merge (#45335)

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

pkg/services/accesscontrol/ossaccesscontrol/ossaccesscontrol.go

@@ -4,19 +4,29 @@ import (
 	"context"
 	"errors"
 
+	"github.com/grafana/grafana/pkg/api/routing"
 	"github.com/grafana/grafana/pkg/infra/log"
 	"github.com/grafana/grafana/pkg/infra/metrics"
 	"github.com/grafana/grafana/pkg/infra/usagestats"
 	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/services/accesscontrol"
+	"github.com/grafana/grafana/pkg/services/accesscontrol/api"
 	"github.com/grafana/grafana/pkg/services/accesscontrol/resourceservices"
 	"github.com/grafana/grafana/pkg/services/featuremgmt"
 	"github.com/prometheus/client_golang/prometheus"
 )
 
-func ProvideService(features featuremgmt.FeatureToggles, usageStats usagestats.Service, provider accesscontrol.PermissionsProvider) *OSSAccessControlService {
+func ProvideService(features featuremgmt.FeatureToggles, usageStats usagestats.Service,
+	provider accesscontrol.PermissionsProvider, routeRegister routing.RouteRegister) *OSSAccessControlService {
 	s := ProvideOSSAccessControl(features, usageStats, provider)
 	s.registerUsageMetrics()
+	if !s.IsDisabled() {
+		api := api.AccessControlAPI{
+			RouteRegister: routeRegister,
+			AccessControl: s,
+		}
+		api.RegisterAPIEndpoints()
+	}
 	return s
 }
 
@@ -75,7 +85,7 @@ func (ac *OSSAccessControlService) Evaluate(ctx context.Context, user *models.Si
 	}
 
 	if _, ok := user.Permissions[user.OrgId]; !ok {
-		permissions, err := ac.GetUserPermissions(ctx, user)
+		permissions, err := ac.GetUserPermissions(ctx, user, accesscontrol.Options{ReloadCache: true})
 		if err != nil {
 			return false, err
 		}
@@ -96,7 +106,7 @@ func (ac *OSSAccessControlService) GetUserRoles(ctx context.Context, user *model
 }
 
 // GetUserPermissions returns user permissions based on built-in roles
-func (ac *OSSAccessControlService) GetUserPermissions(ctx context.Context, user *models.SignedInUser) ([]*accesscontrol.Permission, error) {
+func (ac *OSSAccessControlService) GetUserPermissions(ctx context.Context, user *models.SignedInUser, _ accesscontrol.Options) ([]*accesscontrol.Permission, error) {
 	timer := prometheus.NewTimer(metrics.MAccessPermissionsSummary)
 	defer timer.ObserveDuration()
 

pkg/services/accesscontrol/ossaccesscontrol/ossaccesscontrol_test.go

@@ -8,6 +8,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/grafana/grafana/pkg/api/routing"
 	"github.com/grafana/grafana/pkg/infra/log"
 	"github.com/grafana/grafana/pkg/infra/usagestats"
 	"github.com/grafana/grafana/pkg/models"
@@ -152,6 +153,7 @@ func TestUsageMetrics(t *testing.T) {
 				featuremgmt.WithFeatures("accesscontrol", tt.enabled),
 				&usagestats.UsageStatsMock{T: t},
 				database.ProvideService(sqlstore.InitTestDB(t)),
+				routing.NewRouteRegister(),
 			)
 			report, err := s.usageStats.GetUsageReport(context.Background())
 			assert.Nil(t, err)
@@ -543,7 +545,7 @@ func TestOSSAccessControlService_GetUserPermissions(t *testing.T) {
 			require.NoError(t, err)
 
 			// Test
-			userPerms, err := ac.GetUserPermissions(context.Background(), &tt.user)
+			userPerms, err := ac.GetUserPermissions(context.Background(), &tt.user, accesscontrol.Options{})
 			if tt.wantErr {
 				assert.Error(t, err, "Expected an error with GetUserPermissions.")
 				return