Change functions for access control (#3184)

# What this PR does Update calls used for access control to match changes in Grafana: https://github.com/grafana/grafana/pull/76187 https://github.com/grafana/grafana/pull/76237 ## Which issue(s) this PR fixes ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated - [x] Documentation added (or `pr:no public docs` PR label added if not required) - [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not required)
2023-10-23 15:58:45 -06:00 · 2023-10-23 15:58:45 -06:00 · 0d22ae7e53
commit 0d22ae7e53
parent c0318b55c0
6 changed files with 18 additions and 17 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 - Discard old pending network requests in the UI (Users/Schedules) [#3172](https://github.com/grafana/oncall/pull/3172)
 - Fix resolution note source for mobile app by @vadimkerr ([#3174](https://github.com/grafana/oncall/pull/3174))
+- Fix references to removed access control functions in Grafana @mderynck ([#3184](https://github.com/grafana/oncall/pull/3184))

 ## v1.3.45 (2023-10-19)

--- a/grafana-plugin/src/components/Unauthorized/Unauthorized.test.tsx
+++ b/grafana-plugin/src/components/Unauthorized/Unauthorized.test.tsx
@ -14,7 +14,7 @@ jest.mock('grafana/app/core/core', () => ({

 describe('Unauthorized', () => {
  test.each([true, false])('renders properly - access control enabled: %s', (accessControlEnabled) => {
-    contextSrv.accessControlEnabled = () => accessControlEnabled;
+    contextSrv.licensedAccessControlEnabled = () => accessControlEnabled;
    const tree = renderer
      .create(
        <Unauthorized
@ -31,7 +31,7 @@ describe('Unauthorized', () => {
  test.each([OrgRole.Admin, OrgRole.Editor, OrgRole.Viewer])(
    'renders properly the grammar for different roles - %s',
    (role) => {
-      contextSrv.accessControlEnabled = () => false;
+      contextSrv.licensedAccessControlEnabled = () => false;
      const tree = renderer
        .create(
          <Unauthorized
--- a/grafana-plugin/src/components/Unauthorized/index.tsx
+++ b/grafana-plugin/src/components/Unauthorized/index.tsx
@ -24,7 +24,7 @@ const Unauthorized: FC<Props> = ({ requiredUserAction: { permission, fallbackMin
      </Text.Title>
      <Text.Title level={4}>
        You do not have access to view this page.{' '}
-        {contextSrv.accessControlEnabled()
+        {contextSrv.licensedAccessControlEnabled()
          ? `You are missing the ${permission} permission.`
          : `You must be at least a${
              fallbackMinimumRoleRequired === OrgRole.Viewer ? '' : 'n'
--- a/grafana-plugin/src/index.d.ts
+++ b/grafana-plugin/src/index.d.ts
@ -27,7 +27,7 @@ declare module 'grafana/app/core/core' {
      permissions?: Record<string, boolean>;
    };

-    hasAccess(action: string, fallBack: boolean): boolean;
-    accessControlEnabled(): boolean;
+    hasPermission(action: string): boolean;
+    licensedAccessControlEnabled(): boolean;
  };
 }
--- a/grafana-plugin/src/state/rootBaseStore/index.ts
+++ b/grafana-plugin/src/state/rootBaseStore/index.ts
@ -1,4 +1,3 @@
-import { OrgRole } from '@grafana/data';
 import { locationService } from '@grafana/runtime';
 import { contextSrv } from 'grafana/app/core/core';
 import { action, observable } from 'mobx';
@ -204,11 +203,13 @@ export class RootBaseStore {
        '😞 Grafana OnCall is available for authorized users only, please sign in to proceed.'
      );
    }
+
    // If the plugin is not installed in the OnCall backend, or token is not valid, then we need to install it
    if (!is_installed || !token_ok) {
      if (!allow_signup) {
        return this.setupPluginError('🚫 OnCall has temporarily disabled signup of new users. Please try again later.');
      }
+
      const missingPermissions = this.checkMissingSetupPermissions();
      if (missingPermissions.length === 0) {
        try {
@ -225,7 +226,7 @@ export class RootBaseStore {
          );
        }
      } else {
-        if (contextSrv.accessControlEnabled()) {
+        if (contextSrv.licensedAccessControlEnabled()) {
          return this.setupPluginError(
            '🚫 User is missing permission(s) ' +
              missingPermissions.join(', ') +
@ -254,7 +255,6 @@ export class RootBaseStore {
  }

  checkMissingSetupPermissions() {
-    const fallback = contextSrv.user.orgRole === OrgRole.Admin && !contextSrv.accessControlEnabled();
    const setupRequiredPermissions = [
      'plugins:write',
      'org.users:read',
@ -263,7 +263,7 @@ export class RootBaseStore {
      'apikeys:delete',
    ];
    return setupRequiredPermissions.filter(function (permission) {
-      return !contextSrv.hasAccess(permission, fallback);
+      return !contextSrv.hasPermission(permission);
    });
  }

--- a/grafana-plugin/src/state/rootBaseStore/rootBaseStore.test.ts
+++ b/grafana-plugin/src/state/rootBaseStore/rootBaseStore.test.ts
@ -142,8 +142,8 @@ describe('rootBaseStore', () => {
    const rootBaseStore = new RootBaseStore();

    contextSrv.user.orgRole = OrgRole.Viewer;
-    contextSrv.accessControlEnabled = jest.fn().mockReturnValue(false);
-    contextSrv.hasAccess = jest.fn().mockReturnValue(false);
+    contextSrv.licensedAccessControlEnabled = jest.fn().mockReturnValue(false);
+    contextSrv.hasPermission = jest.fn().mockReturnValue(false);

    PluginState.updatePluginStatus = jest.fn().mockResolvedValueOnce({
      is_user_anonymous: false,
@ -180,8 +180,8 @@ describe('rootBaseStore', () => {
    const mockedLoadCurrentUser = jest.fn();

    contextSrv.user.orgRole = OrgRole.Admin;
-    contextSrv.accessControlEnabled = jest.fn().mockResolvedValueOnce(false);
-    contextSrv.hasAccess = jest.fn().mockReturnValue(true);
+    contextSrv.licensedAccessControlEnabled = jest.fn().mockResolvedValueOnce(false);
+    contextSrv.hasPermission = jest.fn().mockReturnValue(true);

    PluginState.updatePluginStatus = jest.fn().mockResolvedValueOnce({
      ...scenario,
@ -218,14 +218,14 @@ describe('rootBaseStore', () => {
      missing_permissions: ['plugins:write', 'org.users:read', 'teams:read', 'apikeys:create', 'apikeys:delete'],
      expected_result: false,
    },
-  ])('signup is allowed, accessControlEnabled, various roles and permissions', async (scenario) => {
+  ])('signup is allowed, licensedAccessControlEnabled, various roles and permissions', async (scenario) => {
    // mocks/setup
    const onCallApiUrl = 'http://asdfasdf.com';
    const rootBaseStore = new RootBaseStore();
    const mockedLoadCurrentUser = jest.fn();

    contextSrv.user.orgRole = scenario.role;
-    contextSrv.accessControlEnabled = jest.fn().mockReturnValue(true);
+    contextSrv.licensedAccessControlEnabled = jest.fn().mockReturnValue(true);
    rootBaseStore.checkMissingSetupPermissions = jest.fn().mockImplementation(() => scenario.missing_permissions);

    PluginState.updatePluginStatus = jest.fn().mockResolvedValueOnce({
@ -268,8 +268,8 @@ describe('rootBaseStore', () => {
    const humanReadableErrorMsg = 'asdfasldkfjaksdjflk';

    contextSrv.user.orgRole = OrgRole.Admin;
-    contextSrv.accessControlEnabled = jest.fn().mockReturnValue(false);
-    contextSrv.hasAccess = jest.fn().mockReturnValue(true);
+    contextSrv.licensedAccessControlEnabled = jest.fn().mockReturnValue(false);
+    contextSrv.hasPermission = jest.fn().mockReturnValue(true);

    PluginState.updatePluginStatus = jest.fn().mockResolvedValueOnce({
      is_user_anonymous: false,