Commit 659a5910 by Torkel Ödegaard

dashboard acl stuff

parent 2257c1f8
......@@ -25,18 +25,18 @@ func NewDashboardGuardian(dashId int64, orgId int64, user *m.SignedInUser) *Dash
}
func (g *DashboardGuardian) CanSave() (bool, error) {
return g.HasPermission(m.PERMISSION_EDIT, m.ROLE_EDITOR)
return g.HasPermission(m.PERMISSION_EDIT)
}
func (g *DashboardGuardian) CanEdit() (bool, error) {
return g.HasPermission(m.PERMISSION_EDIT, m.ROLE_READ_ONLY_EDITOR)
return g.HasPermission(m.PERMISSION_EDIT)
}
func (g *DashboardGuardian) CanView() (bool, error) {
return g.HasPermission(m.PERMISSION_VIEW, m.ROLE_VIEWER)
return g.HasPermission(m.PERMISSION_VIEW)
}
func (g *DashboardGuardian) HasPermission(permission m.PermissionType, fallbackRole m.RoleType) (bool, error) {
func (g *DashboardGuardian) HasPermission(permission m.PermissionType) (bool, error) {
if g.user.OrgRole == m.ROLE_ADMIN {
return true, nil
}
......@@ -46,11 +46,6 @@ func (g *DashboardGuardian) HasPermission(permission m.PermissionType, fallbackR
return false, err
}
// if no acl use org role to determine permission
if len(acl) == 0 {
return g.user.HasRole(fallbackRole), nil
}
userGroups, err := g.getUserGroups()
if err != nil {
return false, err
......@@ -66,6 +61,12 @@ func (g *DashboardGuardian) HasPermission(permission m.PermissionType, fallbackR
return true, nil
}
}
if p.Role.IsValid() {
if p.Role == g.user.OrgRole && p.Permission >= permission {
return true, nil
}
}
}
return false, nil
......
......@@ -132,6 +132,7 @@ func GetInheritedDashboardAcl(query *m.GetInheritedDashboardAclQuery) error {
da.dashboard_id,
da.user_id,
da.user_group_id,
da.role,
da.permission,
da.created,
da.updated
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment