Commit b494fd76 by Torkel Ödegaard

dashboard folders acl work

parent cbbbccf1
......@@ -16,15 +16,14 @@ func GetDashboardAcl(c *middleware.Context) Response {
}
guardian := guardian.NewDashboardGuardian(dash, c.SignedInUser)
canView, err := guardian.CanView(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId)
canView, err := guardian.CanView()
if err != nil {
return ApiError(500, "Failed to get Dashboard ACL", err)
} else if !hasPermission {
return ApiError(403, "Does not have access to this Dashboard ACL")
} else if !canView {
return ApiError(403, "Dashboard access denied", nil)
}
query := m.GetDashboardPermissionsQuery{DashboardId: dashboardId}
query := m.GetDashboardPermissionsQuery{DashboardId: dash.Id}
if err := bus.Dispatch(&query); err != nil {
return ApiError(500, "Failed to get Dashboard ACL", err)
}
......@@ -52,43 +51,43 @@ func PostDashboardAcl(c *middleware.Context, cmd m.AddOrUpdateDashboardPermissio
}
func DeleteDashboardAclByUser(c *middleware.Context) Response {
dashboardId := c.ParamsInt64(":id")
userId := c.ParamsInt64(":userId")
cmd := m.RemoveDashboardPermissionCommand{DashboardId: dashboardId, UserId: userId, OrgId: c.OrgId}
hasPermission, err := guardian.CanDeleteFromAcl(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId)
if err != nil {
return ApiError(500, "Failed to delete from Dashboard ACL", err)
}
if !hasPermission {
return Json(403, util.DynMap{"status": "Forbidden", "message": "Does not have access to this Dashboard ACL"})
}
if err := bus.Dispatch(&cmd); err != nil {
return ApiError(500, "Failed to delete permission for user", err)
}
// dashboardId := c.ParamsInt64(":id")
// userId := c.ParamsInt64(":userId")
// cmd := m.RemoveDashboardPermissionCommand{DashboardId: dashboardId, UserId: userId, OrgId: c.OrgId}
//
// hasPermission, err := guardian.CanDeleteFromAcl(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId)
// if err != nil {
// return ApiError(500, "Failed to delete from Dashboard ACL", err)
// }
//
// if !hasPermission {
// return Json(403, util.DynMap{"status": "Forbidden", "message": "Does not have access to this Dashboard ACL"})
// }
//
// if err := bus.Dispatch(&cmd); err != nil {
// return ApiError(500, "Failed to delete permission for user", err)
// }
return Json(200, "")
}
func DeleteDashboardAclByUserGroup(c *middleware.Context) Response {
dashboardId := c.ParamsInt64(":id")
userGroupId := c.ParamsInt64(":userGroupId")
cmd := m.RemoveDashboardPermissionCommand{DashboardId: dashboardId, UserGroupId: userGroupId, OrgId: c.OrgId}
hasPermission, err := guardian.CanDeleteFromAcl(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId)
if err != nil {
return ApiError(500, "Failed to delete from Dashboard ACL", err)
}
if !hasPermission {
return Json(403, util.DynMap{"status": "Forbidden", "message": "Does not have access to this Dashboard ACL"})
}
if err := bus.Dispatch(&cmd); err != nil {
return ApiError(500, "Failed to delete permission for user", err)
}
// dashboardId := c.ParamsInt64(":id")
// userGroupId := c.ParamsInt64(":userGroupId")
// cmd := m.RemoveDashboardPermissionCommand{DashboardId: dashboardId, UserGroupId: userGroupId, OrgId: c.OrgId}
//
// hasPermission, err := guardian.CanDeleteFromAcl(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId)
// if err != nil {
// return ApiError(500, "Failed to delete from Dashboard ACL", err)
// }
//
// if !hasPermission {
// return Json(403, util.DynMap{"status": "Forbidden", "message": "Does not have access to this Dashboard ACL"})
// }
//
// if err := bus.Dispatch(&cmd); err != nil {
// return ApiError(500, "Failed to delete permission for user", err)
// }
return Json(200, "")
}
......@@ -74,16 +74,21 @@ type AddOrUpdateDashboardPermissionCommand struct {
type RemoveDashboardPermissionCommand struct {
DashboardId int64 `json:"dashboardId" binding:"Required"`
OrgId int64 `json:"-"`
UserId int64 `json:"userId"`
UserGroupId int64 `json:"userGroupId"`
OrgId int64 `json:"-"`
}
//
// QUERIES
//
type GetDashboardPermissionsQuery struct {
DashboardId int64 `json:"dashboardId" binding:"Required"`
DashboardId int64
Result []*DashboardAclInfoDTO
}
type GetDashboardAclQuery struct {
DashboardId int64
Result []*DashboardAcl
}
package guardian
import (
"fmt"
"github.com/grafana/grafana/pkg/bus"
m "github.com/grafana/grafana/pkg/models"
)
......@@ -22,7 +20,6 @@ func NewDashboardGuardian(dash *m.Dashboard, user *m.SignedInUser) *DashboardGua
}
func (g *DashboardGuardian) CanSave() (bool, error) {
fmt.Printf("user %v, %v", g.user.OrgRole, g.user.HasRole(m.ROLE_EDITOR))
if !g.dashboard.HasAcl {
return g.user.HasRole(m.ROLE_EDITOR), nil
}
......
......@@ -11,6 +11,7 @@ func init() {
bus.AddHandler("sql", AddOrUpdateDashboardPermission)
bus.AddHandler("sql", RemoveDashboardPermission)
bus.AddHandler("sql", GetDashboardPermissions)
bus.AddHandler("sql", GetDashboardAcl)
}
func AddOrUpdateDashboardPermission(cmd *m.AddOrUpdateDashboardPermissionCommand) error {
......@@ -85,6 +86,28 @@ func RemoveDashboardPermission(cmd *m.RemoveDashboardPermissionCommand) error {
})
}
func GetDashboardAcl(query *m.GetDashboardAclQuery) error {
rawSQL := `SELECT
da.id,
da.org_id,
da.id,
da.dashboard_id,
da.user_id,
da.user_group_id,
da.permissions,
da.created,
da.updated,
FROM` + dialect.Quote("dashboard_acl") + ` as da
WHERE dashboard_id IN (
SELECT id FROM dashboard where id = ?
UNION
SELECT parent_id from dashboard where id = ?
)`
query.Result = make([]*m.DashboardAcl, 0)
return x.SQL(rawSQL, query.DashboardId).Find(&query.Result)
}
func GetDashboardPermissions(query *m.GetDashboardPermissionsQuery) error {
rawSQL := `SELECT
da.id,
......
......@@ -76,12 +76,12 @@ func createUser(name string, role string, isAdmin bool) m.User {
return currentUserCmd.Result
}
func updateTestDashboardWithAcl(dashId int64, userId int64, permissionType m.PermissionType) {
func updateTestDashboardWithAcl(dashId int64, userId int64, permission m.PermissionType) {
err := AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{
OrgId: 1,
UserId: userId,
DashboardId: dashId,
PermissionType: permissionType,
OrgId: 1,
UserId: userId,
DashboardId: dashId,
Permissions: permission,
})
So(err, ShouldBeNil)
}
......@@ -94,7 +94,7 @@ func TestUserGroupCommandsAndQueries(t *testing.T) {
So(err, ShouldBeNil)
err = AddUserGroupMember(&m.AddUserGroupMemberCommand{OrgId: 1, UserGroupId: groupId, UserId: userIds[2]})
So(err, ShouldBeNil)
err = AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{DashboardId: 1, OrgId: 1, PermissionType: m.PERMISSION_EDIT, UserGroupId: groupId})
err = AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{DashboardId: 1, OrgId: 1, Permissions: m.PERMISSION_EDIT, UserGroupId: groupId})
err = DeleteUserGroup(&m.DeleteUserGroupCommand{Id: groupId})
So(err, ShouldBeNil)
......
......@@ -99,7 +99,7 @@ func TestUserDataAccess(t *testing.T) {
err = AddOrgUser(&models.AddOrgUserCommand{LoginOrEmail: users[0].Login, Role: models.ROLE_VIEWER, OrgId: users[0].OrgId})
So(err, ShouldBeNil)
err = AddOrUpdateDashboardPermission(&models.AddOrUpdateDashboardPermissionCommand{DashboardId: 1, OrgId: users[0].OrgId, UserId: users[0].Id, PermissionType: models.PERMISSION_EDIT})
err = AddOrUpdateDashboardPermission(&models.AddOrUpdateDashboardPermissionCommand{DashboardId: 1, OrgId: users[0].OrgId, UserId: users[0].Id, Permissions: models.PERMISSION_EDIT})
So(err, ShouldBeNil)
err = SavePreferences(&models.SavePreferencesCommand{UserId: users[0].Id, OrgId: users[0].OrgId, HomeDashboardId: 1, Theme: "dark"})
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment