teams: viewers and editors can view teams

782b5b6a · Hugo Häggmark · Leonard Gram · c420af16 · 782b5b6a · 782b5b6a
Commit 782b5b6a authored Mar 13, 2019 by Hugo Häggmark Committed by Leonard Gram Mar 19, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 22 deletions

pkg/api/api.go
+4 -4

pkg/api/index.go
+1 -8

pkg/api/team.go
+5 -0

pkg/middleware/auth.go
+3 -8

public/app/routes/routes.ts
+2 -2

No files found.
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -14,7 +14,7 @@ func (hs *HTTPServer) registerRoutes() {
 	reqGrafanaAdmin := middleware.ReqGrafanaAdmin
 	reqEditorRole := middleware.ReqEditorRole
 	reqOrgAdmin := middleware.ReqOrgAdmin
-	reqAdminOrEditorCanAdmin := middleware.EditorCanAdmin(hs.Cfg.EditorsCanAdmin)
+	reqAdminOrCanAdmin := middleware.AdminOrCanAdmin(hs.Cfg.EditorsCanAdmin)
 	redirectFromLegacyDashboardURL := middleware.RedirectFromLegacyDashboardURL()
 	redirectFromLegacyDashboardSoloURL := middleware.RedirectFromLegacyDashboardSoloURL()
 	quota := middleware.Quota(hs.QuotaService)
@@ -42,8 +42,8 @@ func (hs *HTTPServer) registerRoutes() {
 	r.Get("/org/users", reqOrgAdmin, hs.Index)
 	r.Get("/org/users/new", reqOrgAdmin, hs.Index)
 	r.Get("/org/users/invite", reqOrgAdmin, hs.Index)
-	r.Get("/org/teams", reqAdminOrEditorCanAdmin, hs.Index)
-	r.Get("/org/teams/*", reqAdminOrEditorCanAdmin, hs.Index)
+	r.Get("/org/teams", reqAdminOrCanAdmin, hs.Index)
+	r.Get("/org/teams/*", reqAdminOrCanAdmin, hs.Index)
 	r.Get("/org/apikeys/", reqOrgAdmin, hs.Index)
 	r.Get("/dashboard/import/", reqSignedIn, hs.Index)
 	r.Get("/configuration", reqGrafanaAdmin, hs.Index)
@@ -163,7 +163,7 @@ func (hs *HTTPServer) registerRoutes() {
 			teamsRoute.Delete("/:teamId/members/:userId", Wrap(hs.RemoveTeamMember))
 			teamsRoute.Get("/:teamId/preferences", Wrap(GetTeamPreferences))
 			teamsRoute.Put("/:teamId/preferences", bind(dtos.UpdatePrefsCmd{}), Wrap(UpdateTeamPreferences))
-		}, reqAdminOrEditorCanAdmin)
+		}, reqAdminOrCanAdmin)

 		// team without requirement of user to be org admin
 		apiRoute.Group("/teams", func(teamsRoute routing.RouteRegister) {

--- a/pkg/api/index.go
+++ b/pkg/api/index.go
@@ -327,7 +327,7 @@ func (hs *HTTPServer) setIndexViewData(c *m.ReqContext) (*dtos.IndexViewData, er
 		})
 	}

-	if c.OrgRole == m.ROLE_EDITOR && hs.Cfg.EditorsCanAdmin {
+	if (c.OrgRole == m.ROLE_EDITOR || c.OrgRole == m.ROLE_VIEWER) && hs.Cfg.EditorsCanAdmin {
 		cfgNode := &dtos.NavLink{
 			Id:       "cfg",
 			Text:     "Configuration",
@@ -342,13 +342,6 @@ func (hs *HTTPServer) setIndexViewData(c *m.ReqContext) (*dtos.IndexViewData, er
 					Icon:        "gicon gicon-team",
 					Url:         setting.AppSubUrl + "/org/teams",
 				},
-				{
-					Text:        "Plugins",
-					Id:          "plugins",
-					Description: "View and configure plugins",
-					Icon:        "gicon gicon-plugins",
-					Url:         setting.AppSubUrl + "/plugins",
-				},
 			},
 		}


--- a/pkg/api/team.go
+++ b/pkg/api/team.go
@@ -11,6 +11,11 @@ import (
 // POST /api/teams
 func (hs *HTTPServer) CreateTeam(c *m.ReqContext, cmd m.CreateTeamCommand) Response {
 	cmd.OrgId = c.OrgId
+
+	if c.OrgRole == m.ROLE_VIEWER {
+		return Error(403, "Not allowed to create team.", nil)
+	}
+
 	if err := bus.Dispatch(&cmd); err != nil {
 		if err == m.ErrTeamNameTaken {
 			return Error(409, "Team name taken", err)

--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@@ -87,18 +87,13 @@ func Auth(options *AuthOptions) macaron.Handler {
 	}
 }

-func EditorCanAdmin(enabled bool) macaron.Handler {
+func AdminOrCanAdmin(enabled bool) macaron.Handler {
 	return func(c *m.ReqContext) {
-		ok := false
 		if c.OrgRole == m.ROLE_ADMIN {
-			ok = true
-		}
-
-		if c.OrgRole == m.ROLE_EDITOR && enabled {
-			ok = true
+			return
 		}

-		if !ok {
+		if !enabled {
 			accessForbidden(c)
 		}
 	}

--- a/public/app/routes/routes.ts
+++ b/public/app/routes/routes.ts
@@ -195,7 +195,7 @@ export function setupAngularRoutes($routeProvider, $locationProvider) {
    .when('/org/teams', {
      template: '<react-container />',
      resolve: {
-        roles: () => ['Editor', 'Admin'],
+        roles: () => (config.editorsCanAdmin ? [] : ['Editor', 'Admin']),
        component: () => TeamList,
      },
    })
@@ -207,7 +207,7 @@ export function setupAngularRoutes($routeProvider, $locationProvider) {
    .when('/org/teams/edit/:id/:page?', {
      template: '<react-container />',
      resolve: {
-        roles: () => (config.editorsCanAdmin ? ['Editor', 'Admin'] : ['Admin']),
+        roles: () => (config.editorsCanAdmin ? [] : ['Admin']),
        component: () => TeamPages,
      },
    })