Commit Graph

25 Commits

Author SHA1 Message Date
Jo
48ef88aed7
Access: Fetch fresh permissions for target GlobalOrgID in AuthorizeInOrgMiddleware (#76569)
fetch fresh permissions for global in AuthorizeInOrgMiddleware

Update pkg/services/accesscontrol/authorize_in_org_test.go

do not load viewer permissions in global ID
2023-10-13 21:01:47 +03:00
Jo
5eed495cce
Chore: Port user services to identity.Requester (#73851)
* port api key api to signedinuser

* port users to signed in user interface

* fix tests
2023-08-28 10:42:24 +02:00
Jo
e56b2cae00
MESA: Allow using synced permissions (#71377)
* wip

* cover authorize in org behavior

* revert export

* fix org tests

* change permissions nit
2023-07-12 13:28:04 +03:00
Ieva
900348f3d9
Chore: remove tests for legacy AC, update other tests to work with RBAC (#68895)
* remove tests for legacy AC, update other tests to work with RBAC

* update usage stat tests to use RBAC
2023-05-23 15:29:20 +01:00
Ieva
cd363cb037
RBAC: remove access control mock from org quota tests (#61574)
* remove ac mock from org quota tests

* fix incorrect expected status code and swap tests to make setup easier

* remove empty line
2023-01-17 10:33:01 +00:00
Karl Persson
b5255ebfdf
RBAC: Update org rbac tests to not use mocked access control (#61211)
* API: Rewrite legacy access control and rbac tests for current org
endpoint

* API: Rewrite legacy and rbac endpoint tests for update current and
target org

* API: rewrite access control tests for create org

* API: Rewrite delete org api access control tests

* API: rewrite search org access control tests to not use mocked access
control

* API: Rewrite get org and get org by name access control tests to not use
mocked access control


Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-01-13 10:22:32 +01:00
Serge Zaitsev
5b861faec3
Chore: Reduce the usage of sqlstore.createorg and use orgservice instead (#59356)
* remove legacy createorg from org service

* remove another createorg from orgimpl

* remove createorg from api pref tests

* remove createorg from api org tests

* fix tests

* remove createorg from annotations test

* remove createorg from team tests

* remove createorg from service accounts

* remove createorg from accesscontrol tests

* remove createorg from provisioning

* Use quotaservice from sc.hs
2022-11-28 12:05:46 +01:00
Serge Zaitsev
c2e847d0b0
Chore: Remove createorgwithmember (#59161)
remove createorgwithmember
2022-11-23 10:37:04 +01:00
Sofia Papagiannaki
9855e74b92
Chore: Refactor quota service (#58643)
Chore: Refactor quota service (#57586)

* Chore: refactore quota service

* Apply suggestions from code review
2022-11-14 21:08:10 +02:00
Sofia Papagiannaki
96cdf77995
Revert "Chore: Refactor quota service (#57586)" (#58394)
This reverts commit 326ea86a57.
2022-11-08 11:52:07 +02:00
Sofia Papagiannaki
326ea86a57
Chore: Refactor quota service (#57586)
* Chore: refactore quota service

* Apply suggestions from code review
2022-11-08 10:25:34 +02:00
idafurjes
bc7a383252
Remove org methods from sqlstore interface (#56358)
* Remove org methods from sqlstore interface

* Remove some mocks

* Fix some tests
2022-10-05 15:47:56 +02:00
Kristin Laemmert
701f6d5436
UserService: use the UserService instead of calling sqlstore directly (#55745)
* UserService: update callers to use the UserService instead of calling sqlstore directly

There is one major change hiding in this PR. UserService.Delete originally called a number of services to delete user-related records. I moved everything except the actual call to the user table, and moved those into the API. This was done to avoid dependencies cycles; many of our services depend on the user service, so the user service itself should have as few dependencies as possible.
2022-09-27 07:58:49 -04:00
Torkel Ödegaard
09f4068849
NavTree: Refactor out the navtree building from api/index.go and into it's own service (#55552) 2022-09-22 22:04:48 +02:00
Karl Persson
bcd7afd1f5
RBAC: Remove service dependency in Evaluator component (#54910)
* RBAC: Remove service dependency for Evaluator component

