Commit db1423ee by Daniel Lee

dashfolders: fixes #10820

parent 541b0a0c
...@@ -363,10 +363,10 @@ func GetFoldersForSignedInUser(query *m.GetFoldersForSignedInUserQuery) error { ...@@ -363,10 +363,10 @@ func GetFoldersForSignedInUser(query *m.GetFoldersForSignedInUserQuery) error {
if query.SignedInUser.OrgRole == m.ROLE_ADMIN { if query.SignedInUser.OrgRole == m.ROLE_ADMIN {
sql := `SELECT distinct d.id, d.title sql := `SELECT distinct d.id, d.title
FROM dashboard AS d WHERE d.is_folder = ? FROM dashboard AS d WHERE d.is_folder = ? AND d.org_id = ?
ORDER BY d.title ASC` ORDER BY d.title ASC`
err = x.Sql(sql, dialect.BooleanStr(true)).Find(&query.Result) err = x.Sql(sql, dialect.BooleanStr(true), query.OrgId).Find(&query.Result)
} else { } else {
params := make([]interface{}, 0) params := make([]interface{}, 0)
sql := `SELECT distinct d.id, d.title sql := `SELECT distinct d.id, d.title
......
...@@ -219,13 +219,14 @@ func TestDashboardFolderDataAccess(t *testing.T) { ...@@ -219,13 +219,14 @@ func TestDashboardFolderDataAccess(t *testing.T) {
folder1 := insertTestDashboard("1 test dash folder", 1, 0, true, "prod") folder1 := insertTestDashboard("1 test dash folder", 1, 0, true, "prod")
folder2 := insertTestDashboard("2 test dash folder", 1, 0, true, "prod") folder2 := insertTestDashboard("2 test dash folder", 1, 0, true, "prod")
insertTestDashboard("folder in another org", 2, 0, true, "prod")
adminUser := createUser("admin", "Admin", true) adminUser := createUser("admin", "Admin", true)
editorUser := createUser("editor", "Editor", false) editorUser := createUser("editor", "Editor", false)
viewerUser := createUser("viewer", "Viewer", false) viewerUser := createUser("viewer", "Viewer", false)
Convey("Admin users", func() { Convey("Admin users", func() {
Convey("Should have write access to all dashboard folders", func() { Convey("Should have write access to all dashboard folders in their org", func() {
query := m.GetFoldersForSignedInUserQuery{ query := m.GetFoldersForSignedInUserQuery{
OrgId: 1, OrgId: 1,
SignedInUser: &m.SignedInUser{UserId: adminUser.Id, OrgRole: m.ROLE_ADMIN}, SignedInUser: &m.SignedInUser{UserId: adminUser.Id, OrgRole: m.ROLE_ADMIN},
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment