* streamline initialization of test databases, support on-disk sqlite test db
* clean up test databases
* introduce testsuite helper
* use testsuite everywhere we use a test db
* update documentation
* improve error handling
* disable entity integration test until we can figure out locking error
* RBAC: Search add user login filter
* Switch to a userService resolving instead
* Remove unused error
* Fallback to use the cache
* account for userID filter
* Account for the error
* snake case
* Add test cases
* Add api tests
* Fix return on error
* Re-order imports
* ExtSvcAuth: Assign roles locally
* Fix test
* HandlePluginStateChanged in the OrgID
* Remove Global from command
* Use AssignmentOrgID instead of OrgID
* Remove unecessary test case
* Update cue to have an AuthProvider entry
* Cable the new auth provider
* Add feature flag check to the accesscontrol service
* Fix test
* Change the structure of externalServiceRegistration (#76673)
* wip
* scope active user to 1 org
* remove TODOs
* add render auth namespace
* import cycle fix
* make condition more readable
* convert Evaluate to user Requester
* only use active OrgID for SearchUserPermissions
* add cache key to interface definition
* change final SignedInUsers to interface
* fix api key managed roles fetch
* fix anon auth id parsing
* Update pkg/services/accesscontrol/acimpl/accesscontrol.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
---------
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* add a feature toggle
* add the fields for attribute, kind and identifier to permission
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* set the new fields when new permissions are stored
* add migrations
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* remove comments
* Update pkg/services/accesscontrol/migrator/migrator.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* feedback: put column migrations behind the feature toggle, added an index, changed how wildcard scopes are split
* PR feedback: add a comment and revert an accidentally changed file
* PR feedback: handle the case with : in resource identifier
* switch from checking feature toggle through cfg to checking it through featuremgmt
* don't put the column migrations behind a feature toggle after all - this breaks permission queries from db
---------
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* RBAC: Add function to delete external service roles
* Adding a test to the service
* Update pkg/services/accesscontrol/acimpl/service_test.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
---------
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* AuthN: Save external services RBAC roles
* Add missing test
* Placing roles in the same group
* Split function to gen role and assignment
* add test case and comments
* Ensure we check external service roles are assigned once only
* Update pkg/services/accesscontrol/models_test.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* change from role grant overrides to SAML UI specific config option
* update permissions needed to access SAML UI
* PR feedback: change config name, change required perms to write, add a comment
* RBAC: Feature to override default assignments
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* Add test and trim spaces
* Pass linting
* Apply the rbac overrides to fixed_authentication.config_writer
* Removing from the default ini file for now
* Add grants overrides section to cfg
* slimmer handleGrantOverrides function
---------
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* initial commit
* clean up
* fix a bug and add tests
* more tests
* undo some unintended changes
* undo some unintended changes
* linting
* PR feedback - add user ID to search options
* simplify the query
* Apply suggestions from code review
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* remove unneeded formatting changes
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* RBAC: Add an endpoint to see all user permissions
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
* Fix mock
* Add feature flag
* Fix merging
* Return normal permissions instead of simplified ones
* Fix test
* Fix tests
* Fix tests
* Create benchtests
* Split function to get basic roles
* Comments
* Reorg
* Add two more tests to the bench
* bench comment
* Re-ran the test
* Rename GetUsersPermissions to SearchUsersPermissions and prepare search options
* Remove from model unused struct
* Start adding option to get permissions by Action+Scope
* Wrong import
* Action and Scope
* slightly tweak users permissions actionPrefix query param validation logic
* Fix xor check
* Lint
* Account for suggeston
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Add search
* Remove comment on global scope
* use union all and update test to make it run on all dbs
* Fix MySQL needs a space
* Account for suggestion.
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
Co-authored-by: Joey Orlando <joseph.t.orlando@gmail.com>
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* RBAC: Remove name from role registration
* Inline accesscontrol service
* test fix
* use fmt
Co-Authored-By: marefr <marcus.efraimsson@gmail.com>
Co-authored-by: marefr <marcus.efraimsson@gmail.com>
* chore: add alias for InitTestDB and Session
Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store.
* next pass of removing sqlstore imports
* last little bit
* remove mockstore where possible
* RBAC: Add cache for oss permissions
* RBAC: include service account actions
* RBAC: revert changes to fetch service account permissions
* Update comment for setting
* RBAC: Disable permission chache for tests
