refactoring dashoard folder guardian

pkg/api/dashboard_acl.go

@@ -10,20 +10,21 @@ import (
 )
 
 func GetDashboardAcl(c *middleware.Context) Response {
-	dashboardId := c.ParamsInt64(":id")
+	dash, rsp := getDashboardHelper(c.OrgId, "", c.ParamsInt64(":id"))
+	if rsp != nil {
+		return rsp
+	}
 
-	hasPermission, err := guardian.CanViewAcl(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId)
+	guardian := guardian.NewDashboardGuardian(dash, c.SignedInUser)
 
+	canView, err := guardian.CanView(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId)
 	if err != nil {
 		return ApiError(500, "Failed to get Dashboard ACL", err)
-	}
-
-	if !hasPermission {
-		return Json(403, util.DynMap{"status": "Forbidden", "message": "Does not have access to this Dashboard ACL"})
+	} else if !hasPermission {
+		return ApiError(403, "Does not have access to this Dashboard ACL")
 	}
 
 	query := m.GetDashboardPermissionsQuery{DashboardId: dashboardId}
-
 	if err := bus.Dispatch(&query); err != nil {
 		return ApiError(500, "Failed to get Dashboard ACL", err)
 	}

pkg/api/dashboard_acl_test.go

@@ -13,10 +13,10 @@ import (
 func TestDashboardAclApiEndpoint(t *testing.T) {
 	Convey("Given a dashboard acl", t, func() {
 		mockResult := []*models.DashboardAclInfoDTO{
-			{Id: 1, OrgId: 1, DashboardId: 1, UserId: 2, PermissionType: models.PERMISSION_EDIT},
-			{Id: 2, OrgId: 1, DashboardId: 1, UserId: 3, PermissionType: models.PERMISSION_VIEW},
-			{Id: 3, OrgId: 1, DashboardId: 1, UserGroupId: 1, PermissionType: models.PERMISSION_EDIT},
-			{Id: 4, OrgId: 1, DashboardId: 1, UserGroupId: 2, PermissionType: models.PERMISSION_READ_ONLY_EDIT},
+			{Id: 1, OrgId: 1, DashboardId: 1, UserId: 2, Permissions: models.PERMISSION_EDIT},
+			{Id: 2, OrgId: 1, DashboardId: 1, UserId: 3, Permissions: models.PERMISSION_VIEW},
+			{Id: 3, OrgId: 1, DashboardId: 1, UserGroupId: 1, Permissions: models.PERMISSION_EDIT},
+			{Id: 4, OrgId: 1, DashboardId: 1, UserGroupId: 2, Permissions: models.PERMISSION_READ_ONLY_EDIT},
 		}
 		bus.AddHandler("test", func(query *models.GetDashboardPermissionsQuery) error {
 			query.Result = mockResult
@@ -39,14 +39,14 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
 					respJSON, err := simplejson.NewJson(sc.resp.Body.Bytes())
 					So(err, ShouldBeNil)
 					So(respJSON.GetIndex(0).Get("userId").MustInt(), ShouldEqual, 2)
-					So(respJSON.GetIndex(0).Get("permissionType").MustInt(), ShouldEqual, models.PERMISSION_EDIT)
+					So(respJSON.GetIndex(0).Get("permissions").MustInt(), ShouldEqual, models.PERMISSION_EDIT)
 				})
 			})
 		})
 
 		Convey("When user is editor and in the ACL", func() {
 			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/1/acl", "/api/dashboards/:id/acl", models.ROLE_EDITOR, func(sc *scenarioContext) {
-				mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, PermissionType: models.PERMISSION_EDIT})
+				mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_EDIT})
 
 				bus.AddHandler("test2", func(query *models.GetAllowedDashboardsQuery) error {
 					query.Result = []int64{1}
@@ -62,7 +62,7 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
 			})
 
 			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/1/acl/user/1", "/api/dashboards/:id/acl/user/:userId", models.ROLE_EDITOR, func(sc *scenarioContext) {
-				mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, PermissionType: models.PERMISSION_EDIT})
+				mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_EDIT})
 
 				bus.AddHandler("test3", func(cmd *models.RemoveDashboardPermissionCommand) error {
 					return nil
@@ -115,7 +115,7 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
 			})
 
