authz: grant pending permissions in app layer
Created by: unknwon
This PR is part of #7878 (closed) and a follow up for #7754.
The primary change is to move all call sites of db.Authz.GrantPendingPermissions
to application layer, and are non-blocking when error occurs (i.e. log15.Error
not return err
). The reason I choose to make the error handling non-blocking is that failures of grant pending permissions are easily noticeable, and calls to db.Authz.GrantPendingPermissions
are idempotent (provided easy way to retry for admins in this PR, see bullet points 2.).
Notable improvements to existing implementation:
-
As @beyang suggested in #7754,
db.Authz.GrantPendingPermissions
now does verification of user information by itself, i.e. retrieve verified emails from DB directly instead of relying on the arguments, which offloads security concerns from the callers. - Grant pending permissions also happens when admin manually set a email to be verified (GQL API
setUserEmailVerified
). It is practically convenient feature that admin is able to retry easily when grant failed for whatever reason. -
db.Authz.GrantPendingPermissions
is now able to grant pending permissions for all verified emails for a user whenever possible to take care of any previous failures.
- Manually tested and unit tests are added.
- Unit tests for
enterprise/cmd/frontend/db/authz.go
and regression tests will be in follow up PR to make change set smaller.