Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
N
nexpie-grafana-theme
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Registry
Registry
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kornkitt Poolsup
nexpie-grafana-theme
Commits
a861b1b9
Commit
a861b1b9
authored
Jun 12, 2017
by
Daniel Lee
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
WIP: check permissions for delete/post dashboard
parent
88e1fcb9
Expand all
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
40 additions
and
14 deletions
+40
-14
pkg/api/api.go
+2
-2
pkg/api/dashboard.go
+36
-10
pkg/api/dashboard_test.go
+0
-0
pkg/services/guardian/guardian.go
+2
-2
No files found.
pkg/api/api.go
View file @
a861b1b9
...
...
@@ -234,7 +234,7 @@ func (hs *HttpServer) registerRoutes() {
// Dashboard
r
.
Group
(
"/dashboards"
,
func
()
{
r
.
Combo
(
"/db/:slug"
)
.
Get
(
wrap
(
GetDashboard
))
.
Delete
(
DeleteDashboard
)
r
.
Combo
(
"/db/:slug"
)
.
Get
(
wrap
(
GetDashboard
))
.
Delete
(
wrap
(
DeleteDashboard
)
)
r
.
Get
(
"/id/:dashboardId/versions"
,
wrap
(
GetDashboardVersions
))
r
.
Get
(
"/id/:dashboardId/versions/:id"
,
wrap
(
GetDashboardVersion
))
...
...
@@ -242,7 +242,7 @@ func (hs *HttpServer) registerRoutes() {
r
.
Post
(
"/calculate-diff"
,
bind
(
dtos
.
CalculateDiffOptions
{}),
wrap
(
CalculateDashboardDiff
))
r
.
Post
(
"/db"
,
reqEditorRole
,
bind
(
m
.
SaveDashboardCommand
{}),
wrap
(
PostDashboard
))
r
.
Post
(
"/db"
,
bind
(
m
.
SaveDashboardCommand
{}),
wrap
(
PostDashboard
))
r
.
Get
(
"/file/:file"
,
GetDashboardFromJsonFile
)
r
.
Get
(
"/home"
,
wrap
(
GetHomeDashboard
))
r
.
Get
(
"/tags"
,
GetDashboardTags
)
...
...
pkg/api/dashboard.go
View file @
a861b1b9
...
...
@@ -47,7 +47,7 @@ func GetDashboard(c *middleware.Context) Response {
dash
:=
query
.
Result
canView
,
canEdit
,
canSave
,
err
:=
getPermissions
(
dash
,
c
.
OrgRole
,
c
.
IsGrafanaAdmin
,
c
.
OrgId
,
c
.
UserId
)
canView
,
canEdit
,
canSave
,
err
:=
getPermissions
(
dash
,
c
.
OrgRole
,
c
.
IsGrafanaAdmin
,
c
.
UserId
)
if
err
!=
nil
{
return
ApiError
(
500
,
"Error while checking dashboard permissions"
,
err
)
}
...
...
@@ -97,7 +97,7 @@ func GetDashboard(c *middleware.Context) Response {
return
Json
(
200
,
dto
)
}
func
getPermissions
(
dash
*
m
.
Dashboard
,
orgRole
m
.
RoleType
,
isGrafanaAdmin
bool
,
orgId
int64
,
userId
int64
)
(
bool
,
bool
,
bool
,
error
)
{
func
getPermissions
(
dash
*
m
.
Dashboard
,
orgRole
m
.
RoleType
,
isGrafanaAdmin
bool
,
userId
int64
)
(
bool
,
bool
,
bool
,
error
)
{
if
!
dash
.
HasAcl
{
return
true
,
canEditDashboard
(
orgRole
),
orgRole
==
m
.
ROLE_ADMIN
||
orgRole
==
m
.
ROLE_EDITOR
,
nil
}
...
...
@@ -108,7 +108,7 @@ func getPermissions(dash *m.Dashboard, orgRole m.RoleType, isGrafanaAdmin bool,
dashId
=
dash
.
ParentId
}
canView
,
canEdit
,
canSave
,
err
:=
guardian
.
CheckDashboardPermissions
(
dashId
,
orgRole
,
isGrafanaAdmin
,
orgId
,
userId
)
canView
,
canEdit
,
canSave
,
err
:=
guardian
.
CheckDashboardPermissions
(
dashId
,
orgRole
,
isGrafanaAdmin
,
userId
)
if
err
!=
nil
{
return
false
,
false
,
false
,
err
}
...
...
@@ -127,24 +127,31 @@ func getUserLogin(userId int64) string {
}
}
func
DeleteDashboard
(
c
*
middleware
.
Context
)
{
func
DeleteDashboard
(
c
*
middleware
.
Context
)
Response
{
slug
:=
c
.
Params
(
":slug"
)
query
:=
m
.
GetDashboardQuery
{
Slug
:
slug
,
OrgId
:
c
.
