Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>

* add: fetchTeamRoles and return earlier

* refactor: change to const

---------

Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
2023-02-03 10:39:44 +00:00
idafurjes
23c27cffb3
Chore: Rename Id to ID in alerting models (#62777)
* Chore: Rename Id to ID in alerting models

* Add xorm tags for datasource

* Add xorm tag for uid
2023-02-02 17:22:43 +01:00
Ieva
6ae0ea80f6
RBAC: extend IsInherited method to work for nested folders (#62498)
* extend IsInherited function to work for nested folders

* add tests

* update tests and logic

* process inherited permissions seprately to correctly grey them out in the frontend
2023-01-31 17:38:03 +00:00
Ieva
ee3d742c7d
RBAC: inherit folder permissions when resolving managed permissions (#62244)
* add nested folder scope inheritance to managed permission services

* add a more specific erorr

* remove circular dependencies

* use errutil for returning erorr

* fix tests

* fix tests

* define a new error in ac package
2023-01-30 14:19:42 +00:00
Serge Zaitsev
7dbd2cd139
Chore: Fix goimports grouping (#62426)
fix goimports ordering
2023-01-30 09:34:18 +01:00
Ieva
1865205d68
Benchmarks for searchv2 (#60730)
* bench-test

* cleanup

* more simplification

* fix tests

* correct wrong argument ordering & use constant

* fix issues with tests setup

* add benchmark results

* reuse Gabriel's concurrent setup code

* correct error logs for ac benchmarks
2023-01-27 15:42:08 +00:00
Ieva
eb9ef34272
RBAC: Permission check performance improvements for the new search (#60729)
* Add checker and update the resource filter function for new search

* Add tests for checker

* small fixes

* handle location for panels correctly

* clean up checker code and extend the tests for it

* more fixes, but tests don't quite work yet

* a small change to return error

* cleanup

* more simplification

* fix tests

* correct wrong argument ordering & use constant

* Apply suggestions from code review

Co-authored-by: Artur Wierzbicki <artur.wierzbicki@grafana.com>

* import

* check general folder from permission checker function

* handle root folder aka general folder properly

* update tests

* clean up

* lint

* add fix from main

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Artur Wierzbicki <artur.wierzbicki@grafana.com>
2023-01-27 12:12:30 +00:00
idafurjes
6c5a573772
Chore: Move ReqContext to contexthandler service (#62102)
* Chore: Move ReqContext to contexthandler service

* Rename package to contextmodel

* Generate ngalert files

* Remove unused imports
2023-01-27 08:50:36 +01:00
Kristin Laemmert
e8b8a9e276
chore: move dashboard_acl models into dashboard service (#62151) 2023-01-26 08:46:30 -05:00
idafurjes
b54b80f473
Chore: Remove Result from dashboard models (#61997)
* Chore: Remove Result from dashboard models

* Fix lint tests

* Fix dashboard service tests

* Fix API tests

* Remove commented out code

* Chore: Merge main - cleanup
2023-01-25 10:36:26 +01:00
Kristin Laemmert
857649e30b
chore: move models/licensing into licensing service (#61878) 2023-01-23 11:53:43 -05:00
Ieva
f44bc0dd6b
RBAC: use scope reduction for user permission listing (#61583)
use scope reduction for user permission listing
2023-01-17 09:58:40 +00:00
idafurjes
7c2522c477
Chore: Move dashboard models to dashboard pkg (#61458)
* Copy dashboard models to dashboard pkg

* Use some models from current pkg instead of models

* Adjust api pkg

* Adjust pkg services

* Fix lint
2023-01-16 16:33:55 +01:00
idafurjes
490a787d9d
Chore: Move tem member models to team pkg (#61294)
* Chore: Move tem member models to team pkg

* Fix test lint
2023-01-13 09:43:38 +01:00
idafurjes
f2ffce4351
Chore: Move team models to models pkg (#61262)
* Chore: Move team models to models pkg

* Fix ACL tests

* More ACL tests

* Change Id to ID in conflict user command test

* Remove team from models

* Fix ac test lint
2023-01-11 14:20:09 +01:00
Gabriel MABILLE
6da850a2f2
RBAC: Add function to reduce permissions (#58197)
* RBAC: Add function to reduce permissions

* Make names readable

Co-authored-by: Jguer <joao.guerreiro@grafana.com>

* Remove copy pasted comment

* Nit.

