grafana/pkg/models/dashboard_acl.go

package models

import (
	"errors"
	"time"
)

type PermissionType int

const (
	PERMISSION_VIEW PermissionType = 1 << iota
	PERMISSION_EDIT
	PERMISSION_ADMIN
)

func (p PermissionType) String() string {
	names := map[int]string{
		int(PERMISSION_VIEW):  "View",
		int(PERMISSION_EDIT):  "Edit",
		int(PERMISSION_ADMIN): "Admin",
	}
	return names[int(p)]
}

// Typed errors
var (
	ErrDashboardAclInfoMissing           = errors.New("User id and team id cannot both be empty for a dashboard permission")
	ErrDashboardPermissionDashboardEmpty = errors.New("Dashboard Id must be greater than zero for a dashboard permission")
	ErrFolderAclInfoMissing              = errors.New("User id and team id cannot both be empty for a folder permission")
	ErrFolderPermissionFolderEmpty       = errors.New("Folder Id must be greater than zero for a folder permission")
)

// Dashboard ACL model
type DashboardAcl struct {
	Id          int64
	OrgId       int64
	DashboardId int64

	UserId     int64
	TeamId     int64
	Role       *RoleType // pointer to be nullable
	Permission PermissionType

	Created time.Time
	Updated time.Time
}

type DashboardAclInfoDTO struct {
	OrgId       int64 `json:"-"`
	DashboardId int64 `json:"dashboardId,omitempty"`
	FolderId    int64 `json:"folderId,omitempty"`

	Created time.Time `json:"created"`
	Updated time.Time `json:"updated"`

	UserId         int64          `json:"userId"`
	UserLogin      string         `json:"userLogin"`
	UserEmail      string         `json:"userEmail"`
	UserAvatarUrl  string         `json:"userAvatarUrl"`
	TeamId         int64          `json:"teamId"`
	TeamEmail      string         `json:"teamEmail"`
	TeamAvatarUrl  string         `json:"teamAvatarUrl"`
	Team           string         `json:"team"`
	Role           *RoleType      `json:"role,omitempty"`
	Permission     PermissionType `json:"permission"`
	PermissionName string         `json:"permissionName"`
	Uid            string         `json:"uid"`
	Title          string         `json:"title"`
	Slug           string         `json:"slug"`
	IsFolder       bool           `json:"isFolder"`
	Url            string         `json:"url"`
	Inherited      bool           `json:"inherited"`
}

func (dto *DashboardAclInfoDTO) hasSameRoleAs(other *DashboardAclInfoDTO) bool {
	if dto.Role == nil || other.Role == nil {
		return false
	}

	return dto.UserId <= 0 && dto.TeamId <= 0 && dto.UserId == other.UserId && dto.TeamId == other.TeamId && *dto.Role == *other.Role
}

func (dto *DashboardAclInfoDTO) hasSameUserAs(other *DashboardAclInfoDTO) bool {
	return dto.UserId > 0 && dto.UserId == other.UserId
}

func (dto *DashboardAclInfoDTO) hasSameTeamAs(other *DashboardAclInfoDTO) bool {
	return dto.TeamId > 0 && dto.TeamId == other.TeamId
}

// IsDuplicateOf returns true if other item has same role, same user or same team
func (dto *DashboardAclInfoDTO) IsDuplicateOf(other *DashboardAclInfoDTO) bool {
	return dto.hasSameRoleAs(other) || dto.hasSameUserAs(other) || dto.hasSameTeamAs(other)
}

//
// COMMANDS
//

type UpdateDashboardAclCommand struct {
	DashboardId int64
	Items       []*DashboardAcl
}

//
// QUERIES
//
type GetDashboardAclInfoListQuery struct {
	DashboardId int64
	OrgId       int64
	Result      []*DashboardAclInfoDTO
}
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`package models`

WIP: API - add dash permission 2017-06-09 14:56:13 -05:00			`import (`
			`"errors"`
			`"time"`
			`)`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00
			`type PermissionType int`

			`const (`
WIP: API - add dash permission 2017-06-09 14:56:13 -05:00			`PERMISSION_VIEW PermissionType = 1 << iota`
			`PERMISSION_EDIT`
dashboard acl work 2017-06-20 16:18:20 -05:00			`PERMISSION_ADMIN`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`)`

WIP: Permission Type as string in permission query 2017-06-08 03:39:17 -05:00			`func (p PermissionType) String() string {`
			`names := map[int]string{`
dashboard acl work 2017-06-20 16:18:20 -05:00			`int(PERMISSION_VIEW): "View",`
			`int(PERMISSION_EDIT): "Edit",`
			`int(PERMISSION_ADMIN): "Admin",`
WIP: Permission Type as string in permission query 2017-06-08 03:39:17 -05:00			`}`
			`return names[int(p)]`
			`}`

WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`// Typed errors`
WIP: API - add dash permission 2017-06-09 14:56:13 -05:00			`var (`
Chore: a bit of spring cleaning (#16710) * Chore: use early return technic everywhere And enable "indent-error-flow" revive rule * Chore: remove if-return rule from revive config * Chore: improve error messages And enable "error-strings" revive rule * Chore: enable "error-naming" revive rule * Chore: make linter happy * Chore: do not duplicate gofmt execution * Chore: make linter happy * Chore: address the pull review comments 2019-04-23 03:24:47 -05:00			`ErrDashboardAclInfoMissing = errors.New("User id and team id cannot both be empty for a dashboard permission")`
			`ErrDashboardPermissionDashboardEmpty = errors.New("Dashboard Id must be greater than zero for a dashboard permission")`
			`ErrFolderAclInfoMissing = errors.New("User id and team id cannot both be empty for a folder permission")`
			`ErrFolderPermissionFolderEmpty = errors.New("Folder Id must be greater than zero for a folder permission")`
WIP: API - add dash permission 2017-06-09 14:56:13 -05:00			`)`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00
			`// Dashboard ACL model`
			`type DashboardAcl struct {`
refactoring: renaming 2017-06-19 17:19:58 -05:00			`Id int64`
			`OrgId int64`
			`DashboardId int64`
WIP: get Dashboard Permissions The guardian class checks if the user is allowed to get the permissions for a dashboard. 2017-05-08 08:35:34 -05:00
refactor: format files by gofmt 2017-12-11 10:46:05 -06:00			`UserId int64`
			`TeamId int64`
			`Role *RoleType // pointer to be nullable`
			`Permission PermissionType`
WIP: get Dashboard Permissions The guardian class checks if the user is allowed to get the permissions for a dashboard. 2017-05-08 08:35:34 -05:00
refactoring: renaming 2017-06-19 17:19:58 -05:00			`Created time.Time`
			`Updated time.Time`
WIP: get Dashboard Permissions The guardian class checks if the user is allowed to get the permissions for a dashboard. 2017-05-08 08:35:34 -05:00			`}`

			`type DashboardAclInfoDTO struct {`
			OrgId int64 `json:"-"`
folders: folder permission api routes 2018-02-20 08:25:16 -06:00			DashboardId int64 `json:"dashboardId,omitempty"`
			FolderId int64 `json:"folderId,omitempty"`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00
WIP: get Dashboard Permissions The guardian class checks if the user is allowed to get the permissions for a dashboard. 2017-05-08 08:35:34 -05:00			Created time.Time `json:"created"`
			Updated time.Time `json:"updated"`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00
WIP: Permission Type as string in permission query 2017-06-08 03:39:17 -05:00			UserId int64 `json:"userId"`
			UserLogin string `json:"userLogin"`
			UserEmail string `json:"userEmail"`
wip: dashboard acl ux2, #10747 2018-02-14 08:02:42 -06:00			UserAvatarUrl string `json:"userAvatarUrl"`
refactor: format files by gofmt 2017-12-11 10:46:05 -06:00			TeamId int64 `json:"teamId"`
wip: dashboard acl ux2, #10747 2018-02-14 08:02:42 -06:00			TeamEmail string `json:"teamEmail"`
			TeamAvatarUrl string `json:"teamAvatarUrl"`
refactor: format files by gofmt 2017-12-11 10:46:05 -06:00			Team string `json:"team"`
acl fixes 2017-06-22 16:10:43 -05:00			Role *RoleType `json:"role,omitempty"`
dashboard acl work 2017-06-21 13:11:16 -05:00			Permission PermissionType `json:"permission"`
refactoring: Dashboard guardian 2017-06-16 20:25:24 -05:00			PermissionName string `json:"permissionName"`
Stale permissions (#10768) * dashfolders: hide permissions in settings if folder has changed and the dashboard has not been saved yet. Otherwise the use will see stale permissions from the original folder. * dashfolders: return folder url for inherited permissions 2018-02-05 07:28:24 -06:00			Uid string `json:"uid"`
			Title string `json:"title"`
			Slug string `json:"slug"`
			IsFolder bool `json:"isFolder"`
			Url string `json:"url"`
return inherited property for permissions 2018-04-23 02:23:14 -05:00			Inherited bool `json:"inherited"`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`}`

permissions: fix validation of permissions before update Did a bad pointer comparison so extended the tests for duplicate permissions. 2018-02-28 01:48:28 -06:00			`func (dto DashboardAclInfoDTO) hasSameRoleAs(other DashboardAclInfoDTO) bool {`
			`if dto.Role == nil \|\| other.Role == nil {`
			`return false`
			`}`

			`return dto.UserId <= 0 && dto.TeamId <= 0 && dto.UserId == other.UserId && dto.TeamId == other.TeamId && dto.Role == other.Role`
			`}`

			`func (dto DashboardAclInfoDTO) hasSameUserAs(other DashboardAclInfoDTO) bool {`
			`return dto.UserId > 0 && dto.UserId == other.UserId`
			`}`

			`func (dto DashboardAclInfoDTO) hasSameTeamAs(other DashboardAclInfoDTO) bool {`
			`return dto.TeamId > 0 && dto.TeamId == other.TeamId`
			`}`

			`// IsDuplicateOf returns true if other item has same role, same user or same team`
			`func (dto DashboardAclInfoDTO) IsDuplicateOf(other DashboardAclInfoDTO) bool {`
			`return dto.hasSameRoleAs(other) \|\| dto.hasSameUserAs(other) \|\| dto.hasSameTeamAs(other)`
			`}`

WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`//`
			`// COMMANDS`
			`//`

dashboard acl work 2017-06-21 18:02:03 -05:00			`type UpdateDashboardAclCommand struct {`
			`DashboardId int64`
			`Items []*DashboardAcl`
			`}`

WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`//`
			`// QUERIES`
			`//`
refactoring more renaming 2017-06-19 16:30:54 -05:00			`type GetDashboardAclInfoListQuery struct {`
dashboard folders acl work 2017-06-19 10:03:54 -05:00			`DashboardId int64`
refactoring dashboad folder acl checks 2017-06-19 10:54:37 -05:00			`OrgId int64`
acl fixes 2017-06-22 16:10:43 -05:00			`Result []*DashboardAclInfoDTO`
dashboard folders acl work 2017-06-19 10:03:54 -05:00			`}`