public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

RBAC: Add and resolve action sets when searching user's permissions (#88694)

Browse Source 
* include and resolve action sets when fetching user's permissions

* expand both action and action prefix (returns an empty set for the one that isn't specified)
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* if action is specified, check for exact match; also extend tests
This commit is contained in:
Ieva
2024-06-12 11:20:19 +03:00
committed by GitHub
parent 12d5251c12
commit 34c40f959f
7 changed files with 189 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/services/accesscontrol/database/database.go
+16 -2
View File
@@ -228,10 +228,24 @@ func (s *AccessControlStore) SearchUsersPermissions(ctx context.Context, orgID i
if options.ActionPrefix != "" {
q += ` AND p.action LIKE ?`
params = append(params, options.ActionPrefix+"%")
if len(options.ActionSets) > 0 {
q += ` OR p.action IN ( ? ` + strings.Repeat(", ?", len(options.ActionSets)-1) + ")"
for _, a := range options.ActionSets {
params = append(params, a)
}
}
}
if options.Action != "" {
q += ` AND p.action = ?`
params = append(params, options.Action)
if len(options.ActionSets) == 0 {
q += ` AND p.action = ?`
params = append(params, options.Action)
} else {
actions := append(options.ActionSets, options.Action)
q += ` AND p.action IN ( ? ` + strings.Repeat(", ?", len(actions)-1) + ")"
for _, a := range actions {
params = append(params, a)
}
}
}
if options.Scope != "" {
// Search for scope and wildcard that include the scope