refactor(portainer): introduce internal package (#3924)

* refactor(auth): move auth helpers to internal package * refactor(edge-compute): move edge helpers to internal package * refactor(tags): move tags helper to internal package * style(portainer): sort imports
2025-08-05 05:45:22 +02:00 · 2020-06-16 10:58:16 +03:00 · 2020-06-16 10:58:16 +03:00 · 7c3b83f6e5
commit 7c3b83f6e5
parent 5d7ba0baba
46 changed files with 1019 additions and 959 deletions
--- a/api/http/handler/auth/authenticate.go
+++ b/api/http/handler/auth/authenticate.go
@ -10,6 +10,7 @@ import (
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/internal/authorization"
 )

 type authenticatePayload struct {
@ -101,7 +102,7 @@ func (handler *Handler) authenticateLDAPAndCreateUser(w http.ResponseWriter, use
 	user := &portainer.User{
 		Username:                username,
 		Role:                    portainer.StandardUserRole,
-		PortainerAuthorizations: portainer.DefaultPortainerAuthorizations(),
+		PortainerAuthorizations: authorization.DefaultPortainerAuthorizations(),
 	}

 	err = handler.DataStore.User().CreateUser(user)
--- a/api/http/handler/auth/authenticate_oauth.go
+++ b/api/http/handler/auth/authenticate_oauth.go
@ -2,6 +2,7 @@ package auth

 import (
 	"encoding/json"
+	"github.com/portainer/portainer/api/internal/authorization"
 	"io/ioutil"
 	"log"
 	"net/http"
@ -113,7 +114,7 @@ func (handler *Handler) validateOAuth(w http.ResponseWriter, r *http.Request) *h
 		user = &portainer.User{
 			Username:                username,
 			Role:                    portainer.StandardUserRole,
-			PortainerAuthorizations: portainer.DefaultPortainerAuthorizations(),
+			PortainerAuthorizations: authorization.DefaultPortainerAuthorizations(),
 		}

 		err = handler.DataStore.User().CreateUser(user)
--- a/api/http/handler/auth/handler.go
+++ b/api/http/handler/auth/handler.go
@ -8,6 +8,7 @@ import (
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/proxy"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/authorization"
 )

 // Handler is the HTTP handler used to handle authentication operations.
@ -18,7 +19,7 @@ type Handler struct {
 	JWTService           portainer.JWTService
 	LDAPService          portainer.LDAPService
 	ProxyManager         *proxy.Manager
-	AuthorizationService *portainer.AuthorizationService
+	AuthorizationService *authorization.Service
 }

 // NewHandler creates a handler to manage authentication operations.
--- a/api/http/handler/edgegroups/edgegroup_update.go
+++ b/api/http/handler/edgegroups/edgegroup_update.go
@ -7,7 +7,8 @@ import (
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/internal/edge"
 )

 type edgeGroupUpdatePayload struct {
@ -73,7 +74,7 @@ func (handler *Handler) edgeGroupUpdate(w http.ResponseWriter, r *http.Request)
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve endpoint groups from database", err}
 	}

-	oldRelatedEndpoints := portainer.EdgeGroupRelatedEndpoints(edgeGroup, endpoints, endpointGroups)
+	oldRelatedEndpoints := edge.EdgeGroupRelatedEndpoints(edgeGroup, endpoints, endpointGroups)

 	edgeGroup.Dynamic = payload.Dynamic
 	if edgeGroup.Dynamic {
@ -102,7 +103,7 @@ func (handler *Handler) edgeGroupUpdate(w http.ResponseWriter, r *http.Request)
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist Edge group changes inside the database", err}
 	}

-	newRelatedEndpoints := portainer.EdgeGroupRelatedEndpoints(edgeGroup, endpoints, endpointGroups)
+	newRelatedEndpoints := edge.EdgeGroupRelatedEndpoints(edgeGroup, endpoints, endpointGroups)
 	endpointsToUpdate := append(newRelatedEndpoints, oldRelatedEndpoints...)

 	for _, endpointID := range endpointsToUpdate {
@ -143,7 +144,7 @@ func (handler *Handler) updateEndpoint(endpointID portainer.EndpointID) error {

 	edgeStackSet := map[portainer.EdgeStackID]bool{}

-	endpointEdgeStacks := portainer.EndpointRelatedEdgeStacks(endpoint, endpointGroup, edgeGroups, edgeStacks)
+	endpointEdgeStacks := edge.EndpointRelatedEdgeStacks(endpoint, endpointGroup, edgeGroups, edgeStacks)
 	for _, edgeStackID := range endpointEdgeStacks {
 		edgeStackSet[edgeStackID] = true
 	}
--- a/api/http/handler/edgestacks/edgestack_create.go
+++ b/api/http/handler/edgestacks/edgestack_create.go
@ -13,6 +13,7 @@ import (
 	"github.com/portainer/libhttp/response"
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/filesystem"
+	"github.com/portainer/portainer/api/internal/edge"
 )

 // POST request on /api/endpoint_groups
@ -42,7 +43,7 @@ func (handler *Handler) edgeStackCreate(w http.ResponseWriter, r *http.Request)
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve edge groups from database", err}
 	}

-	relatedEndpoints, err := portainer.EdgeStackRelatedEndpoints(edgeStack.EdgeGroups, endpoints, endpointGroups, edgeGroups)
+	relatedEndpoints, err := edge.EdgeStackRelatedEndpoints(edgeStack.EdgeGroups, endpoints, endpointGroups, edgeGroups)

 	for _, endpointID := range relatedEndpoints {
 		relation, err := handler.DataStore.EndpointRelation().EndpointRelation(endpointID)
--- a/api/http/handler/edgestacks/edgestack_delete.go
+++ b/api/http/handler/edgestacks/edgestack_delete.go
@ -7,6 +7,7 @@ import (
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/internal/edge"
 )

 func (handler *Handler) edgeStackDelete(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
@ -42,7 +43,7 @@ func (handler *Handler) edgeStackDelete(w http.ResponseWriter, r *http.Request)
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve edge groups from database", err}
 	}

-	relatedEndpoints, err := portainer.EdgeStackRelatedEndpoints(edgeStack.EdgeGroups, endpoints, endpointGroups, edgeGroups)
+	relatedEndpoints, err := edge.EdgeStackRelatedEndpoints(edgeStack.EdgeGroups, endpoints, endpointGroups, edgeGroups)

 	for _, endpointID := range relatedEndpoints {
 		relation, err := handler.DataStore.EndpointRelation().EndpointRelation(endpointID)
--- a/api/http/handler/edgestacks/edgestack_update.go
+++ b/api/http/handler/edgestacks/edgestack_update.go
@ -9,6 +9,7 @@ import (
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/internal/edge"
 )

 type updateEdgeStackPayload struct {
@ -63,12 +64,12 @@ func (handler *Handler) edgeStackUpdate(w http.ResponseWriter, r *http.Request)
 			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve edge groups from database", err}
 		}

-		oldRelated, err := portainer.EdgeStackRelatedEndpoints(stack.EdgeGroups, endpoints, endpointGroups, edgeGroups)
+		oldRelated, err := edge.EdgeStackRelatedEndpoints(stack.EdgeGroups, endpoints, endpointGroups, edgeGroups)
 		if err != nil {
 			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve edge stack related endpoints from database", err}
 		}

-		newRelated, err := portainer.EdgeStackRelatedEndpoints(payload.EdgeGroups, endpoints, endpointGroups, edgeGroups)
+		newRelated, err := edge.EdgeStackRelatedEndpoints(payload.EdgeGroups, endpoints, endpointGroups, edgeGroups)
 		if err != nil {
 			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve edge stack related endpoints from database", err}
 		}
--- a/api/http/handler/endpointgroups/endpointgroup_update.go
+++ b/api/http/handler/endpointgroups/endpointgroup_update.go
@ -8,6 +8,7 @@ import (
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/internal/tag"
 )

 type endpointGroupUpdatePayload struct {
@ -52,14 +53,14 @@ func (handler *Handler) endpointGroupUpdate(w http.ResponseWriter, r *http.Reque

 	tagsChanged := false
 	if payload.TagIDs != nil {
-		payloadTagSet := portainer.TagSet(payload.TagIDs)
-		endpointGroupTagSet := portainer.TagSet((endpointGroup.TagIDs))
-		union := portainer.TagUnion(payloadTagSet, endpointGroupTagSet)
-		intersection := portainer.TagIntersection(payloadTagSet, endpointGroupTagSet)
+		payloadTagSet := tag.Set(payload.TagIDs)
+		endpointGroupTagSet := tag.Set((endpointGroup.TagIDs))
+		union := tag.Union(payloadTagSet, endpointGroupTagSet)
+		intersection := tag.Intersection(payloadTagSet, endpointGroupTagSet)
 		tagsChanged = len(union) > len(intersection)

 		if tagsChanged {
-			removeTags := portainer.TagDifference(endpointGroupTagSet, payloadTagSet)
+			removeTags := tag.Difference(endpointGroupTagSet, payloadTagSet)

 			for tagID := range removeTags {
 				tag, err := handler.DataStore.Tag().Tag(tagID)
--- a/api/http/handler/endpointgroups/endpoints.go
+++ b/api/http/handler/endpointgroups/endpoints.go
@ -1,6 +1,9 @@
 package endpointgroups

-import portainer "github.com/portainer/portainer/api"
+import (
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/internal/edge"
+)

 func (handler *Handler) updateEndpointRelations(endpoint *portainer.Endpoint, endpointGroup *portainer.EndpointGroup) error {
 	if endpoint.Type != portainer.EdgeAgentEnvironment {
@ -31,7 +34,7 @@ func (handler *Handler) updateEndpointRelations(endpoint *portainer.Endpoint, en
 		return err
 	}

-	endpointStacks := portainer.EndpointRelatedEdgeStacks(endpoint, endpointGroup, edgeGroups, edgeStacks)
+	endpointStacks := edge.EndpointRelatedEdgeStacks(endpoint, endpointGroup, edgeGroups, edgeStacks)
 	stacksSet := map[portainer.EdgeStackID]bool{}
 	for _, edgeStackID := range endpointStacks {
 		stacksSet[edgeStackID] = true
--- a/api/http/handler/endpointgroups/handler.go
+++ b/api/http/handler/endpointgroups/handler.go
@ -7,13 +7,14 @@ import (
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/authorization"
 )

 // Handler is the HTTP handler used to handle endpoint group operations.
 type Handler struct {
 	*mux.Router
 	DataStore            portainer.DataStore
-	AuthorizationService *portainer.AuthorizationService
+	AuthorizationService *authorization.Service
 }

 // NewHandler creates a handler to manage endpoint group operations.
--- a/api/http/handler/endpoints/endpoint_create.go
+++ b/api/http/handler/endpoints/endpoint_create.go
@ -15,6 +15,7 @@ import (
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/crypto"
 	"github.com/portainer/portainer/api/http/client"
+	"github.com/portainer/portainer/api/internal/edge"
 )

 type endpointCreatePayload struct {
@ -167,7 +168,7 @@ func (handler *Handler) endpointCreate(w http.ResponseWriter, r *http.Request) *
 	}

 	if endpoint.Type == portainer.EdgeAgentEnvironment {
-		relatedEdgeStacks := portainer.EndpointRelatedEdgeStacks(endpoint, endpointGroup, edgeGroups, edgeStacks)
+		relatedEdgeStacks := edge.EndpointRelatedEdgeStacks(endpoint, endpointGroup, edgeGroups, edgeStacks)
 		for _, stackID := range relatedEdgeStacks {
 			relationObject.EdgeStacks[stackID] = true
 		}
--- a/api/http/handler/endpoints/endpoint_update.go
+++ b/api/http/handler/endpoints/endpoint_update.go
@ -10,6 +10,8 @@ import (
 	"github.com/portainer/libhttp/response"
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/client"
+	"github.com/portainer/portainer/api/internal/edge"
+	"github.com/portainer/portainer/api/internal/tag"
 )

 type endpointUpdatePayload struct {
@ -79,14 +81,14 @@ func (handler *Handler) endpointUpdate(w http.ResponseWriter, r *http.Request) *

 	tagsChanged := false
 	if payload.TagIDs != nil {
-		payloadTagSet := portainer.TagSet(payload.TagIDs)
-		endpointTagSet := portainer.TagSet((endpoint.TagIDs))
-		union := portainer.TagUnion(payloadTagSet, endpointTagSet)
-		intersection := portainer.TagIntersection(payloadTagSet, endpointTagSet)
+		payloadTagSet := tag.Set(payload.TagIDs)
+		endpointTagSet := tag.Set((endpoint.TagIDs))
+		union := tag.Union(payloadTagSet, endpointTagSet)
+		intersection := tag.Intersection(payloadTagSet, endpointTagSet)
 		tagsChanged = len(union) > len(intersection)

 		if tagsChanged {
-			removeTags := portainer.TagDifference(endpointTagSet, payloadTagSet)
+			removeTags := tag.Difference(endpointTagSet, payloadTagSet)

 			for tagID := range removeTags {
 				tag, err := handler.DataStore.Tag().Tag(tagID)
@ -248,7 +250,7 @@ func (handler *Handler) endpointUpdate(w http.ResponseWriter, r *http.Request) *

