authz: grant pending permissions in app layer
Created by: unknwon
This PR is part of #7878 and a follow up for #7754.
The primary change is to move all call sites of db.Authz.GrantPendingPermissions to application layer, and are non-blocking when error occurs (i.e. log15.Error not return err). The reason I choose to make the error handling non-blocking is that failures of grant pending permissions are easily noticeable, and calls to db.Authz.GrantPendingPermissions are idempotent (provided easy way to retry for admins in this PR, see bullet points 2.).
Notable improvements to existing implementation:
-
As @beyang suggested in #7754,
db.Authz.GrantPendingPermissionsnow does verification of user information by itself, i.e. retrieve verified emails from DB directly instead of relying on the arguments, which offloads security concerns from the callers. - Grant pending permissions also happens when admin manually set a email to be verified (GQL API
setUserEmailVerified). It is practically convenient feature that admin is able to retry easily when grant failed for whatever reason. -
db.Authz.GrantPendingPermissionsis now able to grant pending permissions for all verified emails for a user whenever possible to take care of any previous failures.
- Manually tested and unit tests are added.
- Unit tests for
enterprise/cmd/frontend/db/authz.goand regression tests will be in follow up PR to make change set smaller.