Revert "AccessControl: Implement a way to register fixed roles (#35641)" (#37397)

This reverts commit 88c11f1cc0.

pkg/services/accesscontrol/ossaccesscontrol/ossaccesscontrol.go

@@ -15,10 +15,9 @@ import (
 
 // OSSAccessControlService is the service implementing role based access control.
 type OSSAccessControlService struct {
-	Cfg           *setting.Cfg          `inject:""`
-	UsageStats    usagestats.UsageStats `inject:""`
-	Log           log.Logger
-	registrations accesscontrol.RegistrationList
+	Cfg        *setting.Cfg          `inject:""`
+	UsageStats usagestats.UsageStats `inject:""`
+	Log        log.Logger
 }
 
 // Init initializes the OSSAccessControlService.
@@ -70,11 +69,11 @@ func (ac *OSSAccessControlService) GetUserPermissions(ctx context.Context, user
 	for _, builtin := range builtinRoles {
 		if roleNames, ok := accesscontrol.FixedRoleGrants[builtin]; ok {
 			for _, name := range roleNames {
-				role, exists := accesscontrol.FixedRoles[name]
+				r, exists := accesscontrol.FixedRoles[name]
 				if !exists {
 					continue
 				}
-				for _, p := range role.Permissions {
+				for _, p := range r.Permissions {
 					permission := p
 					permissions = append(permissions, &permission)
 				}
@@ -96,82 +95,3 @@ func (ac *OSSAccessControlService) GetUserBuiltInRoles(user *models.SignedInUser
 
 	return roles
 }
-
-func (ac *OSSAccessControlService) saveFixedRole(role accesscontrol.RoleDTO) {
-	if storedRole, ok := accesscontrol.FixedRoles[role.Name]; ok {
-		// If a package wants to override another package's role, the version
-		// needs to be increased. Hence, we don't overwrite a role with a
-		// greater version.
-		if storedRole.Version >= role.Version {
-			log.Debugf("role %v has already been stored in a greater version, skipping registration", role.Name)
-			return
-		}
-	}
-	// Save role
-	accesscontrol.FixedRoles[role.Name] = role
-}
-
-func (ac *OSSAccessControlService) assignFixedRole(role accesscontrol.RoleDTO, builtInRoles []string) {
-	for _, builtInRole := range builtInRoles {
-		// Only record new assignments
-		alreadyAssigned := false
-		assignments, ok := accesscontrol.FixedRoleGrants[builtInRole]
-		if ok {
-			for _, assignedRole := range assignments {
-				if assignedRole == role.Name {
-					log.Debugf("role %v has already been assigned to %v", role.Name, builtInRole)
-					alreadyAssigned = true
-				}
-			}
-		}
-		if !alreadyAssigned {
-			assignments = append(assignments, role.Name)
-			accesscontrol.FixedRoleGrants[builtInRole] = assignments
-		}
-	}
-}
-
-// RegisterFixedRoles registers all declared roles in RAM
-func (ac *OSSAccessControlService) RegisterFixedRoles() error {
-	// If accesscontrol is disabled no need to register roles
-	if ac.IsDisabled() {
-		return nil
-	}
-	var err error
-	ac.registrations.Range(func(registration accesscontrol.RoleRegistration) bool {
-		ac.registerFixedRole(registration.Role, registration.Grants)
-		return true
-	})
-	return err
-}
-
-// RegisterFixedRole saves a fixed role and assigns it to built-in roles
-func (ac *OSSAccessControlService) registerFixedRole(role accesscontrol.RoleDTO, builtInRoles []string) {
-	ac.saveFixedRole(role)
-	ac.assignFixedRole(role, builtInRoles)
-}
-
-// DeclareFixedRoles allow the caller to declare, to the service, fixed roles and their assignments
-// to organization roles ("Viewer", "Editor", "Admin") or "Grafana Admin"
-func (ac *OSSAccessControlService) DeclareFixedRoles(registrations ...accesscontrol.RoleRegistration) error {
-	// If accesscontrol is disabled no need to register roles
-	if ac.IsDisabled() {
-		return nil
-	}
-
-	for _, r := range registrations {
-		err := accesscontrol.ValidateFixedRole(r.Role)
-		if err != nil {
-			return err
-		}
-
-		err = accesscontrol.ValidateBuiltInRoles(r.Grants)
-		if err != nil {
-			return err
-		}
-
-		ac.registrations.Append(r)
-	}
-
-	return nil
-}