fix: fixed permission issue with api key with viewer role in dashboards with default permissions

24d0b43e · Torkel Ödegaard · 8666c77c · 24d0b43e · 24d0b43e · 24d0b43e
Commit 24d0b43e authored Jun 19, 2018 by Torkel Ödegaard
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 2 deletions

pkg/services/guardian/guardian.go
+1 -1

pkg/services/guardian/guardian_test.go
+6 -1

pkg/services/guardian/guardian_util_test.go
+21 -0

No files found.
--- a/pkg/services/guardian/guardian.go
+++ b/pkg/services/guardian/guardian.go
@@ -83,7 +83,7 @@ func (g *dashboardGuardianImpl) checkAcl(permission m.PermissionType, acl []*m.D
 	for _, p := range acl {
 		// user match
-		if !g.user.IsAnonymous {
+		if !g.user.IsAnonymous && p.UserId > 0 {
 			if p.UserId == g.user.UserId && p.Permission >= permission {
 				return true, nil
 			}

--- a/pkg/services/guardian/guardian_test.go
+++ b/pkg/services/guardian/guardian_test.go
@@ -162,6 +162,11 @@ func TestGuardianViewer(t *testing.T) {
 			sc.parentFolderPermissionScenario(VIEWER, m.PERMISSION_EDIT, EDITOR_ACCESS)
 			sc.parentFolderPermissionScenario(VIEWER, m.PERMISSION_VIEW, VIEWER_ACCESS)
 		})
+		apiKeyScenario("Given api key with viewer role", t, m.ROLE_VIEWER, func(sc *scenarioContext) {
+			// dashboard has default permissions
+			sc.defaultPermissionScenario(VIEWER, m.PERMISSION_EDIT, VIEWER_ACCESS)
+		})
 	})
 }
@@ -267,7 +272,7 @@ func (sc *scenarioContext) verifyExpectedPermissionsFlags() {
 			actualFlag = NO_ACCESS
 		}
-		if sc.expectedFlags&actualFlag != sc.expectedFlags {
+		if actualFlag&sc.expectedFlags != actualFlag {
 			sc.reportFailure(tc, sc.expectedFlags.String(), actualFlag.String())
 		}

--- a/pkg/services/guardian/guardian_util_test.go
+++ b/pkg/services/guardian/guardian_util_test.go
@@ -48,6 +48,27 @@ func orgRoleScenario(desc string, t *testing.T, role m.RoleType, fn scenarioFunc
 	})
 }
+func apiKeyScenario(desc string, t *testing.T, role m.RoleType, fn scenarioFunc) {
+	user := &m.SignedInUser{
+		UserId:   0,
+		OrgId:    orgID,
+		OrgRole:  role,
+		ApiKeyId: 10,
+	}
+	guard := New(dashboardID, orgID, user)
+	sc := &scenarioContext{
+		t:                t,
+		orgRoleScenario:  desc,
+		givenUser:        user,
+		givenDashboardID: dashboardID,
+		g:                guard,
+	}
+	Convey(desc, func() {
+		fn(sc)
+	})
+}
 func permissionScenario(desc string, dashboardID int64, sc *scenarioContext, permissions []*m.DashboardAclInfoDTO, fn scenarioFunc) {
 	bus.ClearBusHandlers()