centralcloud/oncall-engine
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix refactored permissions sync (#4771)

Browse source
This commit is contained in:
Matias Bordese 2024-07-31 17:27:42 -03:00 committed by GitHub
parent b1708542c9
commit 85c63e7ba2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 14 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
engine/apps/auth_token/auth.py
View file

@ -11,7 +11,7 @@ from rest_framework.request import Request
from apps.api.permissions import GrafanaAPIPermission, LegacyAccessControlRole, RBACPermission, user_is_authorized
from apps.grafana_plugin.helpers.gcom import check_token
from apps.grafana_plugin.sync_data import SyncUser
from apps.grafana_plugin.sync_data import SyncPermission, SyncUser
from apps.user_management.exceptions import OrganizationDeletedException, OrganizationMovedException
from apps.user_management.models import User
from apps.user_management.models.organization import Organization
@ -165,6 +165,11 @@ class PluginAuthentication(BasePluginAuthentication):
except (ValueError, TypeError):
raise exceptions.AuthenticationFailed("User context must be JSON dict.")
if user_data:
permissions = []
if user_data.get("permissions"):
permissions = [
SyncPermission(action=permission["action"]) for permission in user_data["permissions"]
]
user_sync_data = SyncUser(
id=user_data["id"],
name=user_data["name"],
@ -172,7 +177,7 @@ class PluginAuthentication(BasePluginAuthentication):
email=user_data["email"],
role=user_data["role"],
avatar_url=user_data["avatar_url"],
permissions=user_data["permissions"] or [],
permissions=permissions,
teams=user_data.get("teams", None),
)
return get_or_create_user(organization, user_sync_data)

4
engine/apps/user_management/sync.py
View file

@ -121,7 +121,7 @@ def sync_users(client: GrafanaAPIClient, organization: Organization, **kwargs) -
role=user["role"],
avatar_url=user["avatarUrl"],
teams=None,
permissions=[SyncPermission(action=permission["permission"]) for permission in user["permissions"]],
permissions=[SyncPermission(action=permission["action"]) for permission in user["permissions"]],
)
for user in api_users
]
@ -328,7 +328,7 @@ def _sync_users_data(organization: Organization, sync_users: list[SyncUser], del
username=user.login,
role=getattr(LegacyAccessControlRole, user.role.upper(), LegacyAccessControlRole.NONE),
avatar_url=user.avatar_url,
permissions=user.permissions or [],
permissions=[{"action": permission.action} for permission in user.permissions] or [],
)
for user in sync_users
)

6
engine/apps/user_management/tests/test_sync.py
View file

@ -40,7 +40,7 @@ def patched_grafana_api_client(organization, is_rbac_enabled_for_organization=(F
"login": "test",
"role": "admin",
"avatarUrl": "test.test/test",
"permissions": [],
"permissions": [{"action": "permission:all"}] if is_rbac_enabled_for_organization[0] else [],
},
]
mock_client_instance.get_teams.return_value = (
@ -288,6 +288,8 @@ def test_sync_organization_is_rbac_permissions_enabled_open_source(
organization.refresh_from_db()
assert organization.is_rbac_permissions_enabled == expected
expected_permissions = [{"action": "permission:all"}] if is_rbac_enabled_for_organization[0] else []
assert organization.users.get().permissions == expected_permissions
@pytest.mark.parametrize(
@ -327,6 +329,8 @@ def test_sync_organization_is_rbac_permissions_enabled_cloud(
organization.refresh_from_db()
assert organization.is_rbac_permissions_enabled == org_is_rbac_permissions_enabled_expected_value
expected_permissions = [{"action": "permission:all"}] if grafana_api_response[0] else []
assert organization.users.get().permissions == expected_permissions
mock_gcom_client.return_value.is_stack_active.assert_called_once_with(stack_id)