Access control: Use ResolveIdentity() for authorizing in org (#85549)

* Access control: Use ResolveIdentity() for authorizing in org * Fix tests * Fix middleware tests * Use ResolveIdentity in HasGlobalAccess() function * remove makeTmpUser * Cleanup * Fix linter errors * Fix test build * Remove GetUserPermissionsInOrg()
2025-09-21 05:14:52 +08:00 · 2024-04-10 12:42:13 +02:00
parent ebb4bb859e
commit 3127566a20
15 changed files with 296 additions and 419 deletions
--- a/pkg/api/plugins.go
+++ b/pkg/api/plugins.go
@ -539,7 +539,7 @@ func (hs *HTTPServer) hasPluginRequestedPermissions(c *contextmodel.ReqContext,

 	hs.log.Debug("check installer's permissions, plugin wants to register an external service")
 	evaluator := evalAllPermissions(plugin.JSONData.IAM.Permissions)
-	hasAccess := ac.HasGlobalAccess(hs.AccessControl, hs.accesscontrolService, c)
+	hasAccess := ac.HasGlobalAccess(hs.AccessControl, hs.authnService, c)
 	if hs.Cfg.RBACSingleOrganization {
 		// In a single organization setup, no need for a global check
 		hasAccess = ac.HasAccess(hs.AccessControl, c)