public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

RBAC: Move resource permissions store to service package (#53815)

Browse Source 
* Rename file to store

* Move resource permission specific database functions to
resourcepermissions package

* Wire: Remove interface bind

* RBAC: Remove injection of resourcepermission Store

* RBAC: Export store constructor

* Tests: Use resource permission package to initiate store used in tests

* RBAC: Remove internal types package and move to resourcepermissions
package

* RBAC: Run database tests as itegration tests
This commit is contained in:
Karl Persson
2022-08-18 09:43:45 +02:00
committed by GitHub
parent 83f8da2e02
commit 1b933ff3ed
18 changed files with 177 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/tests/api/alerting/api_prometheus_test.go
+6 -7
View File
@@ -16,8 +16,7 @@ import (
"github.com/stretchr/testify/require"
"github.com/grafana/grafana/pkg/services/accesscontrol"
acdb "github.com/grafana/grafana/pkg/services/accesscontrol/database"
"github.com/grafana/grafana/pkg/services/accesscontrol/resourcepermissions/types"
"github.com/grafana/grafana/pkg/services/accesscontrol/resourcepermissions"
apimodels "github.com/grafana/grafana/pkg/services/ngalert/api/tooling/definitions"
ngmodels "github.com/grafana/grafana/pkg/services/ngalert/models"
"github.com/grafana/grafana/pkg/services/org"
@@ -633,7 +632,7 @@ func TestPrometheusRulesPermissions(t *testing.T) {
apiClient := newAlertingApiClient(grafanaListedAddr, "grafana", "password")
// access control permissions store
permissionsStore := acdb.ProvideService(store)
permissionsStore := resourcepermissions.NewStore(store)
// Create the namespace we'll save our alerts to.
apiClient.CreateFolder(t, "folder1", "folder1")
@@ -726,17 +725,17 @@ func TestPrometheusRulesPermissions(t *testing.T) {
}
}
func removeFolderPermission(t *testing.T, store *acdb.AccessControlStore, orgID, userID int64, role org.RoleType, uid string) {
func removeFolderPermission(t *testing.T, store resourcepermissions.Store, orgID, userID int64, role org.RoleType, uid string) {
t.Helper()
// remove user permissions on folder
_, _ = store.SetUserResourcePermission(context.Background(), orgID, accesscontrol.User{ID: userID}, types.SetResourcePermissionCommand{
_, _ = store.SetUserResourcePermission(context.Background(), orgID, accesscontrol.User{ID: userID}, resourcepermissions.SetResourcePermissionCommand{
Resource: "folders",
ResourceID: uid,
ResourceAttribute: "uid",
}, nil)
// remove org role permissions from folder
_, _ = store.SetBuiltInResourcePermission(context.Background(), orgID, string(role), types.SetResourcePermissionCommand{
_, _ = store.SetBuiltInResourcePermission(context.Background(), orgID, string(role), resourcepermissions.SetResourcePermissionCommand{
Resource: "folders",
ResourceID: uid,
ResourceAttribute: "uid",
@@ -744,7 +743,7 @@ func removeFolderPermission(t *testing.T, store *acdb.AccessControlStore, orgID,
// remove org role children permissions from folder
for _, c := range role.Children() {
_, _ = store.SetBuiltInResourcePermission(context.Background(), orgID, string(c), types.SetResourcePermissionCommand{
_, _ = store.SetBuiltInResourcePermission(context.Background(), orgID, string(c), resourcepermissions.SetResourcePermissionCommand{
Resource: "folders",
ResourceID: uid,
ResourceAttribute: "uid",