* initial commit
* clean up
* fix a bug and add tests
* more tests
* undo some unintended changes
* undo some unintended changes
* linting
* PR feedback - add user ID to search options
* simplify the query
* Apply suggestions from code review
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* remove unneeded formatting changes
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* RBAC: Add benchmarks to search all users given a specific permission
* Add missing time
* Inline benchmarks
* Make bench setup memory efficient
* fix user id
* comment
* Ran 10K_10k and got a better time this time
* change comment to pass linting
* change comment to pass linting
* Update pkg/services/accesscontrol/acimpl/service_bench_test.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* RBAC: add viewer grand if dspermissions enforcement is not enabled
* RBAC: Change permissions based on role prefix
* RBAC: Add option to for permission service to add a license middleware
* RBAC: Remove actions from query struct
* RBAC: Add an endpoint to see all user permissions
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
* Fix mock
* Add feature flag
* Fix merging
* Return normal permissions instead of simplified ones
* Fix test
* Fix tests
* Fix tests
* Create benchtests
* Split function to get basic roles
* Comments
* Reorg
* Add two more tests to the bench
* bench comment
* Re-ran the test
* Rename GetUsersPermissions to SearchUsersPermissions and prepare search options
* Remove from model unused struct
* Start adding option to get permissions by Action+Scope
* Wrong import
* Action and Scope
* slightly tweak users permissions actionPrefix query param validation logic
* Fix xor check
* Lint
* Account for suggeston
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Add search
* Remove comment on global scope
* use union all and update test to make it run on all dbs
* Fix MySQL needs a space
* Account for suggestion.
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
Co-authored-by: Joey Orlando <joseph.t.orlando@gmail.com>
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* chore: add alias for InitTestDB and Session
Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store.
* next pass of removing sqlstore imports
* last little bit
* remove mockstore where possible
* access control to log user name if it does not have permissions
* update ngalert Evaluator to accept user instead of creating a pseudo one
* update alerting eval (rule\query testing) API to provide the real user to the Evaluator
* update scheduler to create a pseudo user with proper permissions
* RBAC: Add cache for oss permissions
* RBAC: include service account actions
* RBAC: revert changes to fetch service account permissions
* Update comment for setting
* RBAC: Disable permission chache for tests
* RBAC: Remove service dependency for Evaluator component
* RBAC: Add service and load permissions in target org if they are not
there
* RBAC: Use service if we need to load permissions for org
* API: remove service injection into evaluator
* API: set new user for each request in tests
* PublicDashboards: Use fake service to provide permissions
* RBAC: Set org id for dashboard provisioning user
