AccessControl: Remove permissions on data source delete (#45504)
* AccessControl: Remove permissions on datasource delete * Ensure legacy behavior is preserved
This commit is contained in:
Gabriel MABILLE
GitHub
@@ -6,6 +6,7 @@ package sqlstore
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"strconv"
|
||||
"testing"
|
||||
"time"
|
||||
@@ -13,6 +14,7 @@ import (
|
||||
"github.com/grafana/grafana/pkg/bus"
|
||||
"github.com/grafana/grafana/pkg/events"
|
||||
"github.com/grafana/grafana/pkg/models"
|
||||
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
@@ -226,8 +228,10 @@ func TestDataAccess(t *testing.T) {
|
||||
sqlStore := InitTestDB(t)
|
||||
ds := initDatasource(sqlStore)
|
||||
|
||||
err := sqlStore.DeleteDataSource(context.Background(), &models.DeleteDataSourceCommand{ID: ds.Id, OrgID: 123123})
|
||||
err := sqlStore.DeleteDataSource(context.Background(),
|
||||
&models.DeleteDataSourceCommand{ID: ds.Id, OrgID: 123123})
|
||||
require.NoError(t, err)
|
||||
|
||||
query := models.GetDataSourcesQuery{OrgId: 10}
|
||||
err = sqlStore.GetDataSources(context.Background(), &query)
|
||||
require.NoError(t, err)
|
||||
@@ -246,7 +250,8 @@ func TestDataAccess(t *testing.T) {
|
||||
return nil
|
||||
})
|
||||
|
||||
err := sqlStore.DeleteDataSource(context.Background(), &models.DeleteDataSourceCommand{ID: ds.Id, UID: "nisse-uid", Name: "nisse", OrgID: 123123})
|
||||
err := sqlStore.DeleteDataSource(context.Background(),
|
||||
&models.DeleteDataSourceCommand{ID: ds.Id, UID: "nisse-uid", Name: "nisse", OrgID: int64(123123)})
|
||||
require.NoError(t, err)
|
||||
|
||||
require.Eventually(t, func() bool {
|
||||
@@ -273,6 +278,42 @@ func TestDataAccess(t *testing.T) {
|
||||
require.Equal(t, 0, len(query.Result))
|
||||
})
|
||||
|
||||
t.Run("DeleteDataSourceAccessControlPermissions", func(t *testing.T) {
|
||||
sqlStore := InitTestDB(t)
|
||||
ds := initDatasource(sqlStore)
|
||||
|
||||
// Init associated permission
|
||||
errAddPermissions := sqlStore.WithTransactionalDbSession(context.TODO(), func(sess *DBSession) error {
|
||||
_, err := sess.Table("permission").Insert(ac.Permission{
|
||||
RoleID: 1,
|
||||
Action: "datasources:read",
|
||||
Scope: ac.Scope("datasources", "id", fmt.Sprintf("%d", ds.Id)),
|
||||
Updated: time.Now(),
|
||||
Created: time.Now(),
|
||||
})
|
||||
return err
|
||||
})
|
||||
require.NoError(t, errAddPermissions)
|
||||
query := models.GetDataSourcesQuery{OrgId: 10}
|
||||
|
||||
errDeletingDS := sqlStore.DeleteDataSource(context.Background(),
|
||||
&models.DeleteDataSourceCommand{Name: ds.Name, OrgID: ds.OrgId},
|
||||
)
|
||||
require.NoError(t, errDeletingDS)
|
||||
|
||||
// Check associated permission
|
||||
permCount := int64(0)
|
||||
errGetPermissions := sqlStore.WithTransactionalDbSession(context.TODO(), func(sess *DBSession) error {
|
||||
var err error
|
||||
permCount, err = sess.Table("permission").Count()
|
||||
return err
|
||||
})
|
||||
require.NoError(t, errGetPermissions)
|
||||
require.Zero(t, permCount, "permissions associated to the data source should have been removed")
|
||||
|
||||
require.Equal(t, 0, len(query.Result))
|
||||
})
|
||||
|
||||
t.Run("GetDataSources", func(t *testing.T) {
|
||||
t.Run("Number of data sources returned limited to 6 per organization", func(t *testing.T) {
|
||||
sqlStore := InitTestDB(t)
|
||||
|
||||
Reference in New Issue
Block a user