Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
N
nexpie-grafana-theme
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Registry
Registry
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kornkitt Poolsup
nexpie-grafana-theme
Commits
90e9fda9
Commit
90e9fda9
authored
Mar 08, 2019
by
Leonard Gram
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
teams: start of team update guardian for editors
parent
5adde259
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
168 additions
and
21 deletions
+168
-21
pkg/models/team.go
+2
-0
pkg/services/teams/team.go
+35
-0
pkg/services/teams/teams_test.go
+131
-21
No files found.
pkg/models/team.go
View file @
90e9fda9
...
@@ -10,6 +10,8 @@ var (
...
@@ -10,6 +10,8 @@ var (
ErrTeamNotFound
=
errors
.
New
(
"Team not found"
)
ErrTeamNotFound
=
errors
.
New
(
"Team not found"
)
ErrTeamNameTaken
=
errors
.
New
(
"Team name is taken"
)
ErrTeamNameTaken
=
errors
.
New
(
"Team name is taken"
)
ErrTeamMemberNotFound
=
errors
.
New
(
"Team member not found"
)
ErrTeamMemberNotFound
=
errors
.
New
(
"Team member not found"
)
ErrNotAllowedToUpdateTeam
=
errors
.
New
(
"User not allowed to update team"
)
ErrNotAllowedToUpdateTeamInDifferentOrg
=
errors
.
New
(
"User not allowed to update team in another org"
)
)
)
// Team model
// Team model
...
...
pkg/services/teams/team.go
View file @
90e9fda9
...
@@ -5,6 +5,41 @@ import (
...
@@ -5,6 +5,41 @@ import (
m
"github.com/grafana/grafana/pkg/models"
m
"github.com/grafana/grafana/pkg/models"
)
)
func
canUpdateTeam
(
orgId
int64
,
teamId
int64
,
user
m
.
SignedInUser
)
error
{
if
user
.
OrgRole
==
m
.
ROLE_ADMIN
{
return
nil
}
if
user
.
OrgId
!=
orgId
{
return
m
.
ErrNotAllowedToUpdateTeamInDifferentOrg
}
cmd
:=
m
.
GetTeamMembersQuery
{
OrgId
:
orgId
,
TeamId
:
teamId
,
UserId
:
user
.
UserId
,
// TODO: do we need to do something special about external users
// External: false,
}
if
err
:=
bus
.
Dispatch
(
&
cmd
);
err
!=
nil
{
// TODO: look into how we want to do logging
return
err
}
for
_
,
member
:=
range
cmd
.
Result
{
if
member
.
UserId
==
user
.
UserId
&&
member
.
Permission
==
int64
(
m
.
PERMISSION_ADMIN
)
{
return
nil
}
}
return
m
.
ErrNotAllowedToUpdateTeam
}
func
UpdateTeam
(
user
m
.
SignedInUser
,
cmd
*
m
.
UpdateTeamCommand
)
error
{
func
UpdateTeam
(
user
m
.
SignedInUser
,
cmd
*
m
.
UpdateTeamCommand
)
error
{
if
err
:=
canUpdateTeam
(
cmd
.
OrgId
,
cmd
.
Id
,
user
);
err
!=
nil
{
return
err
}
return
bus
.
Dispatch
(
cmd
)
return
bus
.
Dispatch
(
cmd
)
}
}
pkg/services/teams/teams_test.go
View file @
90e9fda9
package
teams
package
teams
import
(
import
(
.
"github.com/smartystreets/goconvey/convey
"
"github.com/grafana/grafana/pkg/bus
"
m
"github.com/grafana/grafana/pkg/models"
m
"github.com/grafana/grafana/pkg/models"
"github.com/pkg/errors"
.
"github.com/smartystreets/goconvey/convey"
"testing"
)
)
func
TestUpdateTeam
(
t
*
testing
.
T
)
{
func
TestUpdateTeam
(
t
*
testing
.
T
)
{
Convey
(
"Updating a team as an editor"
,
t
,
func
()
{
Convey
(
"Updating a team"
,
t
,
func
()
{
bus
.
ClearBusHandlers
()
Convey
(
"Given an editor and a team he isn't a member of"
,
func
()
{
Convey
(
"Given an editor and a team he isn't a member of"
,
func
()
{
editor
:=
m
.
SignedInUser
{
UserId
:
1
,
OrgId
:
1
,
OrgRole
:
m
.
ROLE_EDITOR
,
}
Convey
(
"Should not be able to update the team"
,
func
()
{
cmd
:=
m
.
UpdateTeamCommand
{
Id
:
1
,
OrgId
:
editor
.
OrgId
,
}
bus
.
AddHandler
(
"test"
,
func
(
cmd
*
m
.
UpdateTeamCommand
)
error
{
return
errors
.
New
(
"Editor not allowed to update team."
)
})
bus
.
AddHandler
(
"test"
,
func
(
cmd
*
m
.
GetTeamMembersQuery
)
error
{
cmd
.
Result
=
[]
*
m
.
TeamMemberDTO
{}
return
nil
})
err
:=
UpdateTeam
(
editor
,
&
cmd
)
So
(
err
,
ShouldEqual
,
m
.
