This change adds support for disabling permissions without removing them
from roles. This allows users to revoke permissions while signaling to
apps that the permission should not be re-granted.
Key changes:
- Add disabled boolean field to RolespecPermission in CUE schema
- Update generated Go types for Role, CoreRole, and GlobalRole
- Add disabled column to permission table via migration
- Filter disabled permissions in Zanzana tuple conversion
- Filter disabled permissions in legacy RBAC queries
- Update SQL queries to persist and retrieve disabled field
When a permission has disabled: true:
- It remains visible in the role definition
- It is NOT written to Zanzana (authorization engine)
- It is NOT returned in RBAC permission queries
This prevents apps from re-granting permissions that users have
explicitly revoked, while maintaining visibility of the permission
in the role.
* Revert "chore: add replDB to team service (#91799)"
This reverts commit c6ae2d7999.
* Revert "experiment: use read replica for Get and Find Dashboards (#91706)"
This reverts commit 54177ca619.
* Revert "QuotaService: refactor to use ReplDB for Get queries (#91333)"
This reverts commit 299c142f6a.
* Revert "refactor replCfg to look more like plugins/plugin config (#91142)"
This reverts commit ac0b4bb34d.
* Revert "chore (replstore): fix registration with multiple sql drivers, again (#90990)"
This reverts commit daedb358dd.
* Revert "Chore (sqlstore): add validation and testing for repl config (#90683)"
This reverts commit af19f039b6.
* Revert "ReplStore: Add support for round robin load balancing between multiple read replicas (#90530)"
This reverts commit 27b52b1507.
* Revert "DashboardStore: Use ReplDB and get dashboard quotas from the ReadReplica (#90235)"
This reverts commit 8a6107cd35.
* Revert "accesscontrol service read replica (#89963)"
This reverts commit 77a4869fca.
* Revert "Fix: add mapping for the new mysqlRepl driver (#89551)"
This reverts commit ab5a079bcc.
* Revert "fix: sql instrumentation dual registration error (#89508)"
This reverts commit d988f5c3b0.
* Revert "Experimental Feature Toggle: databaseReadReplica (#89232)"
This reverts commit 50244ed4a1.
* Refactor identity struct to store type in separate field
* Update ResolveIdentity to take string representation of typedID
* Add IsIdentityType to requester interface
* Use IsIdentityType from interface
* Remove usage of TypedID
* Remote typedID struct
* fix GetInternalID
* include and resolve action sets when fetching user's permissions
* expand both action and action prefix (returns an empty set for the one that isn't specified)
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* if action is specified, check for exact match; also extend tests
* Bench testing search user perm
* Add BenchmarkSearchUsersPermissions_1K_1K
* Clarify benchmark searches by action prefix
* Make MySQL more efficient
* Move all filter options
* Expand after assignments union
* update comments
* Access control: Extend GetUserPermissions() to query permissions in specific org
* Use db query to fetch permissions in org
* refactor
* refactor
* use conditional join
* minor refactor
* Add test cases
* Search permissions correctly in OSS vs Enterprise
* Get permissions from memory
* Refactor
* remove unused func
* Add tests for GetUserPermissionsInOrg
* fix linter
* RBAC: Remove team permissions on delete
* Remove unecessary deletes from store function
* Nit on mock
* Add test to the database
* Nit on comment
* Add another test to check that other permissions remain
* AuthN: Save external services RBAC roles
* Add missing test
* Placing roles in the same group
* Split function to gen role and assignment
* add test case and comments
* Ensure we check external service roles are assigned once only
* Update pkg/services/accesscontrol/models_test.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* initial commit
* clean up
* fix a bug and add tests
* more tests
* undo some unintended changes
* undo some unintended changes
* linting
* PR feedback - add user ID to search options
* simplify the query
* Apply suggestions from code review
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* remove unneeded formatting changes
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* RBAC: add viewer grand if dspermissions enforcement is not enabled
* RBAC: Change permissions based on role prefix
* RBAC: Add option to for permission service to add a license middleware
* RBAC: Remove actions from query struct
* RBAC: Add an endpoint to see all user permissions
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
* Fix mock
* Add feature flag
* Fix merging
* Return normal permissions instead of simplified ones
* Fix test
* Fix tests
* Fix tests
* Create benchtests
* Split function to get basic roles
* Comments
* Reorg
* Add two more tests to the bench
* bench comment
* Re-ran the test
* Rename GetUsersPermissions to SearchUsersPermissions and prepare search options
* Remove from model unused struct
* Start adding option to get permissions by Action+Scope
* Wrong import
* Action and Scope
* slightly tweak users permissions actionPrefix query param validation logic
* Fix xor check
* Lint
* Account for suggeston
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* Add search
* Remove comment on global scope
* use union all and update test to make it run on all dbs
* Fix MySQL needs a space
* Account for suggestion.
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
Co-authored-by: Joey Orlando <joseph.t.orlando@gmail.com>
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
* chore: add alias for InitTestDB and Session
Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store.
* next pass of removing sqlstore imports
* last little bit
* remove mockstore where possible
* add users-manager command
* add users-manager command
* rename files
* refactor: imports and renaming
* Command: add conflict merge user command
- MergeUser will
- replace all user_ids from conflicting users to the chosen userId
- delete users whose user_ids are not the chosen user
- SameIdentification will
- update chosen user with chosen email,login details
- delete users whose user_ids are not the chosen user
* refactor: clean up
* refactor: create structure for read, validate, ingest
* feat: ls and generate-file for conflicting users
* remove usagestats
* added back pkg/services/login/authinfoservice/database/stats.go
* Revert "added back pkg/services/login/authinfoservice/database/stats.go"
This reverts commit 2ba6e3c4d6.
* Revert "remove usagestats"
This reverts commit 1e3fa97810.
* cherry pick
* Revert "cherry pick"
This reverts commit 461626c306.
* validation of picked merge user
* fix test
* make lint
* make test run
* tests for ingest working
* clean up and refactored to align with downstream refactoring
* formatting
* refactor: name list instead of ls
* fix: static lint error use trimprefix
* WIP: permissions for validation
* fix: remove unused functions in sqlstore
* fix: remove unused function
* handling of multiple users and resolve discarded users
* fix tests
* fix: bug that did not exclude the blocks
* ioutil is blacklisted
* WIP: validation
* tests for merging a user working
* add latest changes to output print
* refactor: removed conflictEmail and conflictLogin that was not used
* refactor: code clean up, showChanges working
* test and linting fixes
* test and linting fixes
* refactor: removed logging of config and added more info for vlidation command
* refactor: fix order of code
* fix time now
* refactor: no longer need for check casesensitive login/email
* removed unnessecary loop
* refactor: move functions around
* test: working
* docs: add docuemntationf for file
* Add failing test for generating the conflict login block
* Fix regex
* Fix some stuff/tests
Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
* add: docs for conflict file
* add: conflict_email, conflict_login fields
* add: conflict_email, conflict_login fields
* WIP
* fix: tests working as intended
* Update pkg/cmd/grafana-cli/commands/conflict_user_command.go
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* review comments
* Update pkg/cmd/grafana-cli/commands/conflict_user_command.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Update pkg/cmd/grafana-cli/commands/conflict_user_command.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* missspelling
* trailing new line
* update to use userimpl store
* remove newline
* remove newline
* refactor: initializing of resolver for conflicts
* fix: test sqlStore
* refactor: removed lines
* refactor: remove TODOs
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* Rename file to store
* Move resource permission specific database functions to
resourcepermissions package
* Wire: Remove interface bind
* RBAC: Remove injection of resourcepermission Store
* RBAC: Export store constructor
* Tests: Use resource permission package to initiate store used in tests
* RBAC: Remove internal types package and move to resourcepermissions
package
* RBAC: Run database tests as itegration tests
* RBAC: Add orgID to DeleteUserPermissions
* RBAC: Refactor query to delete all permissions in specified org, 0
deletes all permissions
* Delete user permission in org when user is removed
* Remove call to delete permissions in frontend
* Remove user permissions if removed orgs is detected during oauth sync
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* Copy delete user permission to access control service
* Update pkg/services/accesscontrol/database/database_test.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Move db package WIP
* Implement OSS access control
* Register OSS access control
* Fix linter error in tests
* Fix linter error in evaluator
* Simplify OSS tests
* Optimize builtin roles
* Chore: add comments to the exported functions
* Remove init from ossaccesscontrol package (moved to ext)
* Add access control as a dependency for http server
* Modify middleware to receive fallback function
* Middleware: refactor fallback function call
* Move unused models to enterprise
* Simplify AccessControl type
* Chore: use bool IsDisabled() method instead of CanBeDisabled interface
mohammad-hamid
Peter Štibraný
Ieva
Jeff Levin
Karl Persson
Ryan McKinley
Kristin Laemmert
Alexander Zobnin
Gabriel MABILLE
Eric Leijonmarck
lai
idafurjes