Co-authored-by: Jguer <joao.guerreiro@grafana.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
2023-01-05 16:32:13 +00:00
idafurjes
bb35f37b66
Chore: Delete org model duplicates (#60940)
* Delete org model duplicates

* Fix lint

* Move OrgDetailsDTO to org pkg
2023-01-04 16:20:26 +01:00
Karl Persson
0743c4eb87
ServiceAccount: Rewrite the api test to use fakes (#60441)
* RBAC: Add fake for permissions service

* ServiceAccount: Rewrite create api tests

* ServiceAccount: Rewrite api delete tests

* ServiceAccount: Rewrite api test for RetriveServiceAccount

* ServiceAccount: Refactor UpdateServiceAccount api test

* ServiceAccount: Refactor CreateToken api test

* ServiceAccount: refactor delete token api tests

* ServiceAccount: rewrite list tokens api test

* Remove test helper that is not used any more

* ServiceAccount: remove unused test helpers
2022-12-19 09:27:52 +01:00
Ieva
6aa5a79cad
Access control: endpoint for searching single user permissions (#59669)
* initial commit

* clean up

* fix a bug and add tests

* more tests

* undo some unintended changes

* undo some unintended changes

* linting

* PR feedback - add user ID to search options

* simplify the query

* Apply suggestions from code review

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* remove unneeded formatting changes

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2022-12-14 10:53:25 +00:00
Gabriel MABILLE
109df85cae
RBAC: Add benchmarks to search all users given a specific permission (#59980)
* RBAC: Add benchmarks to search all users given a specific permission

* Add missing time

* Inline benchmarks

* Make bench setup memory efficient

* fix user id

* comment

* Ran 10K_10k and got a better time this time

* change comment to pass linting

* change comment to pass linting

* Update pkg/services/accesscontrol/acimpl/service_bench_test.go

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-12-13 09:07:15 -05:00
Eric Leijonmarck
371d7850a5
Auth: Service account store refactor (#58961)
* refactor: renaming of files from database to store

* refactor: make service account store private

- moves store interface to manager package
- adds an interface to the ProvideAPI constructor
- refactors tests to use the store when necessary
- adds mocks for the new interface implementations in the tests package

* wip

* refactor: make fakestore in service

* wip

* wip

* wip

* working tests

* trailing whitespaces

* Update pkg/services/serviceaccounts/api/api.go

* Update pkg/services/serviceaccounts/tests/common.go

* Update pkg/services/serviceaccounts/tests/common.go

* refactor: doc string for retriever

* fix import unused

* remove: serviceaccount from featuretoggle

* added: back legacy serviceaccounts feature toggle

* added: docs

* refactor: make query for the SearchQuery

* add: validation of service input fields

* add validation
2022-12-13 14:56:10 +01:00
Kristin Laemmert
70fbf47022
chore: remove CreateUser from sqlstore & replace with userService.CreateUserForTests (#59910) 2022-12-07 11:03:22 -05:00
Karl Persson
6d1bcd9f40
DataSourcePermissions: Handle licensing properly for ds permissions (#59694)
* RBAC: add viewer grand if dspermissions enforcement is not enabled

* RBAC: Change permissions based on role prefix

* RBAC: Add option to for permission service to add a license middleware

* RBAC: Remove actions from query struct
2022-12-02 13:19:14 +01:00
Gabriel MABILLE
bf49c20050
RBAC: Add an endpoint to list all user permissions (#57644)
* RBAC: Add an endpoint to see all user permissions

Co-authored-by: Joey Orlando <joey.orlando@grafana.com>

* Fix mock

* Add feature flag

* Fix merging

* Return normal permissions instead of simplified ones

* Fix test

* Fix tests

* Fix tests

* Create benchtests

* Split function to get basic roles

* Comments

* Reorg

* Add two more tests to the bench

* bench comment

* Re-ran the test

* Rename GetUsersPermissions to SearchUsersPermissions and prepare search options

* Remove from model unused struct

* Start adding option to get permissions by Action+Scope

* Wrong import

* Action and Scope

* slightly tweak users permissions actionPrefix query param validation logic

* Fix xor check

* Lint

* Account for suggeston

Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>

* Add search

* Remove comment on global scope

* use union all and update test to make it run on all dbs

* Fix MySQL needs a space

* Account for suggestion.

Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>

Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
Co-authored-by: Joey Orlando <joseph.t.orlando@gmail.com>
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
2022-11-30 15:38:49 +01:00
Gabriel MABILLE
32a498e04f
RBAC: Validate plugin app access permission targets the plugin (#59468)
* RBAC: Validate plugin app access permission targets the plugin

* Fix service test
2022-11-30 13:55:07 +01:00
Denis Limarev
b814c66c1d
Perfomance: add preallocation for some slices (#59263)
add preallocation for some slices
2022-11-28 13:10:24 +01:00
Serge Zaitsev
5b861faec3
Chore: Reduce the usage of sqlstore.createorg and use orgservice instead (#59356)
* remove legacy createorg from org service

* remove another createorg from orgimpl

* remove createorg from api pref tests

* remove createorg from api org tests

* fix tests

* remove createorg from annotations test

* remove createorg from team tests

* remove createorg from service accounts

* remove createorg from accesscontrol tests

* remove createorg from provisioning

* Use quotaservice from sc.hs
2022-11-28 12:05:46 +01:00
Ieva
a8bae3f0b0
Access Control: Clear user's permission cache after resource creation (#59101)
* refresh user's permission cache after resource creation

* clear the cache instead of reloading the permissions

* don't error if can't clear cache

* fix tests

* fix tests again
2022-11-24 14:38:55 +00:00
Serge Zaitsev
c2e847d0b0
Chore: Remove createorgwithmember (#59161)
remove createorgwithmember
2022-11-23 10:37:04 +01:00