public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

RBAC: Search endpoint support wildcards (#80383)

Browse Source 
* RBAC: Search endpoint support wildcards

* Allow wildcard filter with RAM permissions as well
This commit is contained in:
Gabriel MABILLE
2024-01-17 17:07:47 +01:00
committed by GitHub
parent c27bee567f
commit dce9d1e87c
5 changed files with 65 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/services/accesscontrol/database/database_test.go
+14
View File
@@ -526,6 +526,20 @@ func TestIntegrationAccessControlStore_SearchUsersPermissions(t *testing.T) {
{Action: "teams:write", Scope: "teams:id:1"},
}},
},
{
name: "user assignment by scope",
users: []testUser{{orgRole: org.RoleAdmin, isAdmin: false}},
permCmds: []rs.SetResourcePermissionsCommand{
{User: accesscontrol.User{ID: 1, IsExternal: false}, SetResourcePermissionCommand: readTeamPerm("*")}, // hack to have a global permission
{User: accesscontrol.User{ID: 1, IsExternal: false}, SetResourcePermissionCommand: writeTeamPerm("1")},
},
options: accesscontrol.SearchOptions{Scope: "teams:id:1"},
wantPerm: map[int64][]accesscontrol.Permission{1: {
{Action: "teams:read", Scope: "teams:id:*"},
{Action: "teams:read", Scope: "teams:id:1"},
{Action: "teams:write", Scope: "teams:id:1"},
}},
},
{
name: "user assignment by action and scope",
users: []testUser{{orgRole: org.RoleAdmin, isAdmin: false}},