Access Control: Add fine-grained access control to GET stats and settings handlers (#35622)

* add accesscontrol action for stats read * use accesscontrol middleware for stats route * add fixed role with permissions to read sever stats * add accesscontrol action for settings read * use accesscontrol middleware for settings route * add fixed role with permissions to read settings * add accesscontrol tests for AdminGetSettings and AdminGetStats * add ability to scope settings * add tests for AdminGetSettings
2025-07-29 15:02:28 +08:00 · 2021-06-14 17:36:48 +02:00
parent 74a6e6d973
commit 395b942134
10 changed files with 292 additions and 22 deletions
--- a/pkg/api/ldap_debug_test.go
+++ b/pkg/api/ldap_debug_test.go
@ -581,16 +581,8 @@ func TestPostSyncUserWithLDAPAPIEndpoint_WhenUserNotInLDAP(t *testing.T) {
 // Access control tests for ldap endpoints
 // ***

-type ldapAccessControlTestCase struct {
-	expectedCode int
-	desc         string
-	url          string
-	method       string
-	permissions  []*accesscontrol.Permission
-}
-
 func TestLDAP_AccessControl(t *testing.T) {
-	tests := []ldapAccessControlTestCase{
+	tests := []accessControlTestCase{
 		{
 			url:          "/api/admin/ldap/reload",
 			method:       http.MethodPost,
@ -667,8 +659,6 @@ func TestLDAP_AccessControl(t *testing.T) {

 	for _, test := range tests {
 		t.Run(test.desc, func(t *testing.T) {
-			t.Helper()
-
 			enabled := setting.LDAPEnabled
 			configFile := setting.LDAPConfigFile

@ -685,7 +675,7 @@ func TestLDAP_AccessControl(t *testing.T) {
 			cfg := setting.NewCfg()
 			cfg.LDAPEnabled = true

-			sc := setupAccessControlScenarioContext(t, cfg, test.url, test.permissions)
+			sc, _ := setupAccessControlScenarioContext(t, cfg, test.url, test.permissions)
 			sc.resp = httptest.NewRecorder()
 			sc.req, err = http.NewRequest(test.method, test.url, nil)
 			assert.NoError(t, err)