grafana/pkg/models/team.go

package models

import (
	"errors"
	"time"
)

// Typed errors
var (
	ErrTeamNotFound                         = errors.New("team not found")
	ErrTeamNameTaken                        = errors.New("team name is taken")
	ErrTeamMemberNotFound                   = errors.New("team member not found")
	ErrLastTeamAdmin                        = errors.New("not allowed to remove last admin")
	ErrNotAllowedToUpdateTeam               = errors.New("user not allowed to update team")
	ErrNotAllowedToUpdateTeamInDifferentOrg = errors.New("user not allowed to update team in another org")
)

// Team model
type Team struct {
	Id    int64  `json:"id"`
	OrgId int64  `json:"orgId"`
	Name  string `json:"name"`
	Email string `json:"email"`

	Created time.Time `json:"created"`
	Updated time.Time `json:"updated"`
}

// ---------------------
// COMMANDS

type CreateTeamCommand struct {
	Name  string `json:"name" binding:"Required"`
	Email string `json:"email"`
	OrgId int64  `json:"-"`

	Result Team `json:"-"`
}

type UpdateTeamCommand struct {
	Id    int64
	Name  string
	Email string
	OrgId int64 `json:"-"`
}

type DeleteTeamCommand struct {
	OrgId int64
	Id    int64
}

type GetTeamByIdQuery struct {
	OrgId        int64
	Id           int64
	SignedInUser *SignedInUser
	HiddenUsers  map[string]struct{}
	Result       *TeamDTO
	UserIdFilter int64
}

// FilterIgnoreUser is used in a get / search teams query when the caller does not want to filter teams by user ID / membership
const FilterIgnoreUser int64 = 0

type GetTeamsByUserQuery struct {
	OrgId  int64
	UserId int64      `json:"userId"`
	Result []*TeamDTO `json:"teams"`
}

type SearchTeamsQuery struct {
	Query        string
	Name         string
	Limit        int
	Page         int
	OrgId        int64
	UserIdFilter int64
	SignedInUser *SignedInUser
	HiddenUsers  map[string]struct{}

	Result SearchTeamQueryResult
}

type TeamDTO struct {
	Id            int64           `json:"id"`
	OrgId         int64           `json:"orgId"`
	Name          string          `json:"name"`
	Email         string          `json:"email"`
	AvatarUrl     string          `json:"avatarUrl"`
	MemberCount   int64           `json:"memberCount"`
	Permission    PermissionType  `json:"permission"`
	AccessControl map[string]bool `json:"accessControl"`
}

type SearchTeamQueryResult struct {
	TotalCount int64      `json:"totalCount"`
	Teams      []*TeamDTO `json:"teams"`
	Page       int        `json:"page"`
	PerPage    int        `json:"perPage"`
}

type IsAdminOfTeamsQuery struct {
	SignedInUser *SignedInUser
	Result       bool
}
WIP: rough prototype of dashboard folders Breaks some stuff like selected dash in the search result. In dashboard search, if the user is not searching then the result is returned as a tree structure. No ACL's or user group ux yet. 2017-03-27 07:36:28 -05:00			`package models`

WIP: add usergroup commands and queries 2017-04-08 17:55:07 -05:00			`import (`
			`"errors"`
			`"time"`
			`)`

			`// Typed errors`
			`var (`
Chore: Fix staticcheck issues (#28860) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Undo changes Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> 2020-11-05 06:07:06 -06:00			`ErrTeamNotFound = errors.New("team not found")`
			`ErrTeamNameTaken = errors.New("team name is taken")`
			`ErrTeamMemberNotFound = errors.New("team member not found")`
			`ErrLastTeamAdmin = errors.New("not allowed to remove last admin")`
			`ErrNotAllowedToUpdateTeam = errors.New("user not allowed to update team")`
			`ErrNotAllowedToUpdateTeamInDifferentOrg = errors.New("user not allowed to update team in another org")`
WIP: add usergroup commands and queries 2017-04-08 17:55:07 -05:00			`)`
WIP: rough prototype of dashboard folders Breaks some stuff like selected dash in the search result. In dashboard search, if the user is not searching then the result is returned as a tree structure. No ACL's or user group ux yet. 2017-03-27 07:36:28 -05:00
refactor: rename User Groups to Teams 2017-12-08 09:25:45 -06:00			`// Team model`
			`type Team struct {`
WIP: add user group search 2017-04-09 18:24:16 -05:00			Id int64 `json:"id"`
			OrgId int64 `json:"orgId"`
			Name string `json:"name"`
Add avatar to team and team members page (#10305) * teams: add db migration for email column in teams table * teams: /teams should render index page with a 200 OK * teams: additional backend functionality for team and team members Possibility to save/update email for teams. Possibility to retrive avatar url when searching for teams. Possibility to retrive avatar url when searching for team members. * teams: display team avatar and team member avatars Possibility to save and update email for a team * teams: create team on separate page instead of modal dialog 2017-12-20 14:20:12 -06:00			Email string `json:"email"`
WIP: rough prototype of dashboard folders Breaks some stuff like selected dash in the search result. In dashboard search, if the user is not searching then the result is returned as a tree structure. No ACL's or user group ux yet. 2017-03-27 07:36:28 -05:00
WIP: add user group search 2017-04-09 18:24:16 -05:00			Created time.Time `json:"created"`
			Updated time.Time `json:"updated"`
WIP: rough prototype of dashboard folders Breaks some stuff like selected dash in the search result. In dashboard search, if the user is not searching then the result is returned as a tree structure. No ACL's or user group ux yet. 2017-03-27 07:36:28 -05:00			`}`
WIP: add usergroup commands and queries 2017-04-08 17:55:07 -05:00
			`// ---------------------`
			`// COMMANDS`

refactor: rename User Groups to Teams 2017-12-08 09:25:45 -06:00			`type CreateTeamCommand struct {`
WIP: add usergroup commands and queries 2017-04-08 17:55:07 -05:00			Name string `json:"name" binding:"Required"`
Add avatar to team and team members page (#10305) * teams: add db migration for email column in teams table * teams: /teams should render index page with a 200 OK * teams: additional backend functionality for team and team members Possibility to save/update email for teams. Possibility to retrive avatar url when searching for teams. Possibility to retrive avatar url when searching for team members. * teams: display team avatar and team member avatars Possibility to save and update email for a team * teams: create team on separate page instead of modal dialog 2017-12-20 14:20:12 -06:00			Email string `json:"email"`
WIP: add user group search 2017-04-09 18:24:16 -05:00			OrgId int64 `json:"-"`
WIP: add usergroup commands and queries 2017-04-08 17:55:07 -05:00
refactor: rename User Groups to Teams 2017-12-08 09:25:45 -06:00			Result Team `json:"-"`
WIP: add usergroup commands and queries 2017-04-08 17:55:07 -05:00			`}`

refactor: rename User Groups to Teams 2017-12-08 09:25:45 -06:00			`type UpdateTeamCommand struct {`
Add avatar to team and team members page (#10305) * teams: add db migration for email column in teams table * teams: /teams should render index page with a 200 OK * teams: additional backend functionality for team and team members Possibility to save/update email for teams. Possibility to retrive avatar url when searching for teams. Possibility to retrive avatar url when searching for team members. * teams: display team avatar and team member avatars Possibility to save and update email for a team * teams: create team on separate page instead of modal dialog 2017-12-20 14:20:12 -06:00			`Id int64`
			`Name string`
			`Email string`
teams: use orgId in all team and team member operations (#10862) Also fixes issue in org users tests for postgres 2018-02-09 10:26:15 -06:00			OrgId int64 `json:"-"`
WIP: add update user group command 2017-04-18 08:01:05 -05:00			`}`

refactor: rename User Groups to Teams 2017-12-08 09:25:45 -06:00			`type DeleteTeamCommand struct {`
teams: use orgId in all team and team member operations (#10862) Also fixes issue in org users tests for postgres 2018-02-09 10:26:15 -06:00			`OrgId int64`
			`Id int64`
WIP: add usergroup commands and queries 2017-04-08 17:55:07 -05:00			`}`

refactor: rename User Groups to Teams 2017-12-08 09:25:45 -06:00			`type GetTeamByIdQuery struct {`
Add an option to hide certain users in the UI (#28942) * Add an option to hide certain users in the UI * revert changes for admin users routes * fix sqlstore function name * Improve slice management Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Hidden users: convert slice to map * filter with user logins instead of IDs * put HiddenUsers in Cfg struct * hide hidden users from dashboards/folders permissions list * Update conf/defaults.ini Co-authored-by: Torkel Ödegaard <torkel@grafana.com> * fix params order * fix tests * fix dashboard/folder update with hidden user * add team tests * add dashboard and folder permissions tests * fixes after merge * fix tests * API: add test for org users endpoints * update hidden users management for dashboard / folder permissions * improve dashboard / folder permissions tests * fixes after merge * Guardian: add hidden acl tests * API: add team members tests * fix team sql syntax for postgres * api tests update * fix linter error * fix tests errors after merge Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Torkel Ödegaard <torkel@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com> 2020-11-24 05:10:32 -06:00			`OrgId int64`
			`Id int64`
			`SignedInUser *SignedInUser`
			`HiddenUsers map[string]struct{}`
			`Result *TeamDTO`
Security: Sync security changes on main (#45083) * * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com> 2022-02-09 06:44:38 -06:00			`UserIdFilter int64`
WIP: add usergroup commands and queries 2017-04-08 17:55:07 -05:00			`}`

Security: Sync security changes on main (#45083) * * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com> 2022-02-09 06:44:38 -06:00			`// FilterIgnoreUser is used in a get / search teams query when the caller does not want to filter teams by user ID / membership`
			`const FilterIgnoreUser int64 = 0`

refactor: rename User Groups to Teams 2017-12-08 09:25:45 -06:00			`type GetTeamsByUserQuery struct {`
teams: use orgId in all team and team member operations (#10862) Also fixes issue in org users tests for postgres 2018-02-09 10:26:15 -06:00			`OrgId int64`
Refactor team pages to react & design change (#12574) * Rewriting team pages in react * teams to react progress * teams: getting team by id returns same DTO as search, needed for AvatarUrl * teams: progress on new team pages * fix: team test * listing team members and removing team members now works * teams: team member page now works * ux: fixed adding team member issue * refactoring TeamPicker to conform to react coding styles better * teams: very close to being done with team page rewrite * minor style tweak * ux: polish to team pages * feature: team pages in react & everything working * fix: removed flickering when changing tabs by always rendering PageHeader 2018-07-11 13:23:07 -05:00			UserId int64 `json:"userId"`
			Result []*TeamDTO `json:"teams"`
WIP: user group additions 2017-05-22 03:33:17 -05:00			`}`

refactor: rename User Groups to Teams 2017-12-08 09:25:45 -06:00			`type SearchTeamsQuery struct {`
teams: team listing shows only your teams (editors). 2019-03-11 08:40:57 -05:00			`Query string`
			`Name string`
			`Limit int`
			`Page int`
			`OrgId int64`
			`UserIdFilter int64`
Add an option to hide certain users in the UI (#28942) * Add an option to hide certain users in the UI * revert changes for admin users routes * fix sqlstore function name * Improve slice management Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Hidden users: convert slice to map * filter with user logins instead of IDs * put HiddenUsers in Cfg struct * hide hidden users from dashboards/folders permissions list * Update conf/defaults.ini Co-authored-by: Torkel Ödegaard <torkel@grafana.com> * fix params order * fix tests * fix dashboard/folder update with hidden user * add team tests * add dashboard and folder permissions tests * fixes after merge * fix tests * API: add test for org users endpoints * update hidden users management for dashboard / folder permissions * improve dashboard / folder permissions tests * fixes after merge * Guardian: add hidden acl tests * API: add team members tests * fix team sql syntax for postgres * api tests update * fix linter error * fix tests errors after merge Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Torkel Ödegaard <torkel@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com> 2020-11-24 05:10:32 -06:00			`SignedInUser *SignedInUser`
			`HiddenUsers map[string]struct{}`
WIP: add usergroup commands and queries 2017-04-08 17:55:07 -05:00
refactor: rename User Groups to Teams 2017-12-08 09:25:45 -06:00			`Result SearchTeamQueryResult`
WIP: add user group search 2017-04-09 18:24:16 -05:00			`}`

Refactor team pages to react & design change (#12574) * Rewriting team pages in react * teams to react progress * teams: getting team by id returns same DTO as search, needed for AvatarUrl * teams: progress on new team pages * fix: team test * listing team members and removing team members now works * teams: team member page now works * ux: fixed adding team member issue * refactoring TeamPicker to conform to react coding styles better * teams: very close to being done with team page rewrite * minor style tweak * ux: polish to team pages * feature: team pages in react & everything working * fix: removed flickering when changing tabs by always rendering PageHeader 2018-07-11 13:23:07 -05:00			`type TeamDTO struct {`
AccessControl: Change teams permissions page when accesscontrol is enabled (#43971) * AccessControl: Change teams permissions page when frontend is hit * Implement frontend changes for group sync * Changing the org/teams/edit permissions Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> * Fixing routes Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> * Use props straight away no need to go through the state Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> * Update public/app/features/teams/TeamPages.tsx Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> 2022-02-03 10:49:39 -06:00			Id int64 `json:"id"`
			OrgId int64 `json:"orgId"`
			Name string `json:"name"`
			Email string `json:"email"`
			AvatarUrl string `json:"avatarUrl"`
			MemberCount int64 `json:"memberCount"`
			Permission PermissionType `json:"permission"`
			AccessControl map[string]bool `json:"accessControl"`
teams: add team count when searching for team closes #10207 2017-12-14 10:22:45 -06:00			`}`

refactor: rename User Groups to Teams 2017-12-08 09:25:45 -06:00			`type SearchTeamQueryResult struct {`
Refactor team pages to react & design change (#12574) * Rewriting team pages in react * teams to react progress * teams: getting team by id returns same DTO as search, needed for AvatarUrl * teams: progress on new team pages * fix: team test * listing team members and removing team members now works * teams: team member page now works * ux: fixed adding team member issue * refactoring TeamPicker to conform to react coding styles better * teams: very close to being done with team page rewrite * minor style tweak * ux: polish to team pages * feature: team pages in react & everything working * fix: removed flickering when changing tabs by always rendering PageHeader 2018-07-11 13:23:07 -05:00			TotalCount int64 `json:"totalCount"`
			Teams []*TeamDTO `json:"teams"`
			Page int `json:"page"`
			PerPage int `json:"perPage"`
WIP: add usergroup commands and queries 2017-04-08 17:55:07 -05:00			`}`
API: Restrict anonymous user information access (#18422) Existing /api/alert-notifications now requires at least editor access. Existing /api/alert-notifiers now requires at least editor access. New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user. Existing /api/org/users now requires org admin role. New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins, admin in any folder or admin of any team. UserPicker component now uses /api/org/users/lookup instead of /api/org/users. Fixes #17318 2019-08-12 13:03:48 -05:00
			`type IsAdminOfTeamsQuery struct {`
			`SignedInUser *SignedInUser`
			`Result bool`
			`}`