grafana/pkg/services/sqlstore/dashboard_acl.go

package sqlstore

import (
	"time"

	"github.com/grafana/grafana/pkg/bus"
	m "github.com/grafana/grafana/pkg/models"
)

func init() {
	bus.AddHandler("sql", SetDashboardAcl)
	bus.AddHandler("sql", RemoveDashboardAcl)
	bus.AddHandler("sql", GetDashboardAclInfoList)
	bus.AddHandler("sql", GetInheritedDashboardAcl)
}

func SetDashboardAcl(cmd *m.SetDashboardAclCommand) error {
	return inTransaction(func(sess *DBSession) error {
		if cmd.UserId == 0 && cmd.UserGroupId == 0 {
			return m.ErrDashboardAclInfoMissing
		}

		if cmd.DashboardId == 0 {
			return m.ErrDashboardPermissionDashboardEmpty
		}

		if res, err := sess.Query("SELECT 1 from "+dialect.Quote("dashboard_acl")+" WHERE dashboard_id =? and (user_group_id=? or user_id=?)", cmd.DashboardId, cmd.UserGroupId, cmd.UserId); err != nil {
			return err
		} else if len(res) == 1 {
			entity := m.DashboardAcl{
				Permissions: cmd.Permissions,
				Updated:     time.Now(),
			}
			if _, err := sess.Cols("updated", "permissions").Where("dashboard_id =? and (user_group_id=? or user_id=?)", cmd.DashboardId, cmd.UserGroupId, cmd.UserId).Update(&entity); err != nil {
				return err
			}

			return nil
		}

		entity := m.DashboardAcl{
			OrgId:       cmd.OrgId,
			UserGroupId: cmd.UserGroupId,
			UserId:      cmd.UserId,
			Created:     time.Now(),
			Updated:     time.Now(),
			DashboardId: cmd.DashboardId,
			Permissions: cmd.Permissions,
		}

		cols := []string{"org_id", "created", "updated", "dashboard_id", "permissions"}

		if cmd.UserId != 0 {
			cols = append(cols, "user_id")
		}

		if cmd.UserGroupId != 0 {
			cols = append(cols, "user_group_id")
		}

		entityId, err := sess.Cols(cols...).Insert(&entity)
		if err != nil {
			return err
		}
		cmd.Result = entity
		cmd.Result.Id = entityId

		// Update dashboard HasAcl flag
		dashboard := m.Dashboard{
			HasAcl: true,
		}

		if _, err := sess.Cols("has_acl").Where("id=? OR parent_id=?", cmd.DashboardId, cmd.DashboardId).Update(&dashboard); err != nil {
			return err
		}

		return nil
	})
}

func RemoveDashboardAcl(cmd *m.RemoveDashboardAclCommand) error {
	return inTransaction(func(sess *DBSession) error {
		var rawSQL = "DELETE FROM " + dialect.Quote("dashboard_acl") + " WHERE org_id =? and id=?"
		_, err := sess.Exec(rawSQL, cmd.OrgId, cmd.AclId)
		if err != nil {
			return err
		}

		return err
	})
}

func GetInheritedDashboardAcl(query *m.GetInheritedDashboardAclQuery) error {
	rawSQL := `SELECT
  da.id,
  da.org_id,
  da.dashboard_id,
  da.user_id,
  da.user_group_id,
  da.permissions,
  da.created,
  da.updated
  FROM dashboard_acl as da
  WHERE da.dashboard_id IN (
    SELECT id FROM dashboard where id = ?
    UNION
    SELECT parent_id from dashboard where id = ?
  ) AND org_id = ?`

	query.Result = make([]*m.DashboardAcl, 0)
	return x.SQL(rawSQL, query.DashboardId, query.DashboardId, query.OrgId).Find(&query.Result)
}

func GetDashboardAclInfoList(query *m.GetDashboardAclInfoListQuery) error {
	rawSQL := `SELECT
  da.id,
  da.org_id,
  da.dashboard_id,
  da.user_id,
  da.user_group_id,
  da.permissions,
  da.created,
  da.updated,
  u.login AS user_login,
  u.email AS user_email,
  ug.name AS user_group
  FROM` + dialect.Quote("dashboard_acl") + ` as da
  LEFT OUTER JOIN ` + dialect.Quote("user") + ` AS u ON u.id = da.user_id
  LEFT OUTER JOIN user_group ug on ug.id = da.user_group_id
  WHERE dashboard_id=?`

	query.Result = make([]*m.DashboardAclInfoDTO, 0)

	err := x.SQL(rawSQL, query.DashboardId).Find(&query.Result)

	for _, p := range query.Result {
		p.PermissionName = p.Permissions.String()
	}

	return err
}
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`package sqlstore`

			`import (`
			`"time"`

			`"github.com/grafana/grafana/pkg/bus"`
			`m "github.com/grafana/grafana/pkg/models"`
			`)`

			`func init() {`
refactoring renaming dashboard folder operations 2017-06-19 16:15:25 -05:00			`bus.AddHandler("sql", SetDashboardAcl)`
			`bus.AddHandler("sql", RemoveDashboardAcl)`
refactoring more renaming 2017-06-19 16:30:54 -05:00			`bus.AddHandler("sql", GetDashboardAclInfoList)`
refactoring dashboad folder acl checks 2017-06-19 10:54:37 -05:00			`bus.AddHandler("sql", GetInheritedDashboardAcl)`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`}`

refactoring renaming dashboard folder operations 2017-06-19 16:15:25 -05:00			`func SetDashboardAcl(cmd *m.SetDashboardAclCommand) error {`
WIP: fix after upstream sqlstore refactoring 2017-05-24 09:19:21 -05:00			`return inTransaction(func(sess *DBSession) error {`
WIP: remove permissions when deleting global user 2017-06-14 16:45:30 -05:00			`if cmd.UserId == 0 && cmd.UserGroupId == 0 {`
refactoring: renaming 2017-06-19 17:19:58 -05:00			`return m.ErrDashboardAclInfoMissing`
WIP: remove permissions when deleting global user 2017-06-14 16:45:30 -05:00			`}`

WIP: fix acl route 2017-06-19 17:34:25 -05:00			`if cmd.DashboardId == 0 {`
			`return m.ErrDashboardPermissionDashboardEmpty`
			`}`

WIP: get Dashboard Permissions The guardian class checks if the user is allowed to get the permissions for a dashboard. 2017-05-08 08:35:34 -05:00			`if res, err := sess.Query("SELECT 1 from "+dialect.Quote("dashboard_acl")+" WHERE dashboard_id =? and (user_group_id=? or user_id=?)", cmd.DashboardId, cmd.UserGroupId, cmd.UserId); err != nil {`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`return err`
			`} else if len(res) == 1 {`
			`entity := m.DashboardAcl{`
refactoring dashoard folder guardian 2017-06-17 17:24:38 -05:00			`Permissions: cmd.Permissions,`
WIP: get Dashboard Permissions The guardian class checks if the user is allowed to get the permissions for a dashboard. 2017-05-08 08:35:34 -05:00			`Updated: time.Now(),`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`}`
WIP: get Dashboard Permissions The guardian class checks if the user is allowed to get the permissions for a dashboard. 2017-05-08 08:35:34 -05:00			`if _, err := sess.Cols("updated", "permissions").Where("dashboard_id =? and (user_group_id=? or user_id=?)", cmd.DashboardId, cmd.UserGroupId, cmd.UserId).Update(&entity); err != nil {`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`return err`
			`}`

			`return nil`
			`}`

			`entity := m.DashboardAcl{`
			`OrgId: cmd.OrgId,`
			`UserGroupId: cmd.UserGroupId,`
			`UserId: cmd.UserId,`
			`Created: time.Now(),`
			`Updated: time.Now(),`
			`DashboardId: cmd.DashboardId,`
refactoring dashoard folder guardian 2017-06-17 17:24:38 -05:00			`Permissions: cmd.Permissions,`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`}`

			`cols := []string{"org_id", "created", "updated", "dashboard_id", "permissions"}`

			`if cmd.UserId != 0 {`
			`cols = append(cols, "user_id")`
			`}`

			`if cmd.UserGroupId != 0 {`
			`cols = append(cols, "user_group_id")`
			`}`

WIP: API - add dash permission 2017-06-09 14:56:13 -05:00			`entityId, err := sess.Cols(cols...).Insert(&entity)`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`if err != nil {`
			`return err`
			`}`
WIP: API - add dash permission 2017-06-09 14:56:13 -05:00			`cmd.Result = entity`
			`cmd.Result.Id = entityId`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00
WIP: API - add dash permission 2017-06-09 14:56:13 -05:00			`// Update dashboard HasAcl flag`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`dashboard := m.Dashboard{`
			`HasAcl: true,`
			`}`
refactoring dashoard folder guardian 2017-06-17 17:24:38 -05:00
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`if _, err := sess.Cols("has_acl").Where("id=? OR parent_id=?", cmd.DashboardId, cmd.DashboardId).Update(&dashboard); err != nil {`
			`return err`
			`}`

			`return nil`
			`})`
			`}`

refactoring renaming dashboard folder operations 2017-06-19 16:15:25 -05:00			`func RemoveDashboardAcl(cmd *m.RemoveDashboardAclCommand) error {`
WIP: fix after upstream sqlstore refactoring 2017-05-24 09:19:21 -05:00			`return inTransaction(func(sess *DBSession) error {`
folders: changed api urls for dashboard acls 2017-06-19 17:11:30 -05:00			`var rawSQL = "DELETE FROM " + dialect.Quote("dashboard_acl") + " WHERE org_id =? and id=?"`
			`_, err := sess.Exec(rawSQL, cmd.OrgId, cmd.AclId)`
WIP: Can remove dashboard permission - sql 2017-05-03 04:32:21 -05:00			`if err != nil {`
			`return err`
			`}`

			`return err`
			`})`
			`}`

refactoring dashboad folder acl checks 2017-06-19 10:54:37 -05:00			`func GetInheritedDashboardAcl(query *m.GetInheritedDashboardAclQuery) error {`
dashboard folders acl work 2017-06-19 10:03:54 -05:00			rawSQL := `SELECT
			`da.id,`
			`da.org_id,`
			`da.dashboard_id,`
			`da.user_id,`
			`da.user_group_id,`
			`da.permissions,`
			`da.created,`
refactoring dashboad folder acl checks 2017-06-19 10:54:37 -05:00			`da.updated`
			`FROM dashboard_acl as da`
			`WHERE da.dashboard_id IN (`
dashboard folders acl work 2017-06-19 10:03:54 -05:00			`SELECT id FROM dashboard where id = ?`
			`UNION`
			`SELECT parent_id from dashboard where id = ?`
refactoring dashboad folder acl checks 2017-06-19 10:54:37 -05:00			) AND org_id = ?`
dashboard folders acl work 2017-06-19 10:03:54 -05:00
			`query.Result = make([]*m.DashboardAcl, 0)`
refactoring dashboad folder acl checks 2017-06-19 10:54:37 -05:00			`return x.SQL(rawSQL, query.DashboardId, query.DashboardId, query.OrgId).Find(&query.Result)`
dashboard folders acl work 2017-06-19 10:03:54 -05:00			`}`

refactoring more renaming 2017-06-19 16:30:54 -05:00			`func GetDashboardAclInfoList(query *m.GetDashboardAclInfoListQuery) error {`
WIP: get Dashboard Permissions The guardian class checks if the user is allowed to get the permissions for a dashboard. 2017-05-08 08:35:34 -05:00			rawSQL := `SELECT
WIP: Permission Type as string in permission query 2017-06-08 03:39:17 -05:00			`da.id,`
			`da.org_id,`
			`da.dashboard_id,`
			`da.user_id,`
			`da.user_group_id,`
refactoring: Dashboard guardian 2017-06-16 20:25:24 -05:00			`da.permissions,`
WIP: Permission Type as string in permission query 2017-06-08 03:39:17 -05:00			`da.created,`
			`da.updated,`
WIP: get Dashboard Permissions The guardian class checks if the user is allowed to get the permissions for a dashboard. 2017-05-08 08:35:34 -05:00			`u.login AS user_login,`
			`u.email AS user_email,`
			`ug.name AS user_group`
			FROM` + dialect.Quote("dashboard_acl") + ` as da
			LEFT OUTER JOIN ` + dialect.Quote("user") + ` AS u ON u.id = da.user_id
			`LEFT OUTER JOIN user_group ug on ug.id = da.user_group_id`
			WHERE dashboard_id=?`

			`query.Result = make([]*m.DashboardAclInfoDTO, 0)`

			`err := x.SQL(rawSQL, query.DashboardId).Find(&query.Result)`

WIP: Permission Type as string in permission query 2017-06-08 03:39:17 -05:00			`for _, p := range query.Result {`
refactoring: Dashboard guardian 2017-06-16 20:25:24 -05:00			`p.PermissionName = p.Permissions.String()`
WIP: Permission Type as string in permission query 2017-06-08 03:39:17 -05:00			`}`

WIP: get Dashboard Permissions The guardian class checks if the user is allowed to get the permissions for a dashboard. 2017-05-08 08:35:34 -05:00			`return err`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 2017-04-28 14:22:53 -05:00			`}`