 			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/1/acl/user/1", "/api/dashboards/:id/acl/user/:userId", models.ROLE_EDITOR, func(sc *scenarioContext) {
-				mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, PermissionType: models.PERMISSION_VIEW})
+				mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_VIEW})
 				bus.AddHandler("test3", func(cmd *models.RemoveDashboardPermissionCommand) error {
 					return nil
 				})

pkg/api/dashboard_test.go

@@ -21,6 +21,7 @@ import (
 func TestDashboardApiEndpoint(t *testing.T) {
 	Convey("Given a dashboard with a parent folder which does not have an acl", t, func() {
 		fakeDash := models.NewDashboard("Child dash")
+		fakeDash.Id = 1
 		fakeDash.ParentId = 1
 		fakeDash.HasAcl = false
 
@@ -33,6 +34,7 @@ func TestDashboardApiEndpoint(t *testing.T) {
 			Dashboard: simplejson.NewFromAny(map[string]interface{}{
 				"parentId": fakeDash.ParentId,
 				"title":    fakeDash.Title,
+				"id":       fakeDash.Id,
 			}),
 		}
 
@@ -140,6 +142,8 @@ func TestDashboardApiEndpoint(t *testing.T) {
 					return nil
 				})
 				invalidCmd := models.SaveDashboardCommand{
+					ParentId: fakeDash.ParentId,
+					IsFolder: true,
 					Dashboard: simplejson.NewFromAny(map[string]interface{}{
 						"parentId": fakeDash.ParentId,
 						"title":    fakeDash.Title,
@@ -157,6 +161,7 @@ func TestDashboardApiEndpoint(t *testing.T) {
 
 	Convey("Given a dashboard with a parent folder which has an acl", t, func() {
 		fakeDash := models.NewDashboard("Child dash")
+		fakeDash.Id = 1
 		fakeDash.ParentId = 1
 		fakeDash.HasAcl = true
 
@@ -173,6 +178,7 @@ func TestDashboardApiEndpoint(t *testing.T) {
 		cmd := models.SaveDashboardCommand{
 			ParentId: fakeDash.ParentId,
 			Dashboard: simplejson.NewFromAny(map[string]interface{}{
+				"id":       fakeDash.Id,
 				"parentId": fakeDash.ParentId,
 				"title":    fakeDash.Title,
 			}),
@@ -257,7 +263,7 @@ func TestDashboardApiEndpoint(t *testing.T) {
 			role := models.ROLE_VIEWER
 
 			mockResult := []*models.DashboardAclInfoDTO{
-				{Id: 1, OrgId: 1, DashboardId: 2, UserId: 1, PermissionType: models.PERMISSION_EDIT},
+				{Id: 1, OrgId: 1, DashboardId: 2, UserId: 1, Permissions: models.PERMISSION_EDIT},
 			}
 
 			bus.AddHandler("test", func(query *models.GetDashboardPermissionsQuery) error {
@@ -299,7 +305,7 @@ func TestDashboardApiEndpoint(t *testing.T) {
 			role := models.ROLE_EDITOR
 
 			mockResult := []*models.DashboardAclInfoDTO{
-				{Id: 1, OrgId: 1, DashboardId: 2, UserId: 1, PermissionType: models.PERMISSION_VIEW},
+				{Id: 1, OrgId: 1, DashboardId: 2, UserId: 1, Permissions: models.PERMISSION_VIEW},
 			}
 
 			bus.AddHandler("test", func(query *models.GetDashboardPermissionsQuery) error {

pkg/models/dashboard_acl.go

@@ -63,11 +63,11 @@ type DashboardAclInfoDTO struct {
 //
 
 type AddOrUpdateDashboardPermissionCommand struct {
-	DashboardId    int64          `json:"-"`
-	OrgId          int64          `json:"-"`
-	UserId         int64          `json:"userId"`
-	UserGroupId    int64          `json:"userGroupId"`
-	PermissionType PermissionType `json:"permissionType" binding:"Required"`
+	DashboardId int64          `json:"-"`
+	OrgId       int64          `json:"-"`
+	UserId      int64          `json:"userId"`
+	UserGroupId int64          `json:"userGroupId"`
+	Permissions PermissionType `json:"permissionType" binding:"Required"`
 
 	Result DashboardAcl `json:"-"`
 }

pkg/models/dashboards.go

@@ -151,7 +151,7 @@ type SaveDashboardCommand struct {
 }
 
 type DeleteDashboardCommand struct {
-	Slug  string
+	Id    int64
 	OrgId int64
 }
 

pkg/models/org_user.go

@@ -32,11 +32,20 @@ func (r RoleType) Includes(other RoleType) bool {
 	if r == ROLE_ADMIN {
 		return true
 	}
-	if r == ROLE_EDITOR || r == ROLE_READ_ONLY_EDITOR {
-		return other != ROLE_ADMIN
+
+	if other == ROLE_READ_ONLY_EDITOR {
+		return r == ROLE_EDITOR || r == ROLE_READ_ONLY_EDITOR
+	}
+
+	if other == ROLE_EDITOR {
+		return r == ROLE_EDITOR
+	}
+
+	if other == ROLE_VIEWER {
+		return r == ROLE_READ_ONLY_EDITOR || r == ROLE_EDITOR || r == ROLE_VIEWER
 	}
 
-	return r == other
+	return false
 }
 
 func (r *RoleType) UnmarshalJSON(data []byte) error {

pkg/plugins/dashboards.go

@@ -15,6 +15,7 @@ type PluginDashboardInfoDTO struct {
 	Imported         bool   `json:"imported"`
 	ImportedUri      string `json:"importedUri"`
 	Slug             string `json:"slug"`
+	DashboardId      int64  `json:"dashboardId"`
 	ImportedRevision int64  `json:"importedRevision"`
 	Revision         int64  `json:"revision"`
 	Description      string `json:"description"`
@@ -60,6 +61,7 @@ func GetPluginDashboards(orgId int64, pluginId string) ([]*PluginDashboardInfoDT
 		// find existing dashboard
 		for _, existingDash := range query.Result {
 			if existingDash.Slug == dashboard.Slug {
+				res.DashboardId = existingDash.Id
 				res.Imported = true
 				res.ImportedUri = "db/" + existingDash.Slug
 				res.ImportedRevision = existingDash.Data.Get("revision").MustInt64(1)
@@ -74,8 +76,9 @@ func GetPluginDashboards(orgId int64, pluginId string) ([]*PluginDashboardInfoDT
 	for _, dash := range query.Result {
 		if _, exists := existingMatches[dash.Id]; !exists {
 			result = append(result, &PluginDashboardInfoDTO{
-				Slug:    dash.Slug,
-				Removed: true,
+				Slug:        dash.Slug,
+				DashboardId: dash.Id,
+				Removed:     true,
 			})
 		}
 	}

pkg/plugins/dashboards_updater.go

@@ -75,7 +75,7 @@ func syncPluginDashboards(pluginDef *PluginBase, orgId int64) {
 		if dash.Removed {
 			plog.Info("Deleting plugin dashboard", "pluginId", pluginDef.Id, "dashboard", dash.Slug)
 
-			deleteCmd := m.DeleteDashboardCommand{OrgId: orgId, Slug: dash.Slug}
+			deleteCmd := m.DeleteDashboardCommand{OrgId: orgId, Id: dash.DashboardId}
 			if err := bus.Dispatch(&deleteCmd); err != nil {
 				plog.Error("Failed to auto update app dashboard", "pluginId", pluginDef.Id, "error", err)
 				return
@@ -124,7 +124,7 @@ func handlePluginStateChanged(event *m.PluginStateChangedEvent) error {
 			return err
 		} else {
 			for _, dash := range query.Result {
-				deleteCmd := m.DeleteDashboardCommand{OrgId: dash.OrgId, Slug: dash.Slug}
+				deleteCmd := m.DeleteDashboardCommand{OrgId: dash.OrgId, Id: dash.Id}
 
 				plog.Info("Deleting plugin dashboard", "pluginId", event.PluginId, "dashboard", dash.Slug)
 

pkg/services/guardian/guardian.go

-package guardian
-
-import (
-	"github.com/grafana/grafana/pkg/bus"
-	m "github.com/grafana/grafana/pkg/models"
-)
-
-// FilterRestrictedDashboards filters out dashboards from the list that the user does have access to
-func FilterRestrictedDashboards(dashList []int64, orgId int64, userId int64) ([]int64, error) {
-	user, err := getUser(userId)
-	if err != nil {
-		return nil, err
-	}
-
-	if user.IsGrafanaAdmin || user.OrgRole == m.ROLE_ADMIN {
-		return dashList, nil
-	}
-
-	filteredList, err := getAllowedDashboards(dashList, orgId, userId)
-	return filteredList, err
-}
-
-// CanViewAcl determines if a user has permission to view a dashboard's ACL
-func CanViewAcl(dashboardId int64, role m.RoleType, isGrafanaAdmin bool, orgId int64, userId int64) (bool, error) {
-	if role == m.ROLE_ADMIN || isGrafanaAdmin {
-		return true, nil
-	}
-
-	filteredList, err := getAllowedDashboards([]int64{dashboardId}, orgId, userId)
-	if err != nil {
-		return false, err
-	}
-
-	if len(filteredList) > 0 && filteredList[0] == dashboardId {
-		return true, nil
-	}
-
-	return false, nil
-}
-
-// CanDeleteFromAcl determines if a user has permission to delete from a dashboard's ACL
-func CanDeleteFromAcl(dashboardId int64, role m.RoleType, isGrafanaAdmin bool, orgId int64, userId int64) (bool, error) {
-	if role == m.ROLE_ADMIN || isGrafanaAdmin {
-		return true, nil
-	}
-
-	permissions, err := getDashboardPermissions(dashboardId)
-	if err != nil {
-		return false, err
-	}
-
-	if len(permissions) == 0 {
-		return true, nil
-	}
-
-	minimumPermission := m.PERMISSION_EDIT
-	return checkPermission(minimumPermission, permissions, userId)
-}
-
-// CheckDashboardPermissions determines if a user has permission to view, edit or save a dashboard
-func CheckDashboardPermissions(dashboardId int64, role m.RoleType, isGrafanaAdmin bool, userId int64) (bool, bool, bool, error) {
-	if role == m.ROLE_ADMIN || isGrafanaAdmin {
-		return true, true, true, nil
-	}
-
-	permissions, err := getDashboardPermissions(dashboardId)
-	if err != nil {
-		return false, false, false, err
-	}
-
-	if len(permissions) == 0 {
-		return false, false, false, nil
-	}
-
-	minimumPermission := m.PERMISSION_VIEW
-	canView, err := checkPermission(minimumPermission, permissions, userId)
-	if err != nil {
-		return false, false, false, err
-	}
-
-	minimumPermission = m.PERMISSION_READ_ONLY_EDIT
-	canEdit, err := checkPermission(minimumPermission, permissions, userId)
-	if err != nil {
-		return false, false, false, err
-	}
-
-	minimumPermission = m.PERMISSION_EDIT
-	canSave, err := checkPermission(minimumPermission, permissions, userId)
-	if err != nil {
-		return false, false, false, err
-	}
-
-	return canView, canEdit, canSave, nil
-}
-
-func checkPermission(minimumPermission m.PermissionType, permissions []*m.DashboardAclInfoDTO, userId int64) (bool, error) {
-	userGroups, err := getUserGroupsByUser(userId)
-	if err != nil {
-		return false, err
-	}
-
-	for _, p := range permissions {
-		if p.UserId == userId && p.Permissions >= minimumPermission {
-			return true, nil
-		}
-
-		for _, ug := range userGroups {
-			if ug.Id == p.UserGroupId && p.Permissions >= minimumPermission {
-				return true, nil
-			}
-		}
-	}
-
-	return false, nil
-}
-
-func getUser(userId int64) (*m.SignedInUser, error) {
-	query := m.GetSignedInUserQuery{UserId: userId}
-	err := bus.Dispatch(&query)
-
-	return query.Result, err
-}
-
-func getAllowedDashboards(dashList []int64, orgId int64, userId int64) ([]int64, error) {
-	query := m.GetAllowedDashboardsQuery{UserId: userId, OrgId: orgId, DashList: dashList}
-	err := bus.Dispatch(&query)
-
-	return query.Result, err
-}
-
-func getDashboardPermissions(dashboardId int64) ([]*m.DashboardAclInfoDTO, error) {
-	query := m.GetDashboardPermissionsQuery{DashboardId: dashboardId}
-	err := bus.Dispatch(&query)
-
-	return query.Result, err
-}
-
-func getUserGroupsByUser(userId int64) ([]*m.UserGroup, error) {
-	query := m.GetUserGroupsByUserQuery{UserId: userId}
-	err := bus.Dispatch(&query)
-
-	return query.Result, err
-}

pkg/services/guardian/guardian_test.go

-package guardian
-
-import (
-	"testing"
-
-	"github.com/grafana/grafana/pkg/bus"
-	m "github.com/grafana/grafana/pkg/models"
-	. "github.com/smartystreets/goconvey/convey"
-)
-
-func TestGuardian(t *testing.T) {
-
-	Convey("Given a user with list of dashboards that they have access to", t, func() {
-		hitList := []int64{1, 2}
-
-		var orgId int64 = 1
-		var userId int64 = 1
-
-		Convey("And the user is a Grafana admin", func() {
-			bus.AddHandler("test", func(query *m.GetSignedInUserQuery) error {
-				query.Result = &m.SignedInUser{IsGrafanaAdmin: true}
-				return nil
-			})
-
-			filteredHitlist, err := FilterRestrictedDashboards(hitList, orgId, userId)
-			So(err, ShouldBeNil)
-
-			Convey("should return all dashboards", func() {
-				So(len(filteredHitlist), ShouldEqual, 2)
-				So(filteredHitlist[0], ShouldEqual, 1)
-				So(filteredHitlist[1], ShouldEqual, 2)
-			})
-		})
-
-		Convey("And the user is an org admin", func() {
-			bus.AddHandler("test", func(query *m.GetSignedInUserQuery) error {
-				query.Result = &m.SignedInUser{IsGrafanaAdmin: false, OrgRole: m.ROLE_ADMIN}
-				return nil
-			})
-
-			filteredHitlist, err := FilterRestrictedDashboards(hitList, orgId, userId)
-			So(err, ShouldBeNil)
-
-			Convey("should return all dashboards", func() {
-				So(len(filteredHitlist), ShouldEqual, 2)
-				So(filteredHitlist[0], ShouldEqual, 1)
-				So(filteredHitlist[1], ShouldEqual, 2)
-			})
-		})
-
-		Convey("And the user is an editor", func() {
-			bus.AddHandler("test", func(query *m.GetSignedInUserQuery) error {
-				query.Result = &m.SignedInUser{IsGrafanaAdmin: false, OrgRole: m.ROLE_EDITOR}
-				return nil
-			})
-			bus.AddHandler("test2", func(query *m.GetAllowedDashboardsQuery) error {
-				query.Result = []int64{1}
-				return nil
-			})
-
-			filteredHitlist, err := FilterRestrictedDashboards(hitList, orgId, userId)
-			So(err, ShouldBeNil)
-
-			Convey("should return dashboard that editor has access to", func() {
-				So(len(filteredHitlist), ShouldEqual, 1)
-				So(filteredHitlist[0], ShouldEqual, 1)
-			})
-		})
-	})
-}

pkg/services/guardian/models.go

 package guardian
 
 import (
+	"fmt"
+
 	"github.com/grafana/grafana/pkg/bus"
 	m "github.com/grafana/grafana/pkg/models"
 )
@@ -20,6 +22,7 @@ func NewDashboardGuardian(dash *m.Dashboard, user *m.SignedInUser) *DashboardGua
 }
 
 func (g *DashboardGuardian) CanSave() (bool, error) {
+	fmt.Printf("user %v, %v", g.user.OrgRole, g.user.HasRole(m.ROLE_EDITOR))
 	if !g.dashboard.HasAcl {
 		return g.user.HasRole(m.ROLE_EDITOR), nil
 	}
@@ -69,12 +72,18 @@ func (g *DashboardGuardian) HasPermission(permission m.PermissionType) (bool, er
 	return false, nil
 }
 
+// Returns dashboard acl
 func (g *DashboardGuardian) getAcl() ([]*m.DashboardAclInfoDTO, error) {
 	if g.acl != nil {
 		return g.acl, nil
 	}
 
-	query := m.GetDashboardPermissionsQuery{DashboardId: g.dashboard.Id}
+	dashId := g.dashboard.Id
+	if g.dashboard.ParentId != 0 {
+		dashId = g.dashboard.ParentId
+	}
+
+	query := m.GetDashboardPermissionsQuery{DashboardId: dashId}
 	if err := bus.Dispatch(&query); err != nil {
 		return nil, err
 	}

pkg/services/search/handlers.go

@@ -7,7 +7,6 @@ import (
 
 	"github.com/grafana/grafana/pkg/bus"
 	m "github.com/grafana/grafana/pkg/models"
-	"github.com/grafana/grafana/pkg/services/guardian"
 	"github.com/grafana/grafana/pkg/setting"
 )
 
@@ -76,11 +75,6 @@ func searchHandler(query *Query) error {
 		hits = filtered
 	}
 
-	hits, err := removeRestrictedDashboardsFromList(hits, query)
-	if err != nil {
-		return err
-	}
-
 	// sort main result array
 	sort.Sort(hits)
 
@@ -102,29 +96,6 @@ func searchHandler(query *Query) error {
 	return nil
 }
 
-func removeRestrictedDashboardsFromList(hits HitList, query *Query) (HitList, error) {
-	var dashboardIds = []int64{}
-	for _, hit := range hits {
-		dashboardIds = append(dashboardIds, hit.Id)
-	}
-
-	filteredHits, err := guardian.FilterRestrictedDashboards(dashboardIds, query.OrgId, query.UserId)
-	if err != nil {
-		return nil, err
-	}
-
-	filtered := HitList{}
-	for _, hit := range hits {
-		for _, dashId := range filteredHits {
-			if hit.Id == dashId {
-				filtered = append(filtered, hit)
-			}
-		}
-	}
-
-	return filtered, nil
-}
-
 func stringInSlice(a string, list []string) bool {
 	for _, b := range list {
 		if b == a {

pkg/services/sqlstore/alert_test.go

@@ -192,7 +192,7 @@ func TestAlertingDataAccess(t *testing.T) {
 
 			err = DeleteDashboard(&m.DeleteDashboardCommand{
 				OrgId: 1,
-				Slug:  testDash.Slug,
+				Id:    testDash.Id,
 			})
 
 			So(err, ShouldBeNil)

pkg/services/sqlstore/dashboard.go

@@ -357,7 +357,7 @@ func GetDashboardTags(query *m.GetDashboardTagsQuery) error {
 
 func DeleteDashboard(cmd *m.DeleteDashboardCommand) error {
 	return inTransaction(func(sess *DBSession) error {
-		dashboard := m.Dashboard{Slug: cmd.Slug, OrgId: cmd.OrgId}
+		dashboard := m.Dashboard{Id: cmd.Id, OrgId: cmd.OrgId}
 		has, err := sess.Get(&dashboard)
 		if err != nil {
 			return err

pkg/services/sqlstore/dashboard_acl.go

@@ -23,7 +23,7 @@ func AddOrUpdateDashboardPermission(cmd *m.AddOrUpdateDashboardPermissionCommand
 			return err
 		} else if len(res) == 1 {
 			entity := m.DashboardAcl{
-				Permissions: cmd.PermissionType,
+				Permissions: cmd.Permissions,
 				Updated:     time.Now(),
 			}
 			if _, err := sess.Cols("updated", "permissions").Where("dashboard_id =? and (user_group_id=? or user_id=?)", cmd.DashboardId, cmd.UserGroupId, cmd.UserId).Update(&entity); err != nil {
@@ -40,7 +40,7 @@ func AddOrUpdateDashboardPermission(cmd *m.AddOrUpdateDashboardPermissionCommand
 			Created:     time.Now(),
 			Updated:     time.Now(),
 			DashboardId: cmd.DashboardId,
-			Permissions: cmd.PermissionType,
+			Permissions: cmd.Permissions,
 		}
 
 		cols := []string{"org_id", "created", "updated", "dashboard_id", "permissions"}
@@ -64,6 +64,7 @@ func AddOrUpdateDashboardPermission(cmd *m.AddOrUpdateDashboardPermissionCommand
 		dashboard := m.Dashboard{
 			HasAcl: true,
 		}
+
 		if _, err := sess.Cols("has_acl").Where("id=? OR parent_id=?", cmd.DashboardId, cmd.DashboardId).Update(&dashboard); err != nil {
 			return err
 		}

pkg/services/sqlstore/dashboard_acl_test.go

@@ -18,19 +18,19 @@ func TestDashboardAclDataAccess(t *testing.T) {
 
 			Convey("When adding dashboard permission with userId and userGroupId set to 0", func() {
 				err := AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{
-					OrgId:          1,
-					DashboardId:    savedFolder.Id,
-					PermissionType: m.PERMISSION_EDIT,
+					OrgId:       1,
+					DashboardId: savedFolder.Id,
+					Permissions: m.PERMISSION_EDIT,
 				})
 				So(err, ShouldEqual, m.ErrDashboardPermissionUserOrUserGroupEmpty)
 			})
 
 			Convey("Should be able to add dashboard permission", func() {
 				err := AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{
-					OrgId:          1,
-					UserId:         currentUser.Id,
-					DashboardId:    savedFolder.Id,
-					PermissionType: m.PERMISSION_EDIT,
+					OrgId:       1,
+					UserId:      currentUser.Id,
+					DashboardId: savedFolder.Id,
+					Permissions: m.PERMISSION_EDIT,
 				})
 				So(err, ShouldBeNil)
 
@@ -38,8 +38,8 @@ func TestDashboardAclDataAccess(t *testing.T) {
 				err = GetDashboardPermissions(q1)
 				So(err, ShouldBeNil)
 				So(q1.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
-				So(q1.Result[0].PermissionType, ShouldEqual, m.PERMISSION_EDIT)
-				So(q1.Result[0].Permissions, ShouldEqual, "Edit")
+				So(q1.Result[0].Permissions, ShouldEqual, m.PERMISSION_EDIT)
+				So(q1.Result[0].PermissionName, ShouldEqual, "Edit")
 				So(q1.Result[0].UserId, ShouldEqual, currentUser.Id)
 				So(q1.Result[0].UserLogin, ShouldEqual, currentUser.Login)
 				So(q1.Result[0].UserEmail, ShouldEqual, currentUser.Email)
@@ -54,10 +54,10 @@ func TestDashboardAclDataAccess(t *testing.T) {
 
 				Convey("Should be able to update an existing permission", func() {
 					err := AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{
-						OrgId:          1,
-						UserId:         1,
-						DashboardId:    savedFolder.Id,
-						PermissionType: m.PERMISSION_READ_ONLY_EDIT,
+						OrgId:       1,
+						UserId:      1,
+						DashboardId: savedFolder.Id,
+						Permissions: m.PERMISSION_READ_ONLY_EDIT,
 					})
 					So(err, ShouldBeNil)
 
@@ -66,7 +66,7 @@ func TestDashboardAclDataAccess(t *testing.T) {
 					So(err, ShouldBeNil)
 					So(len(q3.Result), ShouldEqual, 1)
 					So(q3.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
-					So(q3.Result[0].PermissionType, ShouldEqual, m.PERMISSION_READ_ONLY_EDIT)
+					So(q3.Result[0].Permissions, ShouldEqual, m.PERMISSION_READ_ONLY_EDIT)
 					So(q3.Result[0].UserId, ShouldEqual, 1)
 
 				})
@@ -93,10 +93,10 @@ func TestDashboardAclDataAccess(t *testing.T) {
 
 				Convey("Should be able to add a user permission for a user group", func() {
 					err := AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{
-						OrgId:          1,
-						UserGroupId:    group1.Result.Id,
-						DashboardId:    savedFolder.Id,
-						PermissionType: m.PERMISSION_EDIT,
+						OrgId:       1,
+						UserGroupId: group1.Result.Id,
+						DashboardId: savedFolder.Id,
+						Permissions: m.PERMISSION_EDIT,
 					})
 					So(err, ShouldBeNil)
 
@@ -104,16 +104,16 @@ func TestDashboardAclDataAccess(t *testing.T) {
 					err = GetDashboardPermissions(q1)
 					So(err, ShouldBeNil)
 					So(q1.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
-					So(q1.Result[0].PermissionType, ShouldEqual, m.PERMISSION_EDIT)
+					So(q1.Result[0].Permissions, ShouldEqual, m.PERMISSION_EDIT)
 					So(q1.Result[0].UserGroupId, ShouldEqual, group1.Result.Id)
 				})
 
 				Convey("Should be able to update an existing permission for a user group", func() {
 					err := AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{
-						OrgId:          1,
-						UserGroupId:    group1.Result.Id,
-						DashboardId:    savedFolder.Id,
-						PermissionType: m.PERMISSION_READ_ONLY_EDIT,
+						OrgId:       1,
+						UserGroupId: group1.Result.Id,
+						DashboardId: savedFolder.Id,
+						Permissions: m.PERMISSION_READ_ONLY_EDIT,
 					})
 					So(err, ShouldBeNil)
 
@@ -122,7 +122,7 @@ func TestDashboardAclDataAccess(t *testing.T) {
 					So(err, ShouldBeNil)
 					So(len(q3.Result), ShouldEqual, 1)
 					So(q3.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
-					So(q3.Result[0].PermissionType, ShouldEqual, m.PERMISSION_READ_ONLY_EDIT)
+					So(q3.Result[0].Permissions, ShouldEqual, m.PERMISSION_READ_ONLY_EDIT)
 					So(q3.Result[0].UserGroupId, ShouldEqual, group1.Result.Id)
 
 				})

pkg/services/sqlstore/dashboard_test.go

@@ -5,7 +5,6 @@ import (
 
 	. "github.com/smartystreets/goconvey/convey"
 
-	"github.com/gosimple/slug"
 	"github.com/grafana/grafana/pkg/components/simplejson"
 	m "github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/services/search"
@@ -69,12 +68,10 @@ func TestDashboardDataAccess(t *testing.T) {
 			})
 
 			Convey("Should be able to delete dashboard", func() {
-				insertTestDashboard("delete me", 1, 0, false, "delete this")
-
-				dashboardSlug := slug.Make("delete me")
+				dash := insertTestDashboard("delete me", 1, 0, false, "delete this")
 
 				err := DeleteDashboard(&m.DeleteDashboardCommand{
-					Slug:  dashboardSlug,
+					Id:    dash.Id,
 					OrgId: 1,
 				})
 

pkg/services/sqlstore/dashboard_version.go

@@ -32,6 +32,10 @@ func GetDashboardVersion(query *m.GetDashboardVersionQuery) error {
 
 // GetDashboardVersions gets all dashboard versions for the given dashboard ID.
 func GetDashboardVersions(query *m.GetDashboardVersionsQuery) error {
+	if query.Limit == 0 {
+		query.Limit = 1000
+	}
+
 	err := x.Table("dashboard_version").
 		Select(`dashboard_version.id,
 				dashboard_version.dashboard_id,

pkg/services/sqlstore/org_test.go

@@ -174,10 +174,10 @@ func TestAccountDataAccess(t *testing.T) {
 					So(err, ShouldBeNil)
 					So(len(query.Result), ShouldEqual, 3)
 
-					err = AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{DashboardId: 1, OrgId: ac1.OrgId, UserId: ac3.Id, PermissionType: m.PERMISSION_EDIT})
+					err = AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{DashboardId: 1, OrgId: ac1.OrgId, UserId: ac3.Id, Permissions: m.PERMISSION_EDIT})
 					So(err, ShouldBeNil)
 
-					err = AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{DashboardId: 2, OrgId: ac3.OrgId, UserId: ac3.Id, PermissionType: m.PERMISSION_EDIT})
+					err = AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{DashboardId: 2, OrgId: ac3.OrgId, UserId: ac3.Id, Permissions: m.PERMISSION_EDIT})
 					So(err, ShouldBeNil)
 
 					Convey("When org user is deleted", func() {