Commit b494fd76 by Torkel Ödegaard

dashboard folders acl work

parent cbbbccf1
...@@ -16,15 +16,14 @@ func GetDashboardAcl(c *middleware.Context) Response { ...@@ -16,15 +16,14 @@ func GetDashboardAcl(c *middleware.Context) Response {
} }
guardian := guardian.NewDashboardGuardian(dash, c.SignedInUser) guardian := guardian.NewDashboardGuardian(dash, c.SignedInUser)
canView, err := guardian.CanView()
canView, err := guardian.CanView(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId)
if err != nil { if err != nil {
return ApiError(500, "Failed to get Dashboard ACL", err) return ApiError(500, "Failed to get Dashboard ACL", err)
} else if !hasPermission { } else if !canView {
return ApiError(403, "Does not have access to this Dashboard ACL") return ApiError(403, "Dashboard access denied", nil)
} }
query := m.GetDashboardPermissionsQuery{DashboardId: dashboardId} query := m.GetDashboardPermissionsQuery{DashboardId: dash.Id}
if err := bus.Dispatch(&query); err != nil { if err := bus.Dispatch(&query); err != nil {
return ApiError(500, "Failed to get Dashboard ACL", err) return ApiError(500, "Failed to get Dashboard ACL", err)
} }
...@@ -52,43 +51,43 @@ func PostDashboardAcl(c *middleware.Context, cmd m.AddOrUpdateDashboardPermissio ...@@ -52,43 +51,43 @@ func PostDashboardAcl(c *middleware.Context, cmd m.AddOrUpdateDashboardPermissio
} }
func DeleteDashboardAclByUser(c *middleware.Context) Response { func DeleteDashboardAclByUser(c *middleware.Context) Response {
dashboardId := c.ParamsInt64(":id") // dashboardId := c.ParamsInt64(":id")
userId := c.ParamsInt64(":userId") // userId := c.ParamsInt64(":userId")
cmd := m.RemoveDashboardPermissionCommand{DashboardId: dashboardId, UserId: userId, OrgId: c.OrgId} // cmd := m.RemoveDashboardPermissionCommand{DashboardId: dashboardId, UserId: userId, OrgId: c.OrgId}
//
hasPermission, err := guardian.CanDeleteFromAcl(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId) // hasPermission, err := guardian.CanDeleteFromAcl(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId)
if err != nil { // if err != nil {
return ApiError(500, "Failed to delete from Dashboard ACL", err) // return ApiError(500, "Failed to delete from Dashboard ACL", err)
} // }
//
if !hasPermission { // if !hasPermission {
return Json(403, util.DynMap{"status": "Forbidden", "message": "Does not have access to this Dashboard ACL"}) // return Json(403, util.DynMap{"status": "Forbidden", "message": "Does not have access to this Dashboard ACL"})
} // }
//
if err := bus.Dispatch(&cmd); err != nil { // if err := bus.Dispatch(&cmd); err != nil {
return ApiError(500, "Failed to delete permission for user", err) // return ApiError(500, "Failed to delete permission for user", err)
} // }
return Json(200, "") return Json(200, "")
} }
func DeleteDashboardAclByUserGroup(c *middleware.Context) Response { func DeleteDashboardAclByUserGroup(c *middleware.Context) Response {
dashboardId := c.ParamsInt64(":id") // dashboardId := c.ParamsInt64(":id")
userGroupId := c.ParamsInt64(":userGroupId") // userGroupId := c.ParamsInt64(":userGroupId")
cmd := m.RemoveDashboardPermissionCommand{DashboardId: dashboardId, UserGroupId: userGroupId, OrgId: c.OrgId} // cmd := m.RemoveDashboardPermissionCommand{DashboardId: dashboardId, UserGroupId: userGroupId, OrgId: c.OrgId}
//
hasPermission, err := guardian.CanDeleteFromAcl(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId) // hasPermission, err := guardian.CanDeleteFromAcl(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId)
if err != nil { // if err != nil {
return ApiError(500, "Failed to delete from Dashboard ACL", err) // return ApiError(500, "Failed to delete from Dashboard ACL", err)
} // }
//
if !hasPermission { // if !hasPermission {
return Json(403, util.DynMap{"status": "Forbidden", "message": "Does not have access to this Dashboard ACL"}) // return Json(403, util.DynMap{"status": "Forbidden", "message": "Does not have access to this Dashboard ACL"})
} // }
//
if err := bus.Dispatch(&cmd); err != nil { // if err := bus.Dispatch(&cmd); err != nil {
return ApiError(500, "Failed to delete permission for user", err) // return ApiError(500, "Failed to delete permission for user", err)
} // }
return Json(200, "") return Json(200, "")
} }
...@@ -74,16 +74,21 @@ type AddOrUpdateDashboardPermissionCommand struct { ...@@ -74,16 +74,21 @@ type AddOrUpdateDashboardPermissionCommand struct {
type RemoveDashboardPermissionCommand struct { type RemoveDashboardPermissionCommand struct {
DashboardId int64 `json:"dashboardId" binding:"Required"` DashboardId int64 `json:"dashboardId" binding:"Required"`
OrgId int64 `json:"-"`
UserId int64 `json:"userId"` UserId int64 `json:"userId"`
UserGroupId int64 `json:"userGroupId"` UserGroupId int64 `json:"userGroupId"`
OrgId int64 `json:"-"`
} }
// //
// QUERIES // QUERIES
// //
type GetDashboardPermissionsQuery struct { type GetDashboardPermissionsQuery struct {
DashboardId int64 `json:"dashboardId" binding:"Required"` DashboardId int64
Result []*DashboardAclInfoDTO Result []*DashboardAclInfoDTO
} }
type GetDashboardAclQuery struct {
DashboardId int64
Result []*DashboardAcl
}
package guardian package guardian
import ( import (
"fmt"
"github.com/grafana/grafana/pkg/bus" "github.com/grafana/grafana/pkg/bus"
m "github.com/grafana/grafana/pkg/models" m "github.com/grafana/grafana/pkg/models"
) )
...@@ -22,7 +20,6 @@ func NewDashboardGuardian(dash *m.Dashboard, user *m.SignedInUser) *DashboardGua ...@@ -22,7 +20,6 @@ func NewDashboardGuardian(dash *m.Dashboard, user *m.SignedInUser) *DashboardGua
} }
func (g *DashboardGuardian) CanSave() (bool, error) { func (g *DashboardGuardian) CanSave() (bool, error) {
fmt.Printf("user %v, %v", g.user.OrgRole, g.user.HasRole(m.ROLE_EDITOR))
if !g.dashboard.HasAcl { if !g.dashboard.HasAcl {
return g.user.HasRole(m.ROLE_EDITOR), nil return g.user.HasRole(m.ROLE_EDITOR), nil
} }
......
...@@ -11,6 +11,7 @@ func init() { ...@@ -11,6 +11,7 @@ func init() {
bus.AddHandler("sql", AddOrUpdateDashboardPermission) bus.AddHandler("sql", AddOrUpdateDashboardPermission)
bus.AddHandler("sql", RemoveDashboardPermission) bus.AddHandler("sql", RemoveDashboardPermission)
bus.AddHandler("sql", GetDashboardPermissions) bus.AddHandler("sql", GetDashboardPermissions)
bus.AddHandler("sql", GetDashboardAcl)
} }
func AddOrUpdateDashboardPermission(cmd *m.AddOrUpdateDashboardPermissionCommand) error { func AddOrUpdateDashboardPermission(cmd *m.AddOrUpdateDashboardPermissionCommand) error {
...@@ -85,6 +86,28 @@ func RemoveDashboardPermission(cmd *m.RemoveDashboardPermissionCommand) error { ...@@ -85,6 +86,28 @@ func RemoveDashboardPermission(cmd *m.RemoveDashboardPermissionCommand) error {
}) })
} }
func GetDashboardAcl(query *m.GetDashboardAclQuery) error {
rawSQL := `SELECT
da.id,
da.org_id,
da.id,
da.dashboard_id,
da.user_id,
da.user_group_id,
da.permissions,
da.created,
da.updated,
FROM` + dialect.Quote("dashboard_acl") + ` as da
WHERE dashboard_id IN (
SELECT id FROM dashboard where id = ?