* RBAC: Add service and load permissions in target org if they are not
there

* RBAC: Use service if we need to load permissions for org

* API: remove service injection into evaluator

* API: set new user for each request in tests

* PublicDashboards: Use fake service to provide permissions

* RBAC: Set org id for dashboard provisioning user
2022-09-09 09:07:45 +02:00
ying-jeanne
4dbe0b4f02
Chore: Move updateorg out of sqlstore (#54111)
* Chore: move updateorg out of sqlstore

* fix api test
2022-08-23 12:26:21 -05:00
idafurjes
fa2e74cd6e
Chore: Remove GetSignedInUserWithCacheCtx from store interface (#53734)
* Remove delete suer from store interface

* Remove get signed in user with cache ctx from store interface

* Support options when setting up access control tests

* Fix broken tests

* Fix lint

* Add user fake to middleware

* Fix middleware tests, remove usertest being initialised twice

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2022-08-16 16:08:59 +02:00
Karl Persson
c08fe3a53c
RBAC: Enable rbac when creating new settings (#53531)
* Settings: Set RBACEnabled to true by default

* Remove accessControlEnabledFlag and explicitly set to false when needed

* Disable rbac for tests
2022-08-11 15:37:31 +02:00
idafurjes
a14621fff6
Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343)
* Chore: Add user service method SetUsingOrg

* Chore: Add user service method GetSignedInUserWithCacheCtx

* Use method GetSignedInUserWithCacheCtx from user service

* Fix lint after rebase

* Fix lint

* Fix lint error

* roll back some changes

* Roll back changes in api and middleware

* Add xorm tags to SignedInUser ID fields
2022-08-11 13:28:55 +02:00
idafurjes
6afad51761
Move SignedInUser to user service and RoleType and Roles to org (#53445)
* Move SignedInUser to user service and RoleType and Roles to org

* Use go naming convention for roles

* Fix some imports and leftovers

* Fix ldap debug test

* Fix lint

* Fix lint 2

* Fix lint 3

* Fix type and not needed conversion

* Clean up messages in api tests

* Clean up api tests 2
2022-08-10 11:56:48 +02:00
idafurjes
6c43eb0b4d
Split Create User (#50502)
* Split Create User

* Use new create user and User from package user

* Add service to wire

* Making create user work

* Replace user from user pkg

* One more

* Move Insert to orguser Service/Store

* Remove unnecessary conversion

* Cleaunp

* Fix Get User and add fakes

* Fixing get org id for user logic, adding fakes and other adjustments

* Add some tests for ourguser service and store

* Fix insert org logic

* Add comment about deprecation

* Fix after merge with main

* Move orguser service/store to org service/store

* Remove orguser from wire

* Unimplement new Create user and use User from pkg user

* Fix wire generation

* Fix lint

* Fix lint - use only User and CrateUserCommand from user pkg

* Remove User and CreateUserCommand from models

* Fix lint 2
2022-06-28 14:32:25 +02:00
Karl Persson
44ffbfd6aa
RBAC: Refactor GetUserPermissions to use []accesscontrol.Permission (#50683)
* Return slice of permissions instead of slice of pointers for permissions
2022-06-14 10:17:48 +02:00
Jeff Levin
5d2f34d8e2
ValidatedQueries: start of validated queries API (#44731)
* adds an api endpoint for use with public dashboards that validates orgId, dashboard, and panel when running a query. This feature is in ALPHA and should not be enabled yet. Testing is based on new mock sqlstore.

Co-authored-by: Jesse Weaver <jesse.weaver@grafana.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
2022-03-07 09:33:01 -09:00
Gabriel MABILLE
818b8739c0
AccessControl: Remove scopes from orgs endpoints (#41709)
* AccessControl: Check permissions in target org

* Remove org scopes and add an authorizeInOrg middleware

* Use query result org id and perform users permission check globally for GetOrgByName

* Remove scope translation for orgs current

* Suggestion from Ieva
2021-11-17 10:12:28 +01:00
Gabriel MABILLE
f6a9132975
AccessControl: Add FGAC to orgs endpoints (#39579)
* AccessControl: Add FGAC to orgs endpoints

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-10-27 13:13:59 +02:00