Identity: Use typed version of namespace id (#87257)

* Remove different constructors and only use NewNamespaceID * AdminUser: check typed namespace id * Identity: Add convinient function to parse valid user id when type is either user or service account * Annotations: Use typed namespace id instead
2025-09-17 19:32:51 +08:00 · 2024-05-08 14:03:53 +02:00
parent d83cbe4d85
commit be5ced4287
17 changed files with 52 additions and 74 deletions
--- a/pkg/api/admin_users.go
+++ b/pkg/api/admin_users.go
@ -13,7 +13,7 @@ import (
 	"github.com/grafana/grafana/pkg/infra/metrics"
 	"github.com/grafana/grafana/pkg/services/accesscontrol"
 	"github.com/grafana/grafana/pkg/services/auth"
-	"github.com/grafana/grafana/pkg/services/auth/identity"
+	"github.com/grafana/grafana/pkg/services/authn"
 	contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
 	"github.com/grafana/grafana/pkg/services/login"
 	"github.com/grafana/grafana/pkg/services/org"
@ -366,15 +366,8 @@ func (hs *HTTPServer) AdminLogoutUser(c *contextmodel.ReqContext) response.Respo
 		return response.Error(http.StatusBadRequest, "id is invalid", err)
 	}

-	namespace, identifier := c.SignedInUser.GetNamespacedID()
-	if namespace == identity.NamespaceUser {
-		activeUserID, err := identity.IntIdentifier(namespace, identifier)
-		if err != nil {
-			return response.Error(http.StatusInternalServerError, "Failed to parse active user id", err)
-		}
-		if activeUserID == userID {
-			return response.Error(http.StatusBadRequest, "You cannot logout yourself", nil)
-		}
+	if c.SignedInUser.GetID() == authn.NewNamespaceID(authn.NamespaceUser, userID) {
+		return response.Error(http.StatusBadRequest, "You cannot logout yourself", nil)
 	}

 	return hs.logoutUserFromAllDevicesInternal(c.Req.Context(), userID)