OrgId
}
if
err
:=
bus
.
Dispatch
(
&
query
);
err
!=
nil
{
c
.
JsonApiErr
(
404
,
"Dashboard not found"
,
nil
)
return
return
ApiError
(
404
,
"Dashboard not found"
,
err
)
}
_
,
_
,
canSave
,
err
:=
getPermissions
(
query
.
Result
,
c
.
OrgRole
,
c
.
IsGrafanaAdmin
,
c
.
UserId
)
if
err
!=
nil
{
return
ApiError
(
500
,
"Error while checking dashboard permissions"
,
err
)
}
if
!
canSave
{
return
ApiError
(
403
,
"Does not have permission to delete this dashboard"
,
nil
)
}
cmd
:=
m
.
DeleteDashboardCommand
{
Slug
:
slug
,
OrgId
:
c
.
OrgId
}
if
err
:=
bus
.
Dispatch
(
&
cmd
);
err
!=
nil
{
c
.
JsonApiErr
(
500
,
"Failed to delete dashboard"
,
err
)
return
return
ApiError
(
500
,
"Failed to delete dashboard"
,
err
)
}
var
resp
=
map
[
string
]
interface
{}{
"title"
:
query
.
Result
.
Title
}
c
.
JSON
(
200
,
resp
)
return
Json
(
200
,
resp
)
}
func
PostDashboard
(
c
*
middleware
.
Context
,
cmd
m
.
SaveDashboardCommand
)
Response
{
...
...
@@ -153,6 +160,25 @@ func PostDashboard(c *middleware.Context, cmd m.SaveDashboardCommand) Response {
dash
:=
cmd
.
GetDashboardModel
()
query
:=
m
.
GetDashboardQuery
{
Slug
:
dash
.
Slug
,
OrgId
:
c
.
OrgId
}
err
:=
bus
.
Dispatch
(
&
query
)
if
err
==
nil
{
dash
.
IsFolder
=
query
.
Result
.
IsFolder
if
cmd
.
ParentId
==
0
{
dash
.
ParentId
=
query
.
Result
.
ParentId
}
dash
.
HasAcl
=
query
.
Result
.
HasAcl
}
_
,
_
,
canSave
,
err
:=
getPermissions
(
dash
,
c
.
OrgRole
,
c
.
IsGrafanaAdmin
,
c
.
UserId
)
if
err
!=
nil
{
return
ApiError
(
500
,
"Error while checking dashboard permissions"
,
err
)
}
if
!
canSave
{
return
ApiError
(
403
,
"Does not have permission to save this dashboard"
,
nil
)
}
// Check if Title is empty
if
dash
.
Title
==
""
{
return
ApiError
(
400
,
m
.
ErrDashboardTitleEmpty
.
Error
(),
nil
)
...
...
@@ -178,7 +204,7 @@ func PostDashboard(c *middleware.Context, cmd m.SaveDashboardCommand) Response {
return
ApiError
(
500
,
"Invalid alert data. Cannot save dashboard"
,
err
)
}
err
:
=
bus
.
Dispatch
(
&
cmd
)
err
=
bus
.
Dispatch
(
&
cmd
)
if
err
!=
nil
{
if
err
==
m
.
ErrDashboardWithSameNameExists
{
return
Json
(
412
,
util
.
DynMap
{
"status"
:
"name-exists"
,
"message"
:
err
.
Error
()})
...
...
pkg/api/dashboard_test.go
View file @
a861b1b9
This diff is collapsed.
Click to expand it.
pkg/services/guardian/guardian.go
View file @
a861b1b9
...
...
@@ -5,7 +5,7 @@ import (
m
"github.com/grafana/grafana/pkg/models"
)
//
Remove
RestrictedDashboards filters out dashboards from the list that the user does have access to
//
Filter
RestrictedDashboards filters out dashboards from the list that the user does have access to
func
FilterRestrictedDashboards
(
dashList
[]
int64
,
orgId
int64
,
userId
int64
)
([]
int64
,
error
)
{
user
,
err
:=
getUser
(
userId
)
if
err
!=
nil
{
...
...
@@ -59,7 +59,7 @@ func CanDeleteFromAcl(dashboardId int64, role m.RoleType, isGrafanaAdmin bool, o
}
// CheckDashboardPermissions determines if a user has permission to view, edit or save a dashboard
func
CheckDashboardPermissions
(
dashboardId
int64
,
role
m
.
RoleType
,
isGrafanaAdmin
bool
,
orgId
int64
,
userId
int64
)
(
bool
,
bool
,
bool
,
error
)
{
func
CheckDashboardPermissions
(
dashboardId
int64
,
role
m
.
RoleType
,
isGrafanaAdmin
bool
,
userId
int64
)
(
bool
,
bool
,
bool
,
error
)
{
if
role
==
m
.
ROLE_ADMIN
||
isGrafanaAdmin
{
return
true
,
true
,
true
,
nil
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment