fix: auth requests use org and user names if present

CHANGELOG.md

@@ -7,6 +7,7 @@
 1. [22245](https://github.com/influxdata/influxdb/pull/22245): Avoid compaction queue stats flutter
 1. [22236](https://github.com/influxdata/influxdb/pull/22236): influxdb2 packages should depend on curl
 1. [22243](https://github.com/influxdata/influxdb/pull/22243): Updating an inactive task will not schedule it. Thanks @raffs!
+1. [22278](https://github.com/influxdata/influxdb/pull/22278): Requests to `/api/v2/authorizations` filter correctly on `org` and `user` parameters
 
 ## v2.0.8 [2021-08-13]
 ----------------------

authorization/http_server.go

@@ -388,17 +388,9 @@ func (h *AuthHandler) handleGetAuthorizations(w http.ResponseWriter, r *http.Req
 		return
 	}
 
-	opts := influxdb.FindOptions{}
-	as, _, err := h.authSvc.FindAuthorizations(ctx, req.filter, opts)
-
-	if err != nil {
-		h.api.Err(w, r, err)
-		return
-	}
-
 	f := req.filter
-	// If the user or org name was provided, look up the ID first
-	if f.User != nil {
+	// Look up user ID and org ID if they were not provided, but names were
+	if f.UserID == nil && f.User != nil {
 		u, err := h.tenantService.FindUser(ctx, influxdb.UserFilter{Name: f.User})
 		if err != nil {
 			h.api.Err(w, r, err)
@@ -407,7 +399,7 @@ func (h *AuthHandler) handleGetAuthorizations(w http.ResponseWriter, r *http.Req
 		f.UserID = &u.ID
 	}
 
-	if f.Org != nil {
+	if f.OrgID == nil && f.Org != nil {
 		o, err := h.tenantService.FindOrganization(ctx, influxdb.OrganizationFilter{Name: f.Org})
 		if err != nil {
 			h.api.Err(w, r, err)
@@ -416,6 +408,14 @@ func (h *AuthHandler) handleGetAuthorizations(w http.ResponseWriter, r *http.Req
 		f.OrgID = &o.ID
 	}
 
+	opts := influxdb.FindOptions{}
+	as, _, err := h.authSvc.FindAuthorizations(ctx, f, opts)
+
+	if err != nil {
+		h.api.Err(w, r, err)
+		return
+	}
+
 	auths := make([]*authResponse, 0, len(as))
 	for _, a := range as {
 		ps, err := h.newPermissionsResponse(ctx, a.Permissions)

authorization/http_server_test.go

@@ -22,6 +22,7 @@ import (
 	"github.com/influxdata/influxdb/v2/kv/migration/all"
 	"github.com/influxdata/influxdb/v2/mock"
 	itesting "github.com/influxdata/influxdb/v2/testing"
+	"github.com/stretchr/testify/require"
 	"go.uber.org/zap/zaptest"
 )
 
@@ -391,6 +392,55 @@ func TestService_handleGetAuthorization(t *testing.T) {
 	}
 }
 
+func TestGetAuthorizationsWithNames(t *testing.T) {
+	t.Parallel()
+
+	testUserName := "user"
+	testUserID := itesting.MustIDBase16("6c7574652c206f6e")
+	testOrgName := "org"
+	testOrgID := itesting.MustIDBase16("9d70616e656d2076")
+
+	ts := &tenantService{
+		FindUserFn: func(ctx context.Context, f influxdb.UserFilter) (*influxdb.User, error) {
+			require.Equal(t, &testUserName, f.Name)
+
+			return &influxdb.User{
+				ID:   testUserID,
+				Name: testUserName,
+			}, nil
+		},
+
+		FindOrganizationF: func(ctx context.Context, f influxdb.OrganizationFilter) (*influxdb.Organization, error) {
+			require.Equal(t, &testOrgName, f.Name)
+
+			return &influxdb.Organization{
+				ID:   testOrgID,
+				Name: testOrgName,
+			}, nil
+		},
+	}
+
+	as := &mock.AuthorizationService{
+		FindAuthorizationsFn: func(ctx context.Context, f influxdb.AuthorizationFilter, opts ...influxdb.FindOptions) ([]*influxdb.Authorization, int, error) {
+			require.Equal(t, &testOrgID, f.OrgID)
+			require.Equal(t, &testUserID, f.UserID)
+
+			return []*influxdb.Authorization{}, 0, nil
+		},
+	}
+
+	h := NewHTTPAuthHandler(zaptest.NewLogger(t), as, ts)
+
+	w := httptest.NewRecorder()
+	r := httptest.NewRequest("get", "http://any.url", nil)
+	qp := r.URL.Query()
+	qp.Add("user", testUserName)
+	qp.Add("org", testOrgName)
+	r.URL.RawQuery = qp.Encode()
+
+	h.handleGetAuthorizations(w, r)
+}
+
 func TestService_handleGetAuthorizations(t *testing.T) {
 	type fields struct {
 		AuthorizationService influxdb.AuthorizationService