mirror of
https://github.com/grafana/grafana.git
synced 2025-08-01 05:01:50 +08:00
new property for current user indicating if edit permissions in folders
This commit is contained in:
Marcus Efraimsson
@ -22,21 +22,22 @@ type LoginCommand struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type CurrentUser struct {
|
type CurrentUser struct {
|
||||||
IsSignedIn bool `json:"isSignedIn"`
|
IsSignedIn bool `json:"isSignedIn"`
|
||||||
Id int64 `json:"id"`
|
Id int64 `json:"id"`
|
||||||
Login string `json:"login"`
|
Login string `json:"login"`
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
LightTheme bool `json:"lightTheme"`
|
LightTheme bool `json:"lightTheme"`
|
||||||
OrgCount int `json:"orgCount"`
|
OrgCount int `json:"orgCount"`
|
||||||
OrgId int64 `json:"orgId"`
|
OrgId int64 `json:"orgId"`
|
||||||
OrgName string `json:"orgName"`
|
OrgName string `json:"orgName"`
|
||||||
OrgRole m.RoleType `json:"orgRole"`
|
OrgRole m.RoleType `json:"orgRole"`
|
||||||
IsGrafanaAdmin bool `json:"isGrafanaAdmin"`
|
IsGrafanaAdmin bool `json:"isGrafanaAdmin"`
|
||||||
GravatarUrl string `json:"gravatarUrl"`
|
GravatarUrl string `json:"gravatarUrl"`
|
||||||
Timezone string `json:"timezone"`
|
Timezone string `json:"timezone"`
|
||||||
Locale string `json:"locale"`
|
Locale string `json:"locale"`
|
||||||
HelpFlags1 m.HelpFlags1 `json:"helpFlags1"`
|
HelpFlags1 m.HelpFlags1 `json:"helpFlags1"`
|
||||||
|
HasEditPermissionInFolders bool `json:"hasEditPermissionInFolders"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type MetricRequest struct {
|
type MetricRequest struct {
|
||||||
|
|||||||
@ -42,23 +42,29 @@ func setIndexViewData(c *m.ReqContext) (*dtos.IndexViewData, error) {
|
|||||||
settings["appSubUrl"] = ""
|
settings["appSubUrl"] = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
hasEditPermissionInFoldersQuery := m.HasEditPermissionInFoldersQuery{SignedInUser: c.SignedInUser}
|
||||||
|
if err := bus.Dispatch(&hasEditPermissionInFoldersQuery); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
var data = dtos.IndexViewData{
|
var data = dtos.IndexViewData{
|
||||||
User: &dtos.CurrentUser{
|
User: &dtos.CurrentUser{
|
||||||
Id: c.UserId,
|
Id: c.UserId,
|
||||||
IsSignedIn: c.IsSignedIn,
|
IsSignedIn: c.IsSignedIn,
|
||||||
Login: c.Login,
|
Login: c.Login,
|
||||||
Email: c.Email,
|
Email: c.Email,
|
||||||
Name: c.Name,
|
Name: c.Name,
|
||||||
OrgCount: c.OrgCount,
|
OrgCount: c.OrgCount,
|
||||||
OrgId: c.OrgId,
|
OrgId: c.OrgId,
|
||||||
OrgName: c.OrgName,
|
OrgName: c.OrgName,
|
||||||
OrgRole: c.OrgRole,
|
OrgRole: c.OrgRole,
|
||||||
GravatarUrl: dtos.GetGravatarUrl(c.Email),
|
GravatarUrl: dtos.GetGravatarUrl(c.Email),
|
||||||
IsGrafanaAdmin: c.IsGrafanaAdmin,
|
IsGrafanaAdmin: c.IsGrafanaAdmin,
|
||||||
LightTheme: prefs.Theme == "light",
|
LightTheme: prefs.Theme == "light",
|
||||||
Timezone: prefs.Timezone,
|
Timezone: prefs.Timezone,
|
||||||
Locale: locale,
|
Locale: locale,
|
||||||
HelpFlags1: c.HelpFlags1,
|
HelpFlags1: c.HelpFlags1,
|
||||||
|
HasEditPermissionInFolders: hasEditPermissionInFoldersQuery.Result,
|
||||||
},
|
},
|
||||||
Settings: settings,
|
Settings: settings,
|
||||||
Theme: prefs.Theme,
|
Theme: prefs.Theme,
|
||||||
|
|||||||
@ -89,3 +89,12 @@ type UpdateFolderCommand struct {
|
|||||||
|
|
||||||
Result *Folder
|
Result *Folder
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// QUERIES
|
||||||
|
//
|
||||||
|
|
||||||
|
type HasEditPermissionInFoldersQuery struct {
|
||||||
|
SignedInUser *SignedInUser
|
||||||
|
Result bool
|
||||||
|
}
|
||||||
|
|||||||
@ -24,6 +24,7 @@ func init() {
|
|||||||
bus.AddHandler("sql", GetDashboardPermissionsForUser)
|
bus.AddHandler("sql", GetDashboardPermissionsForUser)
|
||||||
bus.AddHandler("sql", GetDashboardsBySlug)
|
bus.AddHandler("sql", GetDashboardsBySlug)
|
||||||
bus.AddHandler("sql", ValidateDashboardBeforeSave)
|
bus.AddHandler("sql", ValidateDashboardBeforeSave)
|
||||||
|
bus.AddHandler("sql", HasEditPermissionInFolders)
|
||||||
}
|
}
|
||||||
|
|
||||||
var generateNewUid func() string = util.GenerateShortUid
|
var generateNewUid func() string = util.GenerateShortUid
|
||||||
@ -614,3 +615,27 @@ func ValidateDashboardBeforeSave(cmd *m.ValidateDashboardBeforeSaveCommand) (err
|
|||||||
return nil
|
return nil
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func HasEditPermissionInFolders(query *m.HasEditPermissionInFoldersQuery) error {
|
||||||
|
if query.SignedInUser.HasRole(m.ROLE_EDITOR) {
|
||||||
|
query.Result = true
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
builder := &SqlBuilder{}
|
||||||
|
builder.Write("SELECT COUNT(dashboard.id) AS count FROM dashboard WHERE dashboard.org_id = ? AND dashboard.is_folder = ?", query.SignedInUser.OrgId, dialect.BooleanStr(true))
|
||||||
|
builder.writeDashboardPermissionFilter(query.SignedInUser, m.PERMISSION_EDIT)
|
||||||
|
|
||||||
|
type folderCount struct {
|
||||||
|
Count int64
|
||||||
|
}
|
||||||
|
|
||||||
|
resp := make([]*folderCount, 0)
|
||||||
|
if err := x.Sql(builder.GetSqlString(), builder.params...).Find(&resp); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
query.Result = len(resp) > 0 && resp[0].Count > 0
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|||||||
@ -221,7 +221,6 @@ func TestDashboardFolderDataAccess(t *testing.T) {
|
|||||||
})
|
})
|
||||||
|
|
||||||
Convey("Given two dashboard folders", func() {
|
Convey("Given two dashboard folders", func() {
|
||||||
|
|
||||||
folder1 := insertTestDashboard("1 test dash folder", 1, 0, true, "prod")
|
folder1 := insertTestDashboard("1 test dash folder", 1, 0, true, "prod")
|
||||||
folder2 := insertTestDashboard("2 test dash folder", 1, 0, true, "prod")
|
folder2 := insertTestDashboard("2 test dash folder", 1, 0, true, "prod")
|
||||||
insertTestDashboard("folder in another org", 2, 0, true, "prod")
|
insertTestDashboard("folder in another org", 2, 0, true, "prod")
|
||||||
@ -264,6 +263,15 @@ func TestDashboardFolderDataAccess(t *testing.T) {
|
|||||||
So(query.Result[1].DashboardId, ShouldEqual, folder2.Id)
|
So(query.Result[1].DashboardId, ShouldEqual, folder2.Id)
|
||||||
So(query.Result[1].Permission, ShouldEqual, m.PERMISSION_ADMIN)
|
So(query.Result[1].Permission, ShouldEqual, m.PERMISSION_ADMIN)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
Convey("should have edit permission in folders", func() {
|
||||||
|
query := &m.HasEditPermissionInFoldersQuery{
|
||||||
|
SignedInUser: &m.SignedInUser{UserId: adminUser.Id, OrgId: 1, OrgRole: m.ROLE_ADMIN},
|
||||||
|
}
|
||||||
|
err := HasEditPermissionInFolders(query)
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
So(query.Result, ShouldBeTrue)
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
Convey("Editor users", func() {
|
Convey("Editor users", func() {
|
||||||
@ -310,6 +318,14 @@ func TestDashboardFolderDataAccess(t *testing.T) {
|
|||||||
So(query.Result[0].Id, ShouldEqual, folder2.Id)
|
So(query.Result[0].Id, ShouldEqual, folder2.Id)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
Convey("should have edit permission in folders", func() {
|
||||||
|
query := &m.HasEditPermissionInFoldersQuery{
|
||||||
|
SignedInUser: &m.SignedInUser{UserId: editorUser.Id, OrgId: 1, OrgRole: m.ROLE_EDITOR},
|
||||||
|
}
|
||||||
|
err := HasEditPermissionInFolders(query)
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
So(query.Result, ShouldBeTrue)
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
Convey("Viewer users", func() {
|
Convey("Viewer users", func() {
|
||||||
@ -353,6 +369,41 @@ func TestDashboardFolderDataAccess(t *testing.T) {
|
|||||||
So(len(query.Result), ShouldEqual, 1)
|
So(len(query.Result), ShouldEqual, 1)
|
||||||
So(query.Result[0].Id, ShouldEqual, folder1.Id)
|
So(query.Result[0].Id, ShouldEqual, folder1.Id)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
Convey("should not have edit permission in folders", func() {
|
||||||
|
query := &m.HasEditPermissionInFoldersQuery{
|
||||||
|
SignedInUser: &m.SignedInUser{UserId: viewerUser.Id, OrgId: 1, OrgRole: m.ROLE_VIEWER},
|
||||||
|
}
|
||||||
|
err := HasEditPermissionInFolders(query)
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
So(query.Result, ShouldBeFalse)
|
||||||
|
})
|
||||||
|
|
||||||
|
Convey("and admin permission is given for user with org role viewer in one dashboard folder", func() {
|
||||||
|
testHelperUpdateDashboardAcl(folder1.Id, m.DashboardAcl{DashboardId: folder1.Id, OrgId: 1, UserId: viewerUser.Id, Permission: m.PERMISSION_ADMIN})
|
||||||
|
|
||||||
|
Convey("should have edit permission in folders", func() {
|
||||||
|
query := &m.HasEditPermissionInFoldersQuery{
|
||||||
|
SignedInUser: &m.SignedInUser{UserId: viewerUser.Id, OrgId: 1, OrgRole: m.ROLE_VIEWER},
|
||||||
|
}
|
||||||
|
err := HasEditPermissionInFolders(query)
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
So(query.Result, ShouldBeTrue)
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
Convey("and edit permission is given for user with org role viewer in one dashboard folder", func() {
|
||||||
|
testHelperUpdateDashboardAcl(folder1.Id, m.DashboardAcl{DashboardId: folder1.Id, OrgId: 1, UserId: viewerUser.Id, Permission: m.PERMISSION_EDIT})
|
||||||
|
|
||||||
|
Convey("should have edit permission in folders", func() {
|
||||||
|
query := &m.HasEditPermissionInFoldersQuery{
|
||||||
|
SignedInUser: &m.SignedInUser{UserId: viewerUser.Id, OrgId: 1, OrgRole: m.ROLE_VIEWER},
|
||||||
|
}
|
||||||
|
err := HasEditPermissionInFolders(query)
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
So(query.Result, ShouldBeTrue)
|
||||||
|
})
|
||||||
|
})
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|||||||
Reference in New Issue
Block a user