fix(influxdb): revert functionality added in pr#10947

CHANGELOG.md

@@ -6,6 +6,7 @@
 
 ## Bug Fixes
 1. [11678](https://github.com/influxdata/influxdb/pull/11678): Update the System Telegraf Plugin bundle to include the swap plugin
+1. [11722](https://github.com/influxdata/influxdb/pull/11722): Revert behavior allowing users to create authorizations on behalf of another user
 
 ## UI Improvements
 1. [11683](https://github.com/influxdata/influxdb/pull/11683): Change the wording for the plugin config form button to Done

cmd/influx/authorization.go

@@ -228,23 +228,6 @@ func authorizationCreateF(cmd *cobra.Command, args []string) error {
 		OrgID:       o.ID,
 	}
 
-	if authorizationCreateFlags.user != "" {
-		// if the user flag is supplied, then set the user ID explicitly on the request
-		userSvc, err := newUserService(flags)
-		if err != nil {
-			return err
-		}
-		userFilter := platform.UserFilter{
-			Name: &authorizationCreateFlags.user,
-		}
-		user, err := userSvc.FindUser(context.Background(), userFilter)
-		if err != nil {
-			return err
-		}
-
-		authorization.UserID = user.ID
-	}
-
 	s, err := newAuthorizationService(flags)
 	if err != nil {
 		return err

http/auth_service.go

@@ -188,25 +188,10 @@ func (h *AuthorizationHandler) handlePostAuthorization(w http.ResponseWriter, r
 		return
 	}
 
-	var user *platform.User
-	// allow the user id to be specified optionally, if it is not set
-	// we use the id from the authorizer
-	if req.UserID == nil {
-		u, err := getAuthorizedUser(r, h.UserService)
-		if err != nil {
-			EncodeError(ctx, platform.ErrUnableToCreateToken, w)
-			return
-		}
-
-		user = u
-	} else {
-		u, err := h.UserService.FindUserByID(ctx, *req.UserID)
-		if err != nil {
-			EncodeError(ctx, platform.ErrUnableToCreateToken, w)
-			return
-		}
-
-		user = u
+	user, err := getAuthorizedUser(r, h.UserService)
+	if err != nil {
+		EncodeError(ctx, platform.ErrUnableToCreateToken, w)
+		return
 	}
 
 	auth := req.toPlatform(user.ID)

http/auth_test.go

@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"go.uber.org/zap"
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"testing"
 
+	"go.uber.org/zap"
+
 	platform "github.com/influxdata/influxdb"
 	pcontext "github.com/influxdata/influxdb/context"
 	"github.com/influxdata/influxdb/inmem"
@@ -522,119 +523,6 @@ func TestService_handlePostAuthorization(t *testing.T) {
 `,
 			},
 		},
-		{
-			name: "create a new authorization with user id set explicitly",
-			fields: fields{
-				AuthorizationService: &mock.AuthorizationService{
-					CreateAuthorizationFn: func(ctx context.Context, c *platform.Authorization) error {
-						c.ID = platformtesting.MustIDBase16("020f755c3c082000")
-						c.Token = "new-test-token"
-						return nil
-					},
-				},
-				UserService: &mock.UserService{
-					FindUserByIDFn: func(ctx context.Context, id platform.ID) (*platform.User, error) {
-						if !id.Valid() {
-							return nil, &platform.Error{
-								Code: platform.EInvalid,
-								Msg:  "invalid user id",
-							}
-						}
-						return &platform.User{
-							ID:   id,
-							Name: "u1",
-						}, nil
-					},
-				},
-				OrganizationService: &mock.OrganizationService{
-					FindOrganizationByIDF: func(ctx context.Context, id platform.ID) (*platform.Organization, error) {
-						if !id.Valid() {
-							return nil, &platform.Error{
-								Code: platform.EInvalid,
-								Msg:  "invalid org ID",
-							}
-						}
-						return &platform.Organization{
-							ID:   id,
-							Name: "o1",
-						}, nil
-					},
-				},
-				LookupService: &mock.LookupService{
-					NameFn: func(ctx context.Context, resource platform.ResourceType, id platform.ID) (string, error) {
-						switch resource {
-						case platform.BucketsResourceType:
-							return "b1", nil
-						case platform.OrgsResourceType:
-							return "o1", nil
-						}
-						return "", fmt.Errorf("bad resource type %s", resource)
-					},
-				},
-			},
-			args: args{
-				session: &platform.Authorization{
-					Token:       "session-token",
-					ID:          platformtesting.MustIDBase16("020f755c3c082000"),
-					UserID:      platformtesting.MustIDBase16("aaaaaaaaaaaaaaaa"),
-					OrgID:       platformtesting.MustIDBase16("020f755c3c083000"),
-					Description: "can write to authorization resource",
-					Permissions: []platform.Permission{
-						{
-							Action: platform.WriteAction,
-							Resource: platform.Resource{
-								Type: platform.AuthorizationsResourceType,
-							},
-						},
-					},
-				},
-				authorization: &platform.Authorization{
-					ID:          platformtesting.MustIDBase16("020f755c3c082000"),
-					UserID:      platformtesting.MustIDBase16("bbbbbbbbbbbbbbbb"),
-					OrgID:       platformtesting.MustIDBase16("020f755c3c083000"),
-					Description: "only read dashboards sucka",
-					Permissions: []platform.Permission{
-						{
-							Action: platform.ReadAction,
-							Resource: platform.Resource{
-								Type:  platform.DashboardsResourceType,
-								OrgID: platformtesting.IDPtr(platformtesting.MustIDBase16("020f755c3c083000")),
-							},
-						},
-					},
-				},
-			},
-			wants: wants{
-				statusCode:  http.StatusCreated,
-				contentType: "application/json; charset=utf-8",
-				body: `
-{
-  "links": {
-    "user": "/api/v2/users/bbbbbbbbbbbbbbbb",
-    "self": "/api/v2/authorizations/020f755c3c082000"
-  },
-  "id": "020f755c3c082000",
-  "user": "u1",
-  "userID": "bbbbbbbbbbbbbbbb",
-  "orgID": "020f755c3c083000",
-  "org": "o1",
-  "token": "new-test-token",
-  "status": "active",
-  "description": "only read dashboards sucka",
-  "permissions": [
-    {
-      "action": "read",
-			"resource": {
-				"type": "dashboards",
-				"orgID": "020f755c3c083000",
-				"org": "o1"
-			}
-    }
-	]
-}
-	`,
-			},
-		},
 	}
 
 	for _, tt := range tests {