ErrNotAllowedToUpdateTeam
)
})
})
Convey
(
"Given an editor and a team he is a member of"
,
func
()
{
editor
:=
m
.
SignedInUser
{
UserId
:
1
,
OrgId
:
1
,
OrgRole
:
m
.
ROLE_EDITOR
,
}
testTeam
:=
m
.
Team
{
Id
:
1
,
OrgId
:
1
,
}
Convey
(
"Should be able to update the team"
,
func
()
{
cmd
:=
m
.
UpdateTeamCommand
{
Id
:
testTeam
.
Id
,
OrgId
:
testTeam
.
OrgId
,
}
teamUpdated
:=
false
bus
.
AddHandler
(
"test"
,
func
(
cmd
*
m
.
UpdateTeamCommand
)
error
{
teamUpdated
=
true
return
nil
})
bus
.
AddHandler
(
"test"
,
func
(
cmd
*
m
.
GetTeamMembersQuery
)
error
{
cmd
.
Result
=
[]
*
m
.
TeamMemberDTO
{{
OrgId
:
testTeam
.
OrgId
,
TeamId
:
testTeam
.
Id
,
UserId
:
editor
.
UserId
,
Permission
:
int64
(
m
.
PERMISSION_ADMIN
),
}}
return
nil
})
err
:=
UpdateTeam
(
editor
,
&
cmd
)
UpdateTeam
(
editor
,
m
.
UpdateTeamCommand
{
So
(
teamUpdated
,
ShouldBeTrue
)
Id
:
0
,
So
(
err
,
ShouldBeNil
)
Name
:
""
,
Email
:
""
,
OrgId
:
0
,
})
})
})
})
// the editor should not be able to update the team if they aren't members of it
Convey
(
"Given an editor and a team in another org"
,
func
()
{
editor
:=
m
.
SignedInUser
{
UserId
:
1
,
OrgId
:
1
,
OrgRole
:
m
.
ROLE_EDITOR
,
}
fakeDash
:=
m
.
NewDashboard
(
"Child dash"
)
testTeam
:=
m
.
Team
{
fakeDash
.
Id
=
1
Id
:
1
,
fakeDash
.
FolderId
=
1
OrgId
:
2
,
fakeDash
.
HasAcl
=
false
}
bus
.
AddHandler
(
"test"
,
func
(
query
*
m
.
GetDashboardsBySlugQuery
)
error
{
Convey
(
"Shouldn't be able to update the team"
,
func
()
{
dashboards
:=
[]
*
m
.
Dashboard
{
fakeDash
}
cmd
:=
m
.
UpdateTeamCommand
{
query
.
Result
=
dashboards
Id
:
testTeam
.
Id
,
OrgId
:
testTeam
.
OrgId
,
}
bus
.
AddHandler
(
"test"
,
func
(
cmd
*
m
.
UpdateTeamCommand
)
error
{
return
errors
.
New
(
"Can't update a team in a different org."
)
})
bus
.
AddHandler
(
"test"
,
func
(
cmd
*
m
.
GetTeamMembersQuery
)
error
{
cmd
.
Result
=
[]
*
m
.
TeamMemberDTO
{{
OrgId
:
testTeam
.
OrgId
,
TeamId
:
testTeam
.
Id
,
UserId
:
editor
.
UserId
,
Permission
:
int64
(
m
.
PERMISSION_ADMIN
),
}}
return
nil
return
nil
})
})
var
getDashboardQueries
[]
*
m
.
GetDashboardQuery
err
:=
UpdateTeam
(
editor
,
&
cmd
)
So
(
err
,
ShouldEqual
,
m
.
ErrNotAllowedToUpdateTeamInDifferentOrg
)
})
})
Convey
(
"Given an org admin and a team"
,
func
()
{
editor
:=
m
.
SignedInUser
{
UserId
:
1
,
OrgId
:
1
,
OrgRole
:
m
.
ROLE_ADMIN
,
}
testTeam
:=
m
.
Team
{
Id
:
1
,
OrgId
:
1
,
}
Convey
(
"Should be able to update the team"
,
func
()
{
cmd
:=
m
.
UpdateTeamCommand
{
Id
:
testTeam
.
Id
,
OrgId
:
testTeam
.
OrgId
,
}
teamUpdated
:=
false
bus
.
AddHandler
(
"test"
,
func
(
query
*
m
.
GetDashboardQuery
)
error
{
bus
.
AddHandler
(
"test"
,
func
(
cmd
*
m
.
UpdateTeamCommand
)
error
{
query
.
Result
=
fakeDash
teamUpdated
=
true
getDashboardQueries
=
append
(
getDashboardQueries
,
query
)
return
nil
return
nil
})
})
bus
.
AddHandler
(
"test"
,
func
(
query
*
m
.
IsDashboardProvisionedQuery
)
error
{
err
:=
UpdateTeam
(
editor
,
&
cmd
)
So
(
teamUpdated
,
ShouldBeTrue
)
So
(
err
,
ShouldBeNil
)
})
})
})
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
