RBAC: Extract method from access control impl to a function in domain packge (#49947)

* Remove GetUserBuiltInRoles and create it as a util function in accesscontrol domain package
3 years ago · 896a101f48
parent 0e991461b0
commit 896a101f48
2 changed files with 20 additions and 19 deletions
--- a/pkg/services/accesscontrol/accesscontrol.go
+++ b/pkg/services/accesscontrol/accesscontrol.go
@ -259,3 +259,21 @@ func extractPrefixes(prefix string) (string, string, bool) {
 func IsDisabled(cfg *setting.Cfg) bool {
 	return !cfg.RBACEnabled
 }
+
+// GetOrgRoles returns legacy org roles for a user
+func GetOrgRoles(cfg *setting.Cfg, user *models.SignedInUser) []string {
+	roles := []string{string(user.OrgRole)}
+
+	// With built-in role simplifying, inheritance is performed upon role registration.
+	if cfg.RBACBuiltInRoleAssignmentEnabled {
+		for _, br := range user.OrgRole.Children() {
+			roles = append(roles, string(br))
+		}
+	}
+
+	if user.IsGrafanaAdmin {
+		roles = append(roles, RoleGrafanaAdmin)
+	}
+
+	return roles
+}
--- a/pkg/services/accesscontrol/ossaccesscontrol/ossaccesscontrol.go
+++ b/pkg/services/accesscontrol/ossaccesscontrol/ossaccesscontrol.go
@ -112,7 +112,7 @@ func (ac *OSSAccessControlService) GetUserPermissions(ctx context.Context, user
 	dbPermissions, err := ac.store.GetUserPermissions(ctx, accesscontrol.GetUserPermissionsQuery{
 		OrgID:   user.OrgId,
 		UserID:  user.UserId,
-		Roles:   ac.GetUserBuiltInRoles(user),
+		Roles:   accesscontrol.GetOrgRoles(ac.cfg, user),
 		Actions: append(TeamAdminActions, append(DashboardAdminActions, FolderAdminActions...)...),
 	})
 	if err != nil {
@ -137,7 +137,7 @@ func (ac *OSSAccessControlService) GetUserPermissions(ctx context.Context, user
 func (ac *OSSAccessControlService) getFixedPermissions(ctx context.Context, user *models.SignedInUser) []*accesscontrol.Permission {
 	permissions := make([]*accesscontrol.Permission, 0)

-	for _, builtin := range ac.GetUserBuiltInRoles(user) {
+	for _, builtin := range accesscontrol.GetOrgRoles(ac.cfg, user) {
 		if basicRole, ok := ac.roles[builtin]; ok {
 			for i := range basicRole.Permissions {
 				permissions = append(permissions, &basicRole.Permissions[i])
@ -148,23 +148,6 @@ func (ac *OSSAccessControlService) getFixedPermissions(ctx context.Context, user
 	return permissions
 }

-func (ac *OSSAccessControlService) GetUserBuiltInRoles(user *models.SignedInUser) []string {
-	builtInRoles := []string{string(user.OrgRole)}
-
-	// With built-in role simplifying, inheritance is performed upon role registration.
-	if ac.cfg.RBACBuiltInRoleAssignmentEnabled {
-		for _, br := range user.OrgRole.Children() {
-			builtInRoles = append(builtInRoles, string(br))
-		}
-	}
-
-	if user.IsGrafanaAdmin {
-		builtInRoles = append(builtInRoles, accesscontrol.RoleGrafanaAdmin)
-	}
-
-	return builtInRoles
-}
-
 // RegisterFixedRoles registers all declared roles in RAM
 func (ac *OSSAccessControlService) RegisterFixedRoles(ctx context.Context) error {
 	// If accesscontrol is disabled no need to register roles