Commit b783fa70 by Leonard Gram

team: renames teams.CanUpdate teamguardian.CanAdmin

parent 96aa4ae1
......@@ -1028,6 +1028,7 @@ func restoreDashboardVersionScenario(desc string, url string, routePattern strin
defer bus.ClearBusHandlers()
hs := HTTPServer{
Cfg: setting.NewCfg(),
Bus: bus.GetBus(),
}
......
......@@ -142,12 +142,9 @@ func createFolderScenario(desc string, url string, routePattern string, mock *fa
Convey(desc+" "+url, func() {
defer bus.ClearBusHandlers()
cfg := setting.NewCfg()
cfg.EditorsCanAdmin = true
hs := HTTPServer{
Bus: bus.GetBus(),
Cfg: cfg,
Cfg: setting.NewCfg(),
}
sc := setupScenarioContext(url)
......
......@@ -4,7 +4,7 @@ import (
"github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/bus"
m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/teams"
"github.com/grafana/grafana/pkg/services/teamguardian"
"github.com/grafana/grafana/pkg/util"
)
......@@ -42,7 +42,7 @@ func UpdateTeam(c *m.ReqContext, cmd m.UpdateTeamCommand) Response {
cmd.OrgId = c.OrgId
cmd.Id = c.ParamsInt64(":teamId")
if err := teams.CanUpdateTeam(cmd.OrgId, cmd.Id, c.SignedInUser); err != nil {
if err := teamguardian.CanAdmin(cmd.OrgId, cmd.Id, c.SignedInUser); err != nil {
return Error(403, "Not allowed to update team", err)
}
......@@ -62,7 +62,7 @@ func DeleteTeamByID(c *m.ReqContext) Response {
teamId := c.ParamsInt64(":teamId")
user := c.SignedInUser
if err := teams.CanUpdateTeam(orgId, teamId, user); err != nil {
if err := teamguardian.CanAdmin(orgId, teamId, user); err != nil {
return Error(403, "Not allowed to delete team", err)
}
......@@ -132,7 +132,14 @@ func GetTeamByID(c *m.ReqContext) Response {
// GET /api/teams/:teamId/preferences
func GetTeamPreferences(c *m.ReqContext) Response {
return getPreferencesFor(c.OrgId, 0, c.ParamsInt64(":teamId"))
teamId := c.ParamsInt64(":teamId")
orgId := c.OrgId
if err := teamguardian.CanAdmin(orgId, teamId, c.SignedInUser); err != nil {
return Error(403, "Not allowed to view team preferences.", err)
}
return getPreferencesFor(orgId, 0, teamId)
}
// PUT /api/teams/:teamId/preferences
......@@ -140,7 +147,7 @@ func UpdateTeamPreferences(c *m.ReqContext, dtoCmd dtos.UpdatePrefsCmd) Response
teamId := c.ParamsInt64(":teamId")
orgId := c.OrgId
if err := teams.CanUpdateTeam(orgId, teamId, c.SignedInUser); err != nil {
if err := teamguardian.CanAdmin(orgId, teamId, c.SignedInUser); err != nil {
return Error(403, "Not allowed to update team preferences.", err)
}
......
......@@ -4,7 +4,7 @@ import (
"github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/bus"
m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/teams"
"github.com/grafana/grafana/pkg/services/teamguardian"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util"
)
......@@ -34,7 +34,7 @@ func AddTeamMember(c *m.ReqContext, cmd m.AddTeamMemberCommand) Response {
teamId := c.ParamsInt64(":teamId")
orgId := c.OrgId
if err := teams.CanUpdateTeam(orgId, teamId, c.SignedInUser); err != nil {
if err := teamguardian.CanAdmin(orgId, teamId, c.SignedInUser); err != nil {
return Error(403, "Not allowed to add team member", err)
}
......@@ -63,7 +63,7 @@ func UpdateTeamMember(c *m.ReqContext, cmd m.UpdateTeamMemberCommand) Response {
teamId := c.ParamsInt64(":teamId")
orgId := c.OrgId
if err := teams.CanUpdateTeam(orgId, teamId, c.SignedInUser); err != nil {
if err := teamguardian.CanAdmin(orgId, teamId, c.SignedInUser); err != nil {
return Error(403, "Not allowed to update team member", err)
}
......@@ -86,7 +86,7 @@ func RemoveTeamMember(c *m.ReqContext) Response {
teamId := c.ParamsInt64(":teamId")
userId := c.ParamsInt64(":userId")
if err := teams.CanUpdateTeam(orgId, teamId, c.SignedInUser); err != nil {
if err := teamguardian.CanAdmin(orgId, teamId, c.SignedInUser); err != nil {
return Error(403, "Not allowed to remove team member", err)
}
......
package teams
package teamguardian
import (
"github.com/grafana/grafana/pkg/bus"
m "github.com/grafana/grafana/pkg/models"
)
func CanUpdateTeam(orgId int64, teamId int64, user *m.SignedInUser) error {
func CanAdmin(orgId int64, teamId int64, user *m.SignedInUser) error {
if user.OrgRole == m.ROLE_ADMIN {
return nil
}
......
package teams
package teamguardian
import (
"github.com/grafana/grafana/pkg/bus"
......@@ -33,7 +33,7 @@ func TestUpdateTeam(t *testing.T) {
return nil
})
err := CanUpdateTeam(testTeam.OrgId, testTeam.Id, &editor)
err := CanAdmin(testTeam.OrgId, testTeam.Id, &editor)
So(err, ShouldEqual, m.ErrNotAllowedToUpdateTeam)
})
})
......@@ -50,7 +50,7 @@ func TestUpdateTeam(t *testing.T) {
return nil
})
err := CanUpdateTeam(testTeam.OrgId, testTeam.Id, &editor)
err := CanAdmin(testTeam.OrgId, testTeam.Id, &editor)
So(err, ShouldBeNil)
})
})
......@@ -72,14 +72,14 @@ func TestUpdateTeam(t *testing.T) {
return nil
})
err := CanUpdateTeam(testTeamOtherOrg.OrgId, testTeamOtherOrg.Id, &editor)
err := CanAdmin(testTeamOtherOrg.OrgId, testTeamOtherOrg.Id, &editor)
So(err, ShouldEqual, m.ErrNotAllowedToUpdateTeamInDifferentOrg)
})
})
Convey("Given an org admin and a team", func() {
Convey("Should be able to update the team", func() {
err := CanUpdateTeam(testTeam.OrgId, testTeam.Id, &admin)
err := CanAdmin(testTeam.OrgId, testTeam.Id, &admin)
So(err, ShouldBeNil)
})
})
......
......@@ -115,6 +115,6 @@ export const teamsPermissionLevels: TeamPermissionInfo[] = [
{
value: TeamPermissionLevel.Admin,
label: 'Admin',
description: 'Can add/remove permissions and delete team.',
description: 'Can add/remove permissions, members and delete team.',
},
];
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment