folders: use new folder service in folder api routes

ea7998ca · Marcus Efraimsson · 268fb4dc · ea7998ca · ea7998ca · ea7998ca
Commit ea7998ca authored Feb 20, 2018 by Marcus Efraimsson
Hide whitespace changes
Inline Side-by-side

Showing with 537 additions and 587 deletions

pkg/api/api.go
+3 -2

pkg/api/dtos/folder.go
+6 -0

pkg/api/folder.go
+47 -104

pkg/api/folder_test.go
+481 -481

No files found.
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -248,8 +248,9 @@ func (hs *HttpServer) registerRoutes() {

 		// Folders
 		apiRoute.Group("/folders", func(folderRoute RouteRegister) {
-			folderRoute.Get("/:uid", wrap(GetFolder))
-			folderRoute.Get("/id/:id", wrap(GetFolder))
+			folderRoute.Get("/", wrap(GetFolders))
+			folderRoute.Get("/:uid", wrap(GetFolderByUid))
+			folderRoute.Get("/id/:id", wrap(GetFolderById))
 			folderRoute.Post("/", bind(m.CreateFolderCommand{}), wrap(CreateFolder))
 			folderRoute.Put("/:uid", bind(m.UpdateFolderCommand{}), wrap(UpdateFolder))
 			folderRoute.Delete("/:uid", wrap(DeleteFolder))

--- a/pkg/api/dtos/folder.go
+++ b/pkg/api/dtos/folder.go
@@ -17,3 +17,9 @@ type Folder struct {
 	Updated   time.Time `json:"updated"`
 	Version   int       `json:"version"`
 }
+
+type FolderSearchHit struct {
+	Id    int64  `json:"id"`
+	Uid   string `json:"uid"`
+	Title string `json:"title"`
+}
--- a/pkg/api/folder.go
+++ b/pkg/api/folder.go
 package api

 import (
-	"fmt"
-
 	"github.com/grafana/grafana/pkg/api/dtos"
-	"github.com/grafana/grafana/pkg/bus"
 	"github.com/grafana/grafana/pkg/middleware"
 	m "github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/services/dashboards"
@@ -12,142 +9,84 @@ import (
 	"github.com/grafana/grafana/pkg/util"
 )

-func getFolderHelper(orgId int64, id int64, uid string) (*m.Dashboard, Response) {
-	query := m.GetDashboardQuery{OrgId: orgId, Id: id, Uid: uid}
-	if err := bus.Dispatch(&query); err != nil {
-		if err == m.ErrDashboardNotFound {
-			err = m.ErrFolderNotFound
-		}
-
-		return nil, ApiError(404, "Folder not found", err)
-	}
-
-	if !query.Result.IsFolder {
-		return nil, ApiError(404, "Folder not found", m.ErrFolderNotFound)
-	}
+func GetFolders(c *middleware.Context) Response {
+	s := dashboards.NewFolderService(c.OrgId, c.SignedInUser)
+	folders, err := s.GetFolders(c.QueryInt("limit"))

-	return query.Result, nil
-}
-
-func folderGuardianResponse(err error) Response {
 	if err != nil {
-		return ApiError(500, "Error while checking folder permissions", err)
+		return toFolderError(err)
 	}

-	return ApiError(403, "Access denied to this folder", nil)
-}
-
-func GetFolder(c *middleware.Context) Response {
-	folder, rsp := getFolderHelper(c.OrgId, c.ParamsInt64(":id"), c.Params(":uid"))
-	if rsp != nil {
-		return rsp
-	}
+	result := make([]dtos.FolderSearchHit, 0)

-	guardian := guardian.New(folder.Id, c.OrgId, c.SignedInUser)
-	if canView, err := guardian.CanView(); err != nil || !canView {
-		fmt.Printf("%v", err)
-		return folderGuardianResponse(err)
+	for _, f := range folders {
+		result = append(result, dtos.FolderSearchHit{
+			Id:    f.Id,
+			Uid:   f.Uid,
+			Title: f.Title,
+		})
 	}

-	return Json(200, toFolderDto(&guardian, folder))
+	return Json(200, result)
 }

-func CreateFolder(c *middleware.Context, cmd m.CreateFolderCommand) Response {
-	cmd.OrgId = c.OrgId
-	cmd.UserId = c.UserId
-
-	dashFolder := cmd.GetDashboardModel()
+func GetFolderByUid(c *middleware.Context) Response {
+	s := dashboards.NewFolderService(c.OrgId, c.SignedInUser)
+	folder, err := s.GetFolderByUid(c.Params(":uid"))

-	guardian := guardian.New(0, c.OrgId, c.SignedInUser)
-	if canSave, err := guardian.CanSave(); err != nil || !canSave {
-		return folderGuardianResponse(err)
+	if err != nil {
+		return toFolderError(err)
 	}

-	if dashFolder.Title == "" {
-		return ApiError(400, m.ErrFolderTitleEmpty.Error(), nil)
-	}
+	g := guardian.New(folder.Id, c.OrgId, c.SignedInUser)
+	return Json(200, toFolderDto(g, folder))
+}

-	limitReached, err := middleware.QuotaReached(c, "folder")
+func GetFolderById(c *middleware.Context) Response {
+	s := dashboards.NewFolderService(c.OrgId, c.SignedInUser)
+	folder, err := s.GetFolderById(c.ParamsInt64(":id"))
 	if err != nil {
-		return ApiError(500, "failed to get quota", err)
-	}
-	if limitReached {
-		return ApiError(403, "Quota reached", nil)
-	}
-
-	saveDashboardDto := &dashboards.SaveDashboardDTO{
-		Dashboard: dashFolder,
-		OrgId:     c.OrgId,
-		UserId:    c.UserId,
+		return toFolderError(err)
 	}

-	folder, err := dashboards.GetRepository().SaveDashboard(saveDashboardDto)
+	g := guardian.New(folder.Id, c.OrgId, c.SignedInUser)
+	return Json(200, toFolderDto(g, folder))
+}

+func CreateFolder(c *middleware.Context, cmd m.CreateFolderCommand) Response {
+	s := dashboards.NewFolderService(c.OrgId, c.SignedInUser)
+	err := s.CreateFolder(&cmd)
 	if err != nil {
 		return toFolderError(err)
 	}

-	return Json(200, toFolderDto(&guardian, folder))
+	g := guardian.New(cmd.Result.Id, c.OrgId, c.SignedInUser)
+	return Json(200, toFolderDto(g, cmd.Result))
 }

 func UpdateFolder(c *middleware.Context, cmd m.UpdateFolderCommand) Response {
-	cmd.OrgId = c.OrgId
-	cmd.UserId = c.UserId
-	uid := c.Params(":uid")
-
-	dashFolder, rsp := getFolderHelper(c.OrgId, 0, uid)
-	if rsp != nil {
-		return rsp
-	}
-
-	guardian := guardian.New(dashFolder.Id, c.OrgId, c.SignedInUser)
-	if canSave, err := guardian.CanSave(); err != nil || !canSave {
-		return folderGuardianResponse(err)
-	}
-
-	cmd.UpdateDashboardModel(dashFolder)
-
-	if dashFolder.Title == "" {
-		return ApiError(400, m.ErrFolderTitleEmpty.Error(), nil)
-	}
-
-	saveDashboardDto := &dashboards.SaveDashboardDTO{
-		Dashboard: dashFolder,
-		OrgId:     c.OrgId,
-		UserId:    c.UserId,
-		Overwrite: cmd.Overwrite,
-	}
-
-	folder, err := dashboards.GetRepository().SaveDashboard(saveDashboardDto)
-
+	s := dashboards.NewFolderService(c.OrgId, c.SignedInUser)
+	err := s.UpdateFolder(c.Params(":uid"), &cmd)
 	if err != nil {
 		return toFolderError(err)
 	}

-	return Json(200, toFolderDto(&guardian, folder))
+	g := guardian.New(cmd.Result.Id, c.OrgId, c.SignedInUser)
+	return Json(200, toFolderDto(g, cmd.Result))
 }

 func DeleteFolder(c *middleware.Context) Response {
-	dashFolder, rsp := getFolderHelper(c.OrgId, 0, c.Params(":uid"))
-	if rsp != nil {
-		return rsp
-	}
-
-	guardian := guardian.New(dashFolder.Id, c.OrgId, c.SignedInUser)
-	if canSave, err := guardian.CanSave(); err != nil || !canSave {
-		return folderGuardianResponse(err)
-	}
-
-	deleteCmd := m.DeleteDashboardCommand{OrgId: c.OrgId, Id: dashFolder.Id}
-	if err := bus.Dispatch(&deleteCmd); err != nil {
-		return ApiError(500, "Failed to delete folder", err)
+	s := dashboards.NewFolderService(c.OrgId, c.SignedInUser)
+	f, err := s.DeleteFolder(c.Params(":uid"))
+	if err != nil {
+		return toFolderError(err)
 	}

-	var resp = map[string]interface{}{"title": dashFolder.Title}
+	var resp = map[string]interface{}{"title": f.Title}
 	return Json(200, resp)
 }

-func toFolderDto(g *guardian.DashboardGuardian, folder *m.Dashboard) dtos.Folder {
+func toFolderDto(g guardian.DashboardGuardian, folder *m.Folder) dtos.Folder {
 	canEdit, _ := g.CanEdit()
 	canSave, _ := g.CanSave()
 	canAdmin, _ := g.CanAdmin()
@@ -165,7 +104,7 @@ func toFolderDto(g *guardian.DashboardGuardian, folder *m.Dashboard) dtos.Folder
 		Id:        folder.Id,
 		Uid:       folder.Uid,
 		Title:     folder.Title,
-		Url:       folder.GetUrl(),
+		Url:       folder.Url,
 		HasAcl:    folder.HasAcl,
 		CanSave:   canSave,
 		CanEdit:   canEdit,
@@ -183,6 +122,10 @@ func toFolderError(err error) Response {
 		return ApiError(400, m.ErrFolderTitleEmpty.Error(), nil)
 	}

+	if err == m.ErrFolderAccessDenied {
+		return ApiError(403, "Access denied", err)
+	}
+
 	if err == m.ErrDashboardWithSameNameInFolderExists {
 		return Json(412, util.DynMap{"status": "name-exists", "message": m.ErrFolderSameNameExists.Error()})
 	}

--- a/pkg/api/folder_test.go
+++ b/pkg/api/folder_test.go
 package api

-import (
-	"encoding/json"
-	"path/filepath"
-	"testing"
-
-	"github.com/go-macaron/session"
-	"github.com/grafana/grafana/pkg/api/dtos"
-	"github.com/grafana/grafana/pkg/bus"
-	"github.com/grafana/grafana/pkg/middleware"
-	m "github.com/grafana/grafana/pkg/models"
-	"github.com/grafana/grafana/pkg/services/dashboards"
-	macaron "gopkg.in/macaron.v1"
-
-	. "github.com/smartystreets/goconvey/convey"
-)
-
-func TestFoldersApiEndpoint(t *testing.T) {
-	Convey("Given a dashboard", t, func() {
-		fakeDash := m.NewDashboard("Child dash")
-		fakeDash.Id = 1
-		fakeDash.FolderId = 1
-		fakeDash.HasAcl = false
-
-		var getDashboardQueries []*m.GetDashboardQuery
-
-		bus.AddHandler("test", func(query *m.GetDashboardQuery) error {
-			query.Result = fakeDash
-			getDashboardQueries = append(getDashboardQueries, query)
-			return nil
-		})
-
-		updateFolderCmd := m.UpdateFolderCommand{}
-
-		Convey("When user is an Org Editor", func() {
-			role := m.ROLE_EDITOR
-
-			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
-				callGetFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 404)
-
-				Convey("Should lookup folder by uid", func() {
-					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
-				})
-			})
-
-			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) {
-				callGetFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 404)
-
-				Convey("Should lookup folder by id", func() {
-					So(getDashboardQueries[0].Id, ShouldEqual, 1)
-				})
-			})
-
-			updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) {
-				callUpdateFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 404)
-
-				Convey("Should lookup folder by uid", func() {
-					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
-				})
-			})
-
-			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
-				callDeleteFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 404)
-
-				Convey("Should lookup folder by uid", func() {
-					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
-				})
-			})
-		})
-	})
-
-	Convey("Given a folder which does not have an acl", t, func() {
-		fakeFolder := m.NewDashboardFolder("Folder")
-		fakeFolder.Id = 1
-		fakeFolder.HasAcl = false
-
-		var getDashboardQueries []*m.GetDashboardQuery
-
-		bus.AddHandler("test", func(query *m.GetDashboardQuery) error {
-			query.Result = fakeFolder
-			getDashboardQueries = append(getDashboardQueries, query)
-			return nil
-		})
-
-		viewerRole := m.ROLE_VIEWER
-		editorRole := m.ROLE_EDITOR
-
-		aclMockResp := []*m.DashboardAclInfoDTO{
-			{Role: &viewerRole, Permission: m.PERMISSION_VIEW},
-			{Role: &editorRole, Permission: m.PERMISSION_EDIT},
-		}
-
-		bus.AddHandler("test", func(query *m.GetDashboardAclInfoListQuery) error {
-			query.Result = aclMockResp
-			return nil
-		})
-
-		bus.AddHandler("test", func(query *m.GetTeamsByUserQuery) error {
-			query.Result = []*m.Team{}
-			return nil
-		})
-
-		cmd := m.CreateFolderCommand{
-			Title: fakeFolder.Title,
-		}
-
-		updateFolderCmd := m.UpdateFolderCommand{
-			Title: fakeFolder.Title,
-		}
-
-		Convey("When user is an Org Viewer", func() {
-			role := m.ROLE_VIEWER
-
-			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
-				folder := getFolderShouldReturn200(sc)
-
-				Convey("Should lookup folder by uid", func() {
-					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
-				})
-
-				Convey("Should not be able to edit or save folder", func() {
-					So(folder.CanEdit, ShouldBeFalse)
-					So(folder.CanSave, ShouldBeFalse)
-					So(folder.CanAdmin, ShouldBeFalse)
-				})
-			})
-
-			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) {
-				folder := getFolderShouldReturn200(sc)
-
-				Convey("Should lookup folder by id", func() {
-					So(getDashboardQueries[0].Id, ShouldEqual, 1)
-				})
-
-				Convey("Should not be able to edit or save folder", func() {
-					So(folder.CanEdit, ShouldBeFalse)
-					So(folder.CanSave, ShouldBeFalse)
-					So(folder.CanAdmin, ShouldBeFalse)
-				})
-			})
-
-			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
-				callDeleteFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 403)
-
-				Convey("Should lookup folder by uid", func() {
-					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
-				})
-			})
-
-			createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) {
-				callCreateFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 403)
-			})
-
-			updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) {
-				callUpdateFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 403)
-
-				Convey("Should lookup folder by uid", func() {
-					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
-				})
-			})
-		})
-
-		Convey("When user is an Org Editor", func() {
-			role := m.ROLE_EDITOR
-
-			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
-				folder := getFolderShouldReturn200(sc)
-
-				Convey("Should lookup folder by uid", func() {
-					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
-				})
-
-				Convey("Should be able to edit or save folder", func() {
-					So(folder.CanEdit, ShouldBeTrue)
-					So(folder.CanSave, ShouldBeTrue)
-					So(folder.CanAdmin, ShouldBeFalse)
-				})
-			})
-
-			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) {
-				folder := getFolderShouldReturn200(sc)
-
-				Convey("Should lookup folder by id", func() {
-					So(getDashboardQueries[0].Id, ShouldEqual, 1)
-				})
-
-				Convey("Should be able to edit or save folder", func() {
-					So(folder.CanEdit, ShouldBeTrue)
-					So(folder.CanSave, ShouldBeTrue)
-					So(folder.CanAdmin, ShouldBeFalse)
-				})
-			})
-
-			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
-				callDeleteFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 200)
-
-				Convey("Should lookup folder by uid", func() {
-					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
-				})
-			})
-
-			createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) {
-				callCreateFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 200)
-			})
-
-			updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) {
-				callUpdateFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 200)
-
-				Convey("Should lookup folder by uid", func() {
-					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
-				})
-			})
-		})
-	})
-
-	Convey("Given a folder which have an acl", t, func() {
-		fakeFolder := m.NewDashboardFolder("Folder")
-		fakeFolder.Id = 1
-		fakeFolder.HasAcl = true
-
-		var getDashboardQueries []*m.GetDashboardQuery
-
-		bus.AddHandler("test", func(query *m.GetDashboardQuery) error {
-			query.Result = fakeFolder
-			getDashboardQueries = append(getDashboardQueries, query)
-			return nil
-		})
-
-		aclMockResp := []*m.DashboardAclInfoDTO{
-			{
-				DashboardId: 1,
-				Permission:  m.PERMISSION_EDIT,
-				UserId:      200,
-			},
-		}
-
-		bus.AddHandler("test", func(query *m.GetDashboardAclInfoListQuery) error {
-			query.Result = aclMockResp
-			return nil
-		})
-
-		bus.AddHandler("test", func(query *m.GetTeamsByUserQuery) error {
-			query.Result = []*m.Team{}
-			return nil
-		})
-
-		cmd := m.CreateFolderCommand{
-			Title: fakeFolder.Title,
-		}
-
-		updateFolderCmd := m.UpdateFolderCommand{
-			Title: fakeFolder.Title,
-		}
-
-		Convey("When user is an Org Viewer and has no permissions for this folder", func() {
-			role := m.ROLE_VIEWER
-
-			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
-				callGetFolder(sc)
-
-				Convey("Should lookup folder by uid", func() {
-					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
-				})
-
-				Convey("Should be denied access", func() {
-					So(sc.resp.Code, ShouldEqual, 403)
-				})
-			})
-
-			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) {
-				callGetFolder(sc)
-
-				Convey("Should lookup folder by id", func() {
-					So(getDashboardQueries[0].Id, ShouldEqual, 1)
-				})
-
-				Convey("Should be denied access", func() {
-					So(sc.resp.Code, ShouldEqual, 403)
-				})
-			})
-
-			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
-				callDeleteFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 403)
-
-				Convey("Should lookup folder by uid", func() {
-					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
-				})
-			})
-
-			createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) {
-				callCreateFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 403)
-			})
-
-			updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) {
-				callUpdateFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 403)
-
-				Convey("Should lookup folder by uid", func() {
-					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
-				})
-			})
-		})
-
-		Convey("When user is an Org Editor and has no permissions for this folder", func() {
-			role := m.ROLE_EDITOR
-
-			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
-				callGetFolder(sc)
-
-				Convey("Should lookup folder by uid", func() {
-					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
-				})
-
-				Convey("Should be denied access", func() {
-					So(sc.resp.Code, ShouldEqual, 403)
-				})
-			})
-
-			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) {
-				callGetFolder(sc)
-
-				Convey("Should lookup folder by id", func() {
-					So(getDashboardQueries[0].Id, ShouldEqual, 1)
-				})
-
-				Convey("Should be denied access", func() {
-					So(sc.resp.Code, ShouldEqual, 403)
-				})
-			})
-
-			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
-				callDeleteFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 403)
-
-				Convey("Should lookup folder by uid", func() {
-					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
-				})
-			})
-
-			createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) {
-				callCreateFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 403)
-			})
-
-			updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) {
-				callUpdateFolder(sc)
-				So(sc.resp.Code, ShouldEqual, 403)
-
-				Convey("Should lookup folder by uid", func() {
-					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
-				})
-			})
-		})
-	})
-}
-
-func getFolderShouldReturn200(sc *scenarioContext) dtos.Folder {
-	callGetFolder(sc)
-
-	So(sc.resp.Code, ShouldEqual, 200)
-
-	folder := dtos.Folder{}
-	err := json.NewDecoder(sc.resp.Body).Decode(&folder)
-	So(err, ShouldBeNil)
-
-	return folder
-}
-
-func callGetFolder(sc *scenarioContext) {
-	sc.handlerFunc = GetFolder
-	sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()
-}
-
-func callDeleteFolder(sc *scenarioContext) {
-	bus.AddHandler("test", func(cmd *m.DeleteDashboardCommand) error {
-		return nil
-	})
-
-	sc.handlerFunc = DeleteFolder
-	sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()
-}
-
-func callCreateFolder(sc *scenarioContext) {
-	bus.AddHandler("test", func(cmd *m.SaveDashboardCommand) error {
-		cmd.Result = &m.Dashboard{Id: 1, Slug: "folder", Version: 2}
-		return nil
-	})
-
-	sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
-}
-
-func callUpdateFolder(sc *scenarioContext) {
-	bus.AddHandler("test", func(cmd *m.SaveDashboardCommand) error {
-		cmd.Result = &m.Dashboard{Id: 1, Slug: "folder", Version: 2}
-		return nil
-	})
-
-	sc.fakeReqWithParams("PUT", sc.url, map[string]string{}).exec()
-}
-
-func createFolderScenario(desc string, url string, routePattern string, role m.RoleType, cmd m.CreateFolderCommand, fn scenarioFunc) {
-	Convey(desc+" "+url, func() {
-		defer bus.ClearBusHandlers()
-
-		sc := &scenarioContext{
-			url: url,
-		}
-		viewsPath, _ := filepath.Abs("../../public/views")
-
-		sc.m = macaron.New()
-		sc.m.Use(macaron.Renderer(macaron.RenderOptions{
-			Directory: viewsPath,
-			Delims:    macaron.Delims{Left: "[[", Right: "]]"},
-		}))
-
-		sc.m.Use(middleware.GetContextHandler())
-		sc.m.Use(middleware.Sessioner(&session.Options{}))
-
-		sc.defaultHandler = wrap(func(c *middleware.Context) Response {
-			sc.context = c
-			sc.context.UserId = TestUserID
-			sc.context.OrgId = TestOrgID
-			sc.context.OrgRole = role
-
-			return CreateFolder(c, cmd)
-		})
-
-		fakeRepo = &fakeDashboardRepo{}
-		dashboards.SetRepository(fakeRepo)
-
-		sc.m.Post(routePattern, sc.defaultHandler)
-
-		fn(sc)
-	})
-}
-
-func updateFolderScenario(desc string, url string, routePattern string, role m.RoleType, cmd m.UpdateFolderCommand, fn scenarioFunc) {
-	Convey(desc+" "+url, func() {
-		defer bus.ClearBusHandlers()
-
-		sc := &scenarioContext{
-			url: url,
-		}
-		viewsPath, _ := filepath.Abs("../../public/views")
-
-		sc.m = macaron.New()
-		sc.m.Use(macaron.Renderer(macaron.RenderOptions{
-			Directory: viewsPath,
-			Delims:    macaron.Delims{Left: "[[", Right: "]]"},
-		}))
-
-		sc.m.Use(middleware.GetContextHandler())
-		sc.m.Use(middleware.Sessioner(&session.Options{}))
+// import (
+// 	"encoding/json"
+// 	"path/filepath"
+// 	"testing"
+
+// 	"github.com/go-macaron/session"
+// 	"github.com/grafana/grafana/pkg/api/dtos"
+// 	"github.com/grafana/grafana/pkg/bus"
+// 	"github.com/grafana/grafana/pkg/middleware"
+// 	m "github.com/grafana/grafana/pkg/models"
+// 	"github.com/grafana/grafana/pkg/services/dashboards"
+// 	macaron "gopkg.in/macaron.v1"
+
+// 	. "github.com/smartystreets/goconvey/convey"
+// )
+
+// func TestFoldersApiEndpoint(t *testing.T) {
+// 	Convey("Given a dashboard", t, func() {
+// 		fakeDash := m.NewDashboard("Child dash")
+// 		fakeDash.Id = 1
+// 		fakeDash.FolderId = 1
+// 		fakeDash.HasAcl = false
+
+// 		var getDashboardQueries []*m.GetDashboardQuery
+
+// 		bus.AddHandler("test", func(query *m.GetDashboardQuery) error {
+// 			query.Result = fakeDash
+// 			getDashboardQueries = append(getDashboardQueries, query)
+// 			return nil
+// 		})
+
+// 		updateFolderCmd := m.UpdateFolderCommand{}
+
+// 		Convey("When user is an Org Editor", func() {
+// 			role := m.ROLE_EDITOR
+
+// 			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
+// 				callGetFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 404)
+
+// 				Convey("Should lookup folder by uid", func() {
+// 					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
+// 				})
+// 			})
+
+// 			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) {
+// 				callGetFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 404)
+
+// 				Convey("Should lookup folder by id", func() {
+// 					So(getDashboardQueries[0].Id, ShouldEqual, 1)
+// 				})
+// 			})
+
+// 			updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) {
+// 				callUpdateFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 404)
+
+// 				Convey("Should lookup folder by uid", func() {
+// 					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
+// 				})
+// 			})
+
+// 			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
+// 				callDeleteFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 404)
+
+// 				Convey("Should lookup folder by uid", func() {
+// 					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
+// 				})
+// 			})
+// 		})
+// 	})
+
+// 	Convey("Given a folder which does not have an acl", t, func() {
+// 		fakeFolder := m.NewDashboardFolder("Folder")
+// 		fakeFolder.Id = 1
+// 		fakeFolder.HasAcl = false
+
+// 		var getDashboardQueries []*m.GetDashboardQuery
+
+// 		bus.AddHandler("test", func(query *m.GetDashboardQuery) error {
+// 			query.Result = fakeFolder
+// 			getDashboardQueries = append(getDashboardQueries, query)
+// 			return nil
+// 		})
+
+// 		viewerRole := m.ROLE_VIEWER
+// 		editorRole := m.ROLE_EDITOR
+
+// 		aclMockResp := []*m.DashboardAclInfoDTO{
+// 			{Role: &viewerRole, Permission: m.PERMISSION_VIEW},
+// 			{Role: &editorRole, Permission: m.PERMISSION_EDIT},
+// 		}
+
+// 		bus.AddHandler("test", func(query *m.GetDashboardAclInfoListQuery) error {
+// 			query.Result = aclMockResp
+// 			return nil
+// 		})
+
+// 		bus.AddHandler("test", func(query *m.GetTeamsByUserQuery) error {
+// 			query.Result = []*m.Team{}
+// 			return nil
+// 		})
+
+// 		cmd := m.CreateFolderCommand{
+// 			Title: fakeFolder.Title,
+// 		}
+
+// 		updateFolderCmd := m.UpdateFolderCommand{
+// 			Title: fakeFolder.Title,
+// 		}
+
+// 		Convey("When user is an Org Viewer", func() {
+// 			role := m.ROLE_VIEWER
+
+// 			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
+// 				folder := getFolderShouldReturn200(sc)
+
+// 				Convey("Should lookup folder by uid", func() {
+// 					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
+// 				})
+
+// 				Convey("Should not be able to edit or save folder", func() {
+// 					So(folder.CanEdit, ShouldBeFalse)
+// 					So(folder.CanSave, ShouldBeFalse)
+// 					So(folder.CanAdmin, ShouldBeFalse)
+// 				})
+// 			})
+
+// 			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) {
+// 				folder := getFolderShouldReturn200(sc)
+
+// 				Convey("Should lookup folder by id", func() {
+// 					So(getDashboardQueries[0].Id, ShouldEqual, 1)
+// 				})
+
+// 				Convey("Should not be able to edit or save folder", func() {
+// 					So(folder.CanEdit, ShouldBeFalse)
+// 					So(folder.CanSave, ShouldBeFalse)
+// 					So(folder.CanAdmin, ShouldBeFalse)
+// 				})
+// 			})
+
+// 			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
+// 				callDeleteFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 403)
+
+// 				Convey("Should lookup folder by uid", func() {
+// 					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
+// 				})
+// 			})
+
+// 			createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) {
+// 				callCreateFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 403)
+// 			})
+
+// 			updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) {
+// 				callUpdateFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 403)
+
+// 				Convey("Should lookup folder by uid", func() {
+// 					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
+// 				})
+// 			})
+// 		})
+
+// 		Convey("When user is an Org Editor", func() {
+// 			role := m.ROLE_EDITOR
+
+// 			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
+// 				folder := getFolderShouldReturn200(sc)
+
+// 				Convey("Should lookup folder by uid", func() {
+// 					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
+// 				})
+
+// 				Convey("Should be able to edit or save folder", func() {
+// 					So(folder.CanEdit, ShouldBeTrue)
+// 					So(folder.CanSave, ShouldBeTrue)
+// 					So(folder.CanAdmin, ShouldBeFalse)
+// 				})
+// 			})
+
+// 			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) {
+// 				folder := getFolderShouldReturn200(sc)
+
+// 				Convey("Should lookup folder by id", func() {
+// 					So(getDashboardQueries[0].Id, ShouldEqual, 1)
+// 				})
+
+// 				Convey("Should be able to edit or save folder", func() {
+// 					So(folder.CanEdit, ShouldBeTrue)
+// 					So(folder.CanSave, ShouldBeTrue)
+// 					So(folder.CanAdmin, ShouldBeFalse)
+// 				})
+// 			})
+
+// 			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
+// 				callDeleteFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 200)
+
+// 				Convey("Should lookup folder by uid", func() {
+// 					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
+// 				})
+// 			})
+
+// 			createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) {
+// 				callCreateFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 200)
+// 			})
+
+// 			updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) {
+// 				callUpdateFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 200)
+
+// 				Convey("Should lookup folder by uid", func() {
+// 					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
+// 				})
+// 			})
+// 		})
+// 	})
+
+// 	Convey("Given a folder which have an acl", t, func() {
+// 		fakeFolder := m.NewDashboardFolder("Folder")
+// 		fakeFolder.Id = 1
+// 		fakeFolder.HasAcl = true
+
+// 		var getDashboardQueries []*m.GetDashboardQuery
+
+// 		bus.AddHandler("test", func(query *m.GetDashboardQuery) error {
+// 			query.Result = fakeFolder
+// 			getDashboardQueries = append(getDashboardQueries, query)
+// 			return nil
+// 		})
+
+// 		aclMockResp := []*m.DashboardAclInfoDTO{
+// 			{
+// 				DashboardId: 1,
+// 				Permission:  m.PERMISSION_EDIT,
+// 				UserId:      200,
+// 			},
+// 		}
+
+// 		bus.AddHandler("test", func(query *m.GetDashboardAclInfoListQuery) error {
+// 			query.Result = aclMockResp
+// 			return nil
+// 		})
+
+// 		bus.AddHandler("test", func(query *m.GetTeamsByUserQuery) error {
+// 			query.Result = []*m.Team{}
+// 			return nil
+// 		})
+
+// 		cmd := m.CreateFolderCommand{
+// 			Title: fakeFolder.Title,
+// 		}
+
+// 		updateFolderCmd := m.UpdateFolderCommand{
+// 			Title: fakeFolder.Title,
+// 		}
+
+// 		Convey("When user is an Org Viewer and has no permissions for this folder", func() {
+// 			role := m.ROLE_VIEWER
+
+// 			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
+// 				callGetFolder(sc)
+
+// 				Convey("Should lookup folder by uid", func() {
+// 					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
+// 				})
+
+// 				Convey("Should be denied access", func() {
+// 					So(sc.resp.Code, ShouldEqual, 403)
+// 				})
+// 			})
+
+// 			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) {
+// 				callGetFolder(sc)
+
+// 				Convey("Should lookup folder by id", func() {
+// 					So(getDashboardQueries[0].Id, ShouldEqual, 1)
+// 				})
+
+// 				Convey("Should be denied access", func() {
+// 					So(sc.resp.Code, ShouldEqual, 403)
+// 				})
+// 			})
+
+// 			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
+// 				callDeleteFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 403)
+
+// 				Convey("Should lookup folder by uid", func() {
+// 					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
+// 				})
+// 			})
+
+// 			createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) {
+// 				callCreateFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 403)
+// 			})
+
+// 			updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) {
+// 				callUpdateFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 403)
+
+// 				Convey("Should lookup folder by uid", func() {
+// 					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
+// 				})
+// 			})
+// 		})
+
+// 		Convey("When user is an Org Editor and has no permissions for this folder", func() {
+// 			role := m.ROLE_EDITOR
+
+// 			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
+// 				callGetFolder(sc)
+
+// 				Convey("Should lookup folder by uid", func() {
+// 					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
+// 				})
+
+// 				Convey("Should be denied access", func() {
+// 					So(sc.resp.Code, ShouldEqual, 403)
+// 				})
+// 			})
+
+// 			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) {
+// 				callGetFolder(sc)
+
+// 				Convey("Should lookup folder by id", func() {
+// 					So(getDashboardQueries[0].Id, ShouldEqual, 1)
+// 				})
+
+// 				Convey("Should be denied access", func() {
+// 					So(sc.resp.Code, ShouldEqual, 403)
+// 				})
+// 			})
+
+// 			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
+// 				callDeleteFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 403)
+
+// 				Convey("Should lookup folder by uid", func() {
+// 					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
+// 				})
+// 			})
+
+// 			createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) {
+// 				callCreateFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 403)
+// 			})
+
+// 			updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) {
+// 				callUpdateFolder(sc)
+// 				So(sc.resp.Code, ShouldEqual, 403)
+
+// 				Convey("Should lookup folder by uid", func() {
+// 					So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
+// 				})
+// 			})
+// 		})
+// 	})
+// }
+
+// func getFolderShouldReturn200(sc *scenarioContext) dtos.Folder {
+// 	callGetFolder(sc)
+
+// 	So(sc.resp.Code, ShouldEqual, 200)
+
+// 	folder := dtos.Folder{}
+// 	err := json.NewDecoder(sc.resp.Body).Decode(&folder)
+// 	So(err, ShouldBeNil)
+
+// 	return folder
+// }
+
+// func callGetFolder(sc *scenarioContext) {
+// 	sc.handlerFunc = GetFolder
+// 	sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()
+// }
+
+// func callDeleteFolder(sc *scenarioContext) {
+// 	bus.AddHandler("test", func(cmd *m.DeleteDashboardCommand) error {
+// 		return nil
+// 	})
+
+// 	sc.handlerFunc = DeleteFolder
+// 	sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()
+// }
+
+// func callCreateFolder(sc *scenarioContext) {
+// 	bus.AddHandler("test", func(cmd *m.SaveDashboardCommand) error {
+// 		cmd.Result = &m.Dashboard{Id: 1, Slug: "folder", Version: 2}
+// 		return nil
+// 	})
+
+// 	sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
+// }
+
+// func callUpdateFolder(sc *scenarioContext) {
+// 	bus.AddHandler("test", func(cmd *m.SaveDashboardCommand) error {
+// 		cmd.Result = &m.Dashboard{Id: 1, Slug: "folder", Version: 2}
+// 		return nil
+// 	})
+
+// 	sc.fakeReqWithParams("PUT", sc.url, map[string]string{}).exec()
+// }
+
+// func createFolderScenario(desc string, url string, routePattern string, role m.RoleType, cmd m.CreateFolderCommand, fn scenarioFunc) {
+// 	Convey(desc+" "+url, func() {
+// 		defer bus.ClearBusHandlers()
+
+// 		sc := &scenarioContext{
+// 			url: url,
+// 		}
+// 		viewsPath, _ := filepath.Abs("../../public/views")
+
+// 		sc.m = macaron.New()
+// 		sc.m.Use(macaron.Renderer(macaron.RenderOptions{
+// 			Directory: viewsPath,
+// 			Delims:    macaron.Delims{Left: "[[", Right: "]]"},
+// 		}))
+
+// 		sc.m.Use(middleware.GetContextHandler())
+// 		sc.m.Use(middleware.Sessioner(&session.Options{}))
+
+// 		sc.defaultHandler = wrap(func(c *middleware.Context) Response {
+// 			sc.context = c
+// 			sc.context.UserId = TestUserID
+// 			sc.context.OrgId = TestOrgID
+// 			sc.context.OrgRole = role
+
+// 			return CreateFolder(c, cmd)
+// 		})
+
+// 		fakeRepo = &fakeDashboardRepo{}
+// 		dashboards.SetRepository(fakeRepo)
+
+// 		sc.m.Post(routePattern, sc.defaultHandler)
+
+// 		fn(sc)
+// 	})
+// }
+
+// func updateFolderScenario(desc string, url string, routePattern string, role m.RoleType, cmd m.UpdateFolderCommand, fn scenarioFunc) {
+// 	Convey(desc+" "+url, func() {
+// 		defer bus.ClearBusHandlers()
+
+// 		sc := &scenarioContext{
+// 			url: url,
+// 		}
+// 		viewsPath, _ := filepath.Abs("../../public/views")
+
+// 		sc.m = macaron.New()
+// 		sc.m.Use(macaron.Renderer(macaron.RenderOptions{
+// 			Directory: viewsPath,
+// 			Delims:    macaron.Delims{Left: "[[", Right: "]]"},
+// 		}))
+
+// 		sc.m.Use(middleware.GetContextHandler())
+// 		sc.m.Use(middleware.Sessioner(&session.Options{}))

-		sc.defaultHandler = wrap(func(c *middleware.Context) Response {
-			sc.context = c
-			sc.context.UserId = TestUserID
-			sc.context.OrgId = TestOrgID
-			sc.context.OrgRole = role
-
-			return UpdateFolder(c, cmd)
-		})
-
-		fakeRepo = &fakeDashboardRepo{}
-		dashboards.SetRepository(fakeRepo)
-
-		sc.m.Put(routePattern, sc.defaultHandler)
-
-		fn(sc)
-	})
-}
+// 		sc.defaultHandler = wrap(func(c *middleware.Context) Response {
+// 			sc.context = c
+// 			sc.context.UserId = TestUserID
+// 			sc.context.OrgId = TestOrgID
+// 			sc.context.OrgRole = role
+
+// 			return UpdateFolder(c, cmd)
+// 		})
+
+// 		fakeRepo = &fakeDashboardRepo{}
+// 		dashboards.SetRepository(fakeRepo)
+
+// 		sc.m.Put(routePattern, sc.defaultHandler)
+
+// 		fn(sc)
+// 	})
+// }