dashboard acl work

43ffe826 · Torkel Ödegaard · 408c3717 · 43ffe826 · 43ffe826 · 43ffe826
Commit 43ffe826 authored Jun 20, 2017 by Torkel Ödegaard
6 changed files
--- a/pkg/api/dashboard_acl.go
+++ b/pkg/api/dashboard_acl.go
@@ -23,7 +23,39 @@ func GetDashboardAclList(c *middleware.Context) Response {
 		return ApiError(500, "Failed to get Dashboard ACL", err)
 	}

-	return Json(200, &query.Result)
+	list := query.Result
+	hasViewRoleAcl := false
+	hasEditRoleAcl := false
+
+	for _, item := range list {
+		if item.Role == m.ROLE_EDITOR {
+			hasEditRoleAcl = true
+		}
+		if item.Role == m.ROLE_VIEWER {
+			hasViewRoleAcl = true
+		}
+	}
+
+	if !hasEditRoleAcl {
+		tmpList := append([]*m.DashboardAclInfoDTO{}, &m.DashboardAclInfoDTO{
+			Id:             0,
+			Role:           m.ROLE_EDITOR,
+			Permissions:    m.PERMISSION_EDIT,
+			PermissionName: "Edit",
+		})
+		list = append(tmpList, list...)
+	}
+	if !hasViewRoleAcl {
+		tmpList := append([]*m.DashboardAclInfoDTO{}, &m.DashboardAclInfoDTO{
+			Id:             0,
+			Role:           m.ROLE_VIEWER,
+			Permissions:    m.PERMISSION_VIEW,
+			PermissionName: "View",
+		})
+		list = append(tmpList, list...)
+	}
+
+	return Json(200, list)
 }

 func PostDashboardAcl(c *middleware.Context, cmd m.SetDashboardAclCommand) Response {

--- a/pkg/models/dashboard_acl.go
+++ b/pkg/models/dashboard_acl.go
@@ -8,16 +8,18 @@ import (
 type PermissionType int

 const (
+	PERMISSION_NONE                = 0
 	PERMISSION_VIEW PermissionType = 1 << iota
-	PERMISSION_READ_ONLY_EDIT
 	PERMISSION_EDIT
+	PERMISSION_ADMIN
 )

 func (p PermissionType) String() string {
 	names := map[int]string{
-		int(PERMISSION_VIEW):           "View",
-		int(PERMISSION_READ_ONLY_EDIT): "Read-only Edit",
-		int(PERMISSION_EDIT):           "Edit",
+		int(PERMISSION_NONE):  "None",
+		int(PERMISSION_VIEW):  "View",
+		int(PERMISSION_EDIT):  "Edit",
+		int(PERMISSION_ADMIN): "Admin",
 	}
 	return names[int(p)]
 }
@@ -55,6 +57,7 @@ type DashboardAclInfoDTO struct {
 	UserEmail      string         `json:"userEmail"`
 	UserGroupId    int64          `json:"userGroupId"`
 	UserGroup      string         `json:"userGroup"`
+	Role           RoleType       `json:"role"`
 	Permissions    PermissionType `json:"permissions"`
 	PermissionName string         `json:"permissionName"`
 }

--- a/pkg/services/guardian/guardian.go
+++ b/pkg/services/guardian/guardian.go
@@ -29,7 +29,7 @@ func (g *DashboardGuardian) CanSave() (bool, error) {
 }

 func (g *DashboardGuardian) CanEdit() (bool, error) {
-	return g.HasPermission(m.PERMISSION_READ_ONLY_EDIT, m.ROLE_READ_ONLY_EDITOR)
+	return g.HasPermission(m.PERMISSION_EDIT, m.ROLE_READ_ONLY_EDITOR)
 }

 func (g *DashboardGuardian) CanView() (bool, error) {

--- a/public/app/core/directives/dash_edit_link.js
+++ b/public/app/core/directives/dash_edit_link.js
@@ -22,6 +22,7 @@ function ($, angular, coreModule, _) {
      restrict: 'A',
      link: function(scope, elem) {
        var editorScope;
+        var modalScope;
        var lastEditView;

        function hideEditorPane(hideToShowOtherView) {
@@ -47,6 +48,11 @@ function ($, angular, coreModule, _) {
          editorScope = options.scope ? options.scope.$new() : scope.$new();

          editorScope.dismiss = function(hideToShowOtherView) {
+            if (modalScope) {
+              modalScope.dismiss();
+              modalScope = null;
+            }
+
            editorScope.$destroy();
            lastEditView = null;
            editorScope = null;
@@ -73,7 +79,7 @@ function ($, angular, coreModule, _) {
          };

          if (options.isModal) {
-            var modalScope = $rootScope.$new();
+            modalScope = $rootScope.$new();
            modalScope.$on("$destroy", function() {
              editorScope.dismiss();
            });

--- a/public/app/features/dashboard/acl/acl.html
+++ b/public/app/features/dashboard/acl/acl.html
@@ -36,53 +36,27 @@
    <!-- 	</div> -->
    <!-- </form> -->

-    <div>
-      <div class="section">
-        <h5 class="section-heading">Groups & Users</h5>
-        <div class="gf-form" ng-repeat="acl in ctrl.userAcl">
-          <span class="gf-form-label width-15">
-            <i class="fa fa-fw fa-user"></i>
-            {{acl.userLogin}}
-          </span>
-          <div class="gf-form-select-wrapper">
-            <select class="gf-form-input gf-size-auto" ng-model="acl.permissions" ng-options="p.value as p.text for p in ctrl.permissionTypeOptions" ng-change="ctrl.updatePermission(permission)"></select>
-          </div>
-          <button class="btn btn-inverse gf-form-btn" ng-click="ctrl.addQuery()" ng-hide="ctrl.current.meta.mixed">
+    <table class="filter-table">
+      <tr ng-repeat="acl in ctrl.aclItems">
+        <td style="width: 100%;">
+          <i class="{{acl.icon}}"></i>
+          <span ng-bind-html="acl.nameHtml"></span>
+        </td>
+        <td>can...</td>
+        <td class="dropdown">
+          <a class="pointer" style="white-space: nowrap">
+            {{acl.permissionName}}
+            <i class="fa fa-caret-down"></i>
+          </a>
+        </td>
+        <td>
+          <a class="btn btn-inverse btn-small" ng-show="revision.version !== ctrl.dashboard.version" ng-click="ctrl.restore(revision.version)">
            <i class="fa fa-remove"></i>
-          </button>
-        </div>
-        <div class="gf-form dropdown">
-          <button class="btn btn-inverse gf-form-btn" data-toggle="dropdown">
-            <i class="fa fa-fw fa-plus"></i> Add Permission
-          </button>
-          <ul class="dropdown-menu dropdown-menu--new">
-            <li>
-              <a class="pointer" ng-click="ctrl.addUserGroup()">
-                <i class="fa fa-fw fa-users"></i> User Group
-              </a>
-            </li>
-            <li>
-              <a class="pointer" ng-click="ctrl.addUserAcl()">
-                <i class="fa fa-fw fa-user"></i> User
-              </a>
-            </li>
-          </ul>
-        </div>
-      </div>
-      <div class="section pull-right">
-        <h5 class="section-heading">Built-in roles</h5>
-        <div class="gf-form" ng-repeat="roleAcl in ctrl.roles">
-          <span class="gf-form-label width-5">
-            {{roleAcl.name}}
-          </span>
-          <div class="gf-form-select-wrapper">
-            <select class="gf-form-input gf-size-auto" ng-model="roleAcl.permissions" ng-options="p.value as p.text for p in ctrl.roleOptions" ng-change="ctrl.updatePermission(permission)"></select>
-          </div>
-        </div>
-      </div>
-    </div>
+          </a>
+        </td>
+      </tr>
+    </table>

-    <div class="clearfix"></div>

    <div class="gf-form-button-row text-center">
      <button type="submit" class="btn btn-danger" ng-disabled="!ctrl.canUpdate">Update Permissions</button>
@@ -136,11 +110,11 @@
 <!--           <td>{{role.name}}</td> -->
 <!--           <td><select class="gf&#45;form&#45;input gf&#45;size&#45;auto" ng&#45;model="role.permissions" ng&#45;options="p.value as p.text for p in ctrl.roleOptions" ng&#45;change="ctrl.updatePermission(role)"></select></td> -->
 <!--           <td class="text&#45;right"> -->
-  <!--  -->
-  <!--           </td> -->
-  <!--         </tr> -->
-  <!--       </tbody> -->
-  <!--     </table> -->
-  <!--   </div> -->
+<!--  -->
+<!--           </td> -->
+<!--         </tr> -->
+<!--       </tbody> -->
+<!--     </table> -->
+<!--   </div> -->
 <!--   </div> -->
 <!-- </div> -->
--- a/public/app/features/dashboard/acl/acl.ts
+++ b/public/app/features/dashboard/acl/acl.ts
@@ -6,32 +6,21 @@ import _ from 'lodash';

 export class AclCtrl {
  dashboard: any;
-  userAcl: DashboardAcl[];
-  groupAcl: DashboardAcl[];
-  permissionTypeOptions = [
+  aclItems: DashboardAcl[];
+  permissionOptions = [
    {value: 1, text: 'View'},
    {value: 2, text: 'Edit'},
    {value: 4, text: 'Admin'}
  ];

-  roleOptions = [
-    {value: 0, text: 'No Access'},
-    {value: 1, text: 'View'},
-    {value: 2, text: 'Edit'},
-    {value: 4, text: 'Admin'}
-  ];
-
-  roles = [];
-
  type = 'User Group';
  permission = 1;
  userId: number;
  userGroupId: number;

  /** @ngInject */
-  constructor(private backendSrv, private dashboardSrv) {
-    this.userAcl = [];
-    this.groupAcl = [];
+  constructor(private backendSrv, private dashboardSrv, private $sce) {
+    this.aclItems = [];
    this.dashboard = dashboardSrv.getCurrent();
    this.get(this.dashboard.id);
  }
@@ -39,20 +28,22 @@ export class AclCtrl {
  get(dashboardId: number) {
    return this.backendSrv.get(`/api/dashboards/id/${dashboardId}/acl`)
      .then(result => {
-        this.userAcl = _.filter(result, p => { return p.userId > 0;});
-        this.groupAcl = _.filter(result, p => { return p.userGroupId > 0;});
-        this.roles = this.setRoles(result);
+        this.aclItems = _.map(result, item => {
+          if (item.userId > 0) {
+            item.icon = "fa fa-fw fa-user";
+            item.nameHtml = this.$sce.trustAsHtml(item.userLogin);
+          } else if (item.userGroupId > 0) {
+            item.icon = "fa fa-fw fa-users";
+            item.nameHtml = this.$sce.trustAsHtml(item.userGroup);
+          } else if (item.role) {
+            item.icon = "fa fa-fw fa-street-view";
+            item.nameHtml = this.$sce.trustAsHtml(`Everyone with <span class="query-keyword">${item.role}</span> Role`);
+          }
+          return item;
+        });
      });
  }

-  setRoles(result: any) {
-    return [
-      {name: 'Viewer', permissions: 1},
-      {name: 'Editor', permissions: 2},
-      {name: 'Admin', permissions: 4}
-    ];
-  }
-
  addPermission() {
    if (this.type === 'User') {
      if (!this.userId) {