 		edgeStackSet := map[portainer.EdgeStackID]bool{}

-		endpointEdgeStacks := portainer.EndpointRelatedEdgeStacks(endpoint, endpointGroup, edgeGroups, edgeStacks)
+		endpointEdgeStacks := edge.EndpointRelatedEdgeStacks(endpoint, endpointGroup, edgeGroups, edgeStacks)
 		for _, edgeStackID := range endpointEdgeStacks {
 			edgeStackSet[edgeStackID] = true
 		}
--- a/api/http/handler/endpoints/handler.go
+++ b/api/http/handler/endpoints/handler.go
@ -5,6 +5,7 @@ import (
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/proxy"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/authorization"

 	"net/http"

@ -23,7 +24,7 @@ type Handler struct {
 	*mux.Router
 	requestBouncer       *security.RequestBouncer
 	DataStore            portainer.DataStore
-	AuthorizationService *portainer.AuthorizationService
+	AuthorizationService *authorization.Service
 	FileService          portainer.FileService
 	JobService           portainer.JobService
 	ProxyManager         *proxy.Manager
--- a/api/http/handler/extensions/handler.go
+++ b/api/http/handler/extensions/handler.go
@ -9,6 +9,7 @@ import (
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/authorization"
 )

 // Handler is the HTTP handler used to handle extension operations.
@ -16,7 +17,7 @@ type Handler struct {
 	*mux.Router
 	DataStore            portainer.DataStore
 	ExtensionManager     portainer.ExtensionManager
-	AuthorizationService *portainer.AuthorizationService
+	AuthorizationService *authorization.Service
 }

 // NewHandler creates a handler to manage extension operations.
--- a/api/http/handler/settings/handler.go
+++ b/api/http/handler/settings/handler.go
@ -1,6 +1,7 @@
 package settings

 import (
+	"github.com/portainer/portainer/api/internal/authorization"
 	"net/http"

 	"github.com/gorilla/mux"
@ -17,7 +18,7 @@ func hideFields(settings *portainer.Settings) {
 // Handler is the HTTP handler used to handle settings operations.
 type Handler struct {
 	*mux.Router
-	AuthorizationService *portainer.AuthorizationService
+	AuthorizationService *authorization.Service
 	DataStore            portainer.DataStore
 	FileService          portainer.FileService
 	JobScheduler         portainer.JobScheduler
--- a/api/http/handler/stacks/handler.go
+++ b/api/http/handler/stacks/handler.go
@ -8,6 +8,7 @@ import (
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/authorization"
 )

 // Handler is the HTTP handler used to handle stack operations.
@ -58,7 +59,7 @@ func (handler *Handler) userCanAccessStack(securityContext *security.RestrictedR
 		userTeamIDs = append(userTeamIDs, membership.TeamID)
 	}

-	if resourceControl != nil && portainer.UserCanAccessResource(securityContext.UserID, userTeamIDs, resourceControl) {
+	if resourceControl != nil && authorization.UserCanAccessResource(securityContext.UserID, userTeamIDs, resourceControl) {
 		return true, nil
 	}

--- a/api/http/handler/stacks/stack_create.go
+++ b/api/http/handler/stacks/stack_create.go
@ -12,6 +12,7 @@ import (
 	"github.com/portainer/libhttp/response"
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/authorization"
 )

 func (handler *Handler) cleanUp(stack *portainer.Stack, doCleanUp *bool) error {
@ -133,7 +134,7 @@ func (handler *Handler) isValidStackFile(stackFileContent []byte) (bool, error)
 }

 func (handler *Handler) decorateStackResponse(w http.ResponseWriter, stack *portainer.Stack, userID portainer.UserID) *httperror.HandlerError {
-	resourceControl := portainer.NewPrivateResourceControl(stack.Name, portainer.StackResourceControl, userID)
+	resourceControl := authorization.NewPrivateResourceControl(stack.Name, portainer.StackResourceControl, userID)

 	err := handler.DataStore.ResourceControl().CreateResourceControl(resourceControl)
 	if err != nil {
--- a/api/http/handler/stacks/stack_list.go
+++ b/api/http/handler/stacks/stack_list.go
@ -8,6 +8,7 @@ import (
 	"github.com/portainer/libhttp/response"
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/authorization"
 )

 type stackListOperationFilters struct {
@ -39,7 +40,7 @@ func (handler *Handler) stackList(w http.ResponseWriter, r *http.Request) *httpe
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
 	}

-	stacks = portainer.DecorateStacks(stacks, resourceControls)
+	stacks = authorization.DecorateStacks(stacks, resourceControls)

 	if !securityContext.IsAdmin {
 		rbacExtensionEnabled := true
@ -60,7 +61,7 @@ func (handler *Handler) stackList(w http.ResponseWriter, r *http.Request) *httpe
 			userTeamIDs = append(userTeamIDs, membership.TeamID)
 		}

-		stacks = portainer.FilterAuthorizedStacks(stacks, user, userTeamIDs, rbacExtensionEnabled)
+		stacks = authorization.FilterAuthorizedStacks(stacks, user, userTeamIDs, rbacExtensionEnabled)
 	}

 	return response.JSON(w, stacks)
--- a/api/http/handler/tags/tag_delete.go
+++ b/api/http/handler/tags/tag_delete.go
@ -7,6 +7,7 @@ import (
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/internal/edge"
 )

 // DELETE request on /api/tags/:id
@ -111,7 +112,7 @@ func (handler *Handler) updateEndpointRelations(endpoint portainer.Endpoint, edg
 		return err
 	}

-	endpointStacks := portainer.EndpointRelatedEdgeStacks(&endpoint, endpointGroup, edgeGroups, edgeStacks)
+	endpointStacks := edge.EndpointRelatedEdgeStacks(&endpoint, endpointGroup, edgeGroups, edgeStacks)
 	stacksSet := map[portainer.EdgeStackID]bool{}
 	for _, edgeStackID := range endpointStacks {
 		stacksSet[edgeStackID] = true
--- a/api/http/handler/teammemberships/handler.go
+++ b/api/http/handler/teammemberships/handler.go
@ -4,6 +4,7 @@ import (
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/authorization"

 	"net/http"

@ -14,7 +15,7 @@ import (
 type Handler struct {
 	*mux.Router
 	DataStore            portainer.DataStore
-	AuthorizationService *portainer.AuthorizationService
+	AuthorizationService *authorization.Service
 }

 // NewHandler creates a handler to manage team membership operations.
--- a/api/http/handler/teams/handler.go
+++ b/api/http/handler/teams/handler.go
@ -1,6 +1,7 @@
 package teams

 import (
+	"github.com/portainer/portainer/api/internal/authorization"
 	"net/http"

 	"github.com/gorilla/mux"
@ -13,7 +14,7 @@ import (
 type Handler struct {
 	*mux.Router
 	DataStore            portainer.DataStore
-	AuthorizationService *portainer.AuthorizationService
+	AuthorizationService *authorization.Service
 }

 // NewHandler creates a handler to manage team operations.
--- a/api/http/handler/users/admin_init.go
+++ b/api/http/handler/users/admin_init.go
@ -8,6 +8,7 @@ import (
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/internal/authorization"
 )

 type adminInitPayload struct {
@ -45,7 +46,7 @@ func (handler *Handler) adminInit(w http.ResponseWriter, r *http.Request) *httpe
 	user := &portainer.User{
 		Username:                payload.Username,
 		Role:                    portainer.AdministratorRole,
-		PortainerAuthorizations: portainer.DefaultPortainerAuthorizations(),
+		PortainerAuthorizations: authorization.DefaultPortainerAuthorizations(),
 	}

 	user.Password, err = handler.CryptoService.Hash(payload.Password)
--- a/api/http/handler/users/handler.go
+++ b/api/http/handler/users/handler.go
@ -4,6 +4,7 @@ import (
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/authorization"

 	"net/http"

@ -19,7 +20,7 @@ type Handler struct {
 	*mux.Router
 	DataStore            portainer.DataStore
 	CryptoService        portainer.CryptoService
-	AuthorizationService *portainer.AuthorizationService
+	AuthorizationService *authorization.Service
 }

 // NewHandler creates a handler to manage user operations.
--- a/api/http/handler/users/user_create.go
+++ b/api/http/handler/users/user_create.go
@ -9,6 +9,7 @@ import (
 	"github.com/portainer/libhttp/response"
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/authorization"
 )

 type userCreatePayload struct {
@ -60,7 +61,7 @@ func (handler *Handler) userCreate(w http.ResponseWriter, r *http.Request) *http
 	user = &portainer.User{
 		Username:                payload.Username,
 		Role:                    portainer.UserRole(payload.Role),
-		PortainerAuthorizations: portainer.DefaultPortainerAuthorizations(),
+		PortainerAuthorizations: authorization.DefaultPortainerAuthorizations(),
 	}

 	settings, err := handler.DataStore.Settings().Settings()