UNION
SELECT parent_id from dashboard where id = ?
)`
query.Result = make([]*m.DashboardAcl, 0)
return x.SQL(rawSQL, query.DashboardId).Find(&query.Result)
}
func GetDashboardPermissions(query *m.GetDashboardPermissionsQuery) error { func GetDashboardPermissions(query *m.GetDashboardPermissionsQuery) error {
rawSQL := `SELECT rawSQL := `SELECT
da.id, da.id,
......
...@@ -76,12 +76,12 @@ func createUser(name string, role string, isAdmin bool) m.User { ...@@ -76,12 +76,12 @@ func createUser(name string, role string, isAdmin bool) m.User {
return currentUserCmd.Result return currentUserCmd.Result
} }
func updateTestDashboardWithAcl(dashId int64, userId int64, permissionType m.PermissionType) { func updateTestDashboardWithAcl(dashId int64, userId int64, permission m.PermissionType) {
err := AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{ err := AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{
OrgId: 1, OrgId: 1,
UserId: userId, UserId: userId,
DashboardId: dashId, DashboardId: dashId,
PermissionType: permissionType, Permissions: permission,
}) })
So(err, ShouldBeNil) So(err, ShouldBeNil)
} }
...@@ -94,7 +94,7 @@ func TestUserGroupCommandsAndQueries(t *testing.T) { ...@@ -94,7 +94,7 @@ func TestUserGroupCommandsAndQueries(t *testing.T) {
So(err, ShouldBeNil) So(err, ShouldBeNil)
err = AddUserGroupMember(&m.AddUserGroupMemberCommand{OrgId: 1, UserGroupId: groupId, UserId: userIds[2]}) err = AddUserGroupMember(&m.AddUserGroupMemberCommand{OrgId: 1, UserGroupId: groupId, UserId: userIds[2]})
So(err, ShouldBeNil) So(err, ShouldBeNil)
err = AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{DashboardId: 1, OrgId: 1, PermissionType: m.PERMISSION_EDIT, UserGroupId: groupId}) err = AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{DashboardId: 1, OrgId: 1, Permissions: m.PERMISSION_EDIT, UserGroupId: groupId})
err = DeleteUserGroup(&m.DeleteUserGroupCommand{Id: groupId}) err = DeleteUserGroup(&m.DeleteUserGroupCommand{Id: groupId})
So(err, ShouldBeNil) So(err, ShouldBeNil)
......
...@@ -99,7 +99,7 @@ func TestUserDataAccess(t *testing.T) { ...@@ -99,7 +99,7 @@ func TestUserDataAccess(t *testing.T) {
err = AddOrgUser(&models.AddOrgUserCommand{LoginOrEmail: users[0].Login, Role: models.ROLE_VIEWER, OrgId: users[0].OrgId}) err = AddOrgUser(&models.AddOrgUserCommand{LoginOrEmail: users[0].Login, Role: models.ROLE_VIEWER, OrgId: users[0].OrgId})
So(err, ShouldBeNil) So(err, ShouldBeNil)
err = AddOrUpdateDashboardPermission(&models.AddOrUpdateDashboardPermissionCommand{DashboardId: 1, OrgId: users[0].OrgId, UserId: users[0].Id, PermissionType: models.PERMISSION_EDIT}) err = AddOrUpdateDashboardPermission(&models.AddOrUpdateDashboardPermissionCommand{DashboardId: 1, OrgId: users[0].OrgId, UserId: users[0].Id, Permissions: models.PERMISSION_EDIT})
So(err, ShouldBeNil) So(err, ShouldBeNil)
err = SavePreferences(&models.SavePreferencesCommand{UserId: users[0].Id, OrgId: users[0].OrgId, HomeDashboardId: 1, Theme: "dark"}) err = SavePreferences(&models.SavePreferencesCommand{UserId: users[0].Id, OrgId: users[0].OrgId, HomeDashboardId: 1, Theme: "dark"})
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment