grafana/pkg/services/sqlstore/user.go

package sqlstore

import (
	"fmt"
	"strings"
	"time"

	"github.com/go-xorm/xorm"

	"github.com/grafana/grafana/pkg/bus"
	"github.com/grafana/grafana/pkg/events"
	m "github.com/grafana/grafana/pkg/models"
	"github.com/grafana/grafana/pkg/setting"
	"github.com/grafana/grafana/pkg/util"
)

func init() {
	bus.AddHandler("sql", CreateUser)
	bus.AddHandler("sql", GetUserById)
	bus.AddHandler("sql", UpdateUser)
	bus.AddHandler("sql", GetUserByLogin)
	bus.AddHandler("sql", SetUsingAccount)
	bus.AddHandler("sql", GetUserInfo)
	bus.AddHandler("sql", GetSignedInUser)
	bus.AddHandler("sql", SearchUsers)
	bus.AddHandler("sql", GetUserAccounts)
	bus.AddHandler("sql", DeleteUser)
}

func getAccountIdForNewUser(userEmail string, sess *session) (int64, error) {
	var account m.Account

	if setting.SingleAccountMode {
		has, err := sess.Where("name=?", setting.DefaultAccountName).Get(&account)
		if err != nil {
			return 0, err
		}
		if has {
			return account.Id, nil
		} else {
			account.Name = setting.DefaultAccountName
		}
	} else {
		account.Name = userEmail
	}

	account.Created = time.Now()
	account.Updated = time.Now()

	if _, err := sess.Insert(&account); err != nil {
		return 0, err
	}

	return account.Id, nil
}

func CreateUser(cmd *m.CreateUserCommand) error {
	return inTransaction2(func(sess *session) error {
		accountId, err := getAccountIdForNewUser(cmd.Email, sess)
		if err != nil {
			return err
		}

		// create user
		user := m.User{
			Email:     cmd.Email,
			Name:      cmd.Name,
			Login:     cmd.Login,
			Company:   cmd.Company,
			IsAdmin:   cmd.IsAdmin,
			AccountId: accountId,
			Created:   time.Now(),
			Updated:   time.Now(),
		}

		if len(cmd.Password) > 0 {
			user.Salt = util.GetRandomString(10)
			user.Rands = util.GetRandomString(10)
			user.Password = util.EncodePassword(cmd.Password, user.Salt)
		}

		sess.UseBool("is_admin")

		if _, err := sess.Insert(&user); err != nil {
			return err
		}

		// create account user link
		accountUser := m.AccountUser{
			AccountId: accountId,
			UserId:    user.Id,
			Role:      m.ROLE_ADMIN,
			Created:   time.Now(),
			Updated:   time.Now(),
		}

		if setting.SingleAccountMode && !user.IsAdmin {
			accountUser.Role = m.RoleType(setting.DefaultAccountRole)
		}

		if _, err = sess.Insert(&accountUser); err != nil {
			return err
		}

		sess.publishAfterCommit(&events.UserCreated{
			Timestamp: user.Created,
			Id:        user.Id,
			Name:      user.Name,
			Login:     user.Login,
			Email:     user.Email,
		})

		cmd.Result = user
		return nil
	})
}

func GetUserById(query *m.GetUserByIdQuery) error {
	user := new(m.User)
	has, err := x.Id(query.Id).Get(user)

	if err != nil {
		return err
	} else if has == false {
		return m.ErrUserNotFound
	}

	query.Result = user

	return nil
}

func GetUserByLogin(query *m.GetUserByLoginQuery) error {
	if query.LoginOrEmail == "" {
		return m.ErrUserNotFound
	}

	user := new(m.User)
	if strings.Contains(query.LoginOrEmail, "@") {
		user = &m.User{Email: query.LoginOrEmail}
	} else {
		user = &m.User{Login: strings.ToLower(query.LoginOrEmail)}
	}

	has, err := x.Get(user)

	if err != nil {
		return err
	} else if has == false {
		return m.ErrUserNotFound
	}

	query.Result = user

	return nil
}

func UpdateUser(cmd *m.UpdateUserCommand) error {
	return inTransaction2(func(sess *session) error {

		user := m.User{
			Name:    cmd.Name,
			Email:   cmd.Email,
			Login:   cmd.Login,
			Updated: time.Now(),
		}

		if _, err := sess.Id(cmd.UserId).Update(&user); err != nil {
			return err
		}

		sess.publishAfterCommit(&events.UserUpdated{
			Timestamp: user.Created,
			Id:        user.Id,
			Name:      user.Name,
			Login:     user.Login,
			Email:     user.Email,
		})

		return nil
	})
}

func SetUsingAccount(cmd *m.SetUsingAccountCommand) error {
	return inTransaction(func(sess *xorm.Session) error {
		user := m.User{}
		sess.Id(cmd.UserId).Get(&user)

		user.AccountId = cmd.AccountId
		_, err := sess.Id(user.Id).Update(&user)
		return err
	})
}

func GetUserInfo(query *m.GetUserInfoQuery) error {
	var user m.User
	has, err := x.Id(query.UserId).Get(&user)

	if err != nil {
		return err
	} else if has == false {
		return m.ErrUserNotFound
	}

	query.Result = m.UserDTO{
		Name:  user.Name,
		Email: user.Email,
		Login: user.Login,
	}

	return err
}

func GetUserAccounts(query *m.GetUserAccountsQuery) error {
	query.Result = make([]*m.UserAccountDTO, 0)
	sess := x.Table("account_user")
	sess.Join("INNER", "account", "account_user.account_id=account.id")
	sess.Where("account_user.user_id=?", query.UserId)
	sess.Cols("account.name", "account_user.role", "account_user.account_id")
	err := sess.Find(&query.Result)
	return err
}

func GetSignedInUser(query *m.GetSignedInUserQuery) error {
	var rawSql = `SELECT
	                u.id           as user_id,
	                u.is_admin     as is_grafana_admin,
	                u.email        as email,
	                u.login        as login,
									u.name         as name,
	                account.name      as account_name,
	                account_user.role as account_role,
	                account.id        as account_id
	                FROM ` + dialect.Quote("user") + ` as u
									LEFT OUTER JOIN account_user on account_user.account_id = u.account_id and account_user.user_id = u.id
	                LEFT OUTER JOIN account on account.id = u.account_id
	                WHERE u.id=?`

	var user m.SignedInUser
	sess := x.Table("user")
	has, err := sess.Sql(rawSql, query.UserId).Get(&user)
	if err != nil {
		return err
	} else if !has {
		return m.ErrUserNotFound
	}

	query.Result = &user
	return err
}

func SearchUsers(query *m.SearchUsersQuery) error {
	query.Result = make([]*m.UserSearchHitDTO, 0)
	sess := x.Table("user")
	sess.Where("email LIKE ?", query.Query+"%")
	sess.Limit(query.Limit, query.Limit*query.Page)
	sess.Cols("id", "email", "name", "login", "is_admin")
	err := sess.Find(&query.Result)
	return err
}

func DeleteUser(cmd *m.DeleteUserCommand) error {
	return inTransaction(func(sess *xorm.Session) error {
		var rawSql = fmt.Sprintf("DELETE FROM %s WHERE id=?", x.Dialect().Quote("user"))
		_, err := sess.Exec(rawSql, cmd.UserId)
		return err
	})
}
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00			`package sqlstore`

			`import (`
Added delete user action to user admin api, and made it work in UI, Closes #1466, #1446 2015-02-11 09:47:22 -06:00			`"fmt"`
User / Account model split, User and account now seperate entities, collaborators are now AccountUsers 2015-01-19 11:01:04 -06:00			`"strings"`
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00			`"time"`

			`"github.com/go-xorm/xorm"`

Changed go package path 2015-02-05 03:37:13 -06:00			`"github.com/grafana/grafana/pkg/bus"`
			`"github.com/grafana/grafana/pkg/events"`
			`m "github.com/grafana/grafana/pkg/models"`
			`"github.com/grafana/grafana/pkg/setting"`
			`"github.com/grafana/grafana/pkg/util"`
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00			`)`

			`func init() {`
			`bus.AddHandler("sql", CreateUser)`
Worked on user admin features, can now create and edit users as a grafana admin user, #1446 2015-02-10 08:36:51 -06:00			`bus.AddHandler("sql", GetUserById)`
Fixes for update user and add token 2015-01-19 11:57:51 -06:00			`bus.AddHandler("sql", UpdateUser)`
User / Account model split, User and account now seperate entities, collaborators are now AccountUsers 2015-01-19 11:01:04 -06:00			`bus.AddHandler("sql", GetUserByLogin)`
			`bus.AddHandler("sql", SetUsingAccount)`
			`bus.AddHandler("sql", GetUserInfo)`
			`bus.AddHandler("sql", GetSignedInUser)`
			`bus.AddHandler("sql", SearchUsers)`
			`bus.AddHandler("sql", GetUserAccounts)`
Added delete user action to user admin api, and made it work in UI, Closes #1466, #1446 2015-02-11 09:47:22 -06:00			`bus.AddHandler("sql", DeleteUser)`
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00			`}`

More work on events, still have to convert pascal case event type name to rabbitmq dot notation, but after that should be done 2015-02-04 10:15:05 -06:00			`func getAccountIdForNewUser(userEmail string, sess *session) (int64, error) {`
Worked on ease of use for non multi tenant scenarios, Closes #20 2015-01-27 08:14:53 -06:00			`var account m.Account`
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00
Worked on ease of use for non multi tenant scenarios, Closes #20 2015-01-27 08:14:53 -06:00			`if setting.SingleAccountMode {`
			`has, err := sess.Where("name=?", setting.DefaultAccountName).Get(&account)`
			`if err != nil {`
			`return 0, err`
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00			`}`
Worked on ease of use for non multi tenant scenarios, Closes #20 2015-01-27 08:14:53 -06:00			`if has {`
			`return account.Id, nil`
			`} else {`
			`account.Name = setting.DefaultAccountName`
			`}`
			`} else {`
			`account.Name = userEmail`
			`}`

			`account.Created = time.Now()`
			`account.Updated = time.Now()`
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00
Worked on ease of use for non multi tenant scenarios, Closes #20 2015-01-27 08:14:53 -06:00			`if _, err := sess.Insert(&account); err != nil {`
			`return 0, err`
			`}`

			`return account.Id, nil`
			`}`

			`func CreateUser(cmd *m.CreateUserCommand) error {`
More work on events, still have to convert pascal case event type name to rabbitmq dot notation, but after that should be done 2015-02-04 10:15:05 -06:00			`return inTransaction2(func(sess *session) error {`
Worked on ease of use for non multi tenant scenarios, Closes #20 2015-01-27 08:14:53 -06:00			`accountId, err := getAccountIdForNewUser(cmd.Email, sess)`
			`if err != nil {`
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00			`return err`
			`}`

			`// create user`
			`user := m.User{`
			`Email: cmd.Email,`
User / Account model split, User and account now seperate entities, collaborators are now AccountUsers 2015-01-19 11:01:04 -06:00			`Name: cmd.Name,`
			`Login: cmd.Login,`
			`Company: cmd.Company,`
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00			`IsAdmin: cmd.IsAdmin,`
Worked on ease of use for non multi tenant scenarios, Closes #20 2015-01-27 08:14:53 -06:00			`AccountId: accountId,`
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00			`Created: time.Now(),`
			`Updated: time.Now(),`
			`}`

Worked on search filter flag IsStarred, and updated frontend with new dashboard list panel 2015-02-04 04:35:59 -06:00			`if len(cmd.Password) > 0 {`
			`user.Salt = util.GetRandomString(10)`
			`user.Rands = util.GetRandomString(10)`
			`user.Password = util.EncodePassword(cmd.Password, user.Salt)`
			`}`
Worked on ease of use for non multi tenant scenarios, Closes #20 2015-01-27 08:14:53 -06:00
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00			`sess.UseBool("is_admin")`
Worked on ease of use for non multi tenant scenarios, Closes #20 2015-01-27 08:14:53 -06:00
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00			`if _, err := sess.Insert(&user); err != nil {`
			`return err`
			`}`

			`// create account user link`
Worked on ease of use for non multi tenant scenarios, Closes #20 2015-01-27 08:14:53 -06:00			`accountUser := m.AccountUser{`
			`AccountId: accountId,`
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00			`UserId: user.Id,`
			`Role: m.ROLE_ADMIN,`
			`Created: time.Now(),`
			`Updated: time.Now(),`
Worked on ease of use for non multi tenant scenarios, Closes #20 2015-01-27 08:14:53 -06:00			`}`

Fixed bug in user creation and admin role 2015-02-05 03:50:18 -06:00			`if setting.SingleAccountMode && !user.IsAdmin {`
Worked on ease of use for non multi tenant scenarios, Closes #20 2015-01-27 08:14:53 -06:00			`accountUser.Role = m.RoleType(setting.DefaultAccountRole)`
			`}`

More work on events, still have to convert pascal case event type name to rabbitmq dot notation, but after that should be done 2015-02-04 10:15:05 -06:00			`if _, err = sess.Insert(&accountUser); err != nil {`
			`return err`
			`}`
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00
More work on events, still have to convert pascal case event type name to rabbitmq dot notation, but after that should be done 2015-02-04 10:15:05 -06:00			`sess.publishAfterCommit(&events.UserCreated{`
Add inital implementation of Notification events. If notifications are enabled in the config, Adds a eventHandler accepting Notification{} payloads to the internal Bus. The eventHandler then marshals the payload into json and sends it to a rabbitmq topic exchange using the Notification.Priority+Noticiation.EventType as the routing key. eg. INFO.account.created Currently, notifications are only being emitted for INFO.account.created INFO.account.updated INFO.user.created INFO.user.updated 2015-02-03 09:57:42 -06:00			`Timestamp: user.Created,`
More work on events, still have to convert pascal case event type name to rabbitmq dot notation, but after that should be done 2015-02-04 10:15:05 -06:00			`Id: user.Id,`
			`Name: user.Name,`
			`Login: user.Login,`
			`Email: user.Email,`
Add inital implementation of Notification events. If notifications are enabled in the config, Adds a eventHandler accepting Notification{} payloads to the internal Bus. The eventHandler then marshals the payload into json and sends it to a rabbitmq topic exchange using the Notification.Priority+Noticiation.EventType as the routing key. eg. INFO.account.created Currently, notifications are only being emitted for INFO.account.created INFO.account.updated INFO.user.created INFO.user.updated 2015-02-03 09:57:42 -06:00			`})`
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00
			`cmd.Result = user`
More work on events, still have to convert pascal case event type name to rabbitmq dot notation, but after that should be done 2015-02-04 10:15:05 -06:00			`return nil`
Initial work on seperation between user and account 2015-01-19 09:28:45 -06:00			`})`
			`}`
User / Account model split, User and account now seperate entities, collaborators are now AccountUsers 2015-01-19 11:01:04 -06:00
Worked on user admin features, can now create and edit users as a grafana admin user, #1446 2015-02-10 08:36:51 -06:00			`func GetUserById(query *m.GetUserByIdQuery) error {`
			`user := new(m.User)`
			`has, err := x.Id(query.Id).Get(user)`

			`if err != nil {`
			`return err`
			`} else if has == false {`
			`return m.ErrUserNotFound`
			`}`

			`query.Result = user`

			`return nil`
			`}`

User / Account model split, User and account now seperate entities, collaborators are now AccountUsers 2015-01-19 11:01:04 -06:00			`func GetUserByLogin(query *m.GetUserByLoginQuery) error {`
			`if query.LoginOrEmail == "" {`
Worked on user admin features, can now create and edit users as a grafana admin user, #1446 2015-02-10 08:36:51 -06:00			`return m.ErrUserNotFound`
User / Account model split, User and account now seperate entities, collaborators are now AccountUsers 2015-01-19 11:01:04 -06:00			`}`

			`user := new(m.User)`
			`if strings.Contains(query.LoginOrEmail, "@") {`
			`user = &m.User{Email: query.LoginOrEmail}`
			`} else {`
			`user = &m.User{Login: strings.ToLower(query.LoginOrEmail)}`
			`}`

			`has, err := x.Get(user)`

			`if err != nil {`
			`return err`
			`} else if has == false {`
			`return m.ErrUserNotFound`
			`}`

			`query.Result = user`

			`return nil`
			`}`

Fixes for update user and add token 2015-01-19 11:57:51 -06:00			`func UpdateUser(cmd *m.UpdateUserCommand) error {`
More work on events, still have to convert pascal case event type name to rabbitmq dot notation, but after that should be done 2015-02-04 10:15:05 -06:00			`return inTransaction2(func(sess *session) error {`
Fixes for update user and add token 2015-01-19 11:57:51 -06:00
			`user := m.User{`
			`Name: cmd.Name,`
			`Email: cmd.Email,`
			`Login: cmd.Login,`
			`Updated: time.Now(),`
			`}`

More work on events, still have to convert pascal case event type name to rabbitmq dot notation, but after that should be done 2015-02-04 10:15:05 -06:00			`if _, err := sess.Id(cmd.UserId).Update(&user); err != nil {`
			`return err`
Add inital implementation of Notification events. If notifications are enabled in the config, Adds a eventHandler accepting Notification{} payloads to the internal Bus. The eventHandler then marshals the payload into json and sends it to a rabbitmq topic exchange using the Notification.Priority+Noticiation.EventType as the routing key. eg. INFO.account.created Currently, notifications are only being emitted for INFO.account.created INFO.account.updated INFO.user.created INFO.user.updated 2015-02-03 09:57:42 -06:00			`}`
More work on events, still have to convert pascal case event type name to rabbitmq dot notation, but after that should be done 2015-02-04 10:15:05 -06:00
			`sess.publishAfterCommit(&events.UserUpdated{`
			`Timestamp: user.Created,`
			`Id: user.Id,`
			`Name: user.Name,`
			`Login: user.Login,`
			`Email: user.Email,`
			`})`

			`return nil`
Fixes for update user and add token 2015-01-19 11:57:51 -06:00			`})`
			`}`

User / Account model split, User and account now seperate entities, collaborators are now AccountUsers 2015-01-19 11:01:04 -06:00			`func SetUsingAccount(cmd *m.SetUsingAccountCommand) error {`
			`return inTransaction(func(sess *xorm.Session) error {`
			`user := m.User{}`
			`sess.Id(cmd.UserId).Get(&user)`

			`user.AccountId = cmd.AccountId`
			`_, err := sess.Id(user.Id).Update(&user)`
			`return err`
			`})`
			`}`

			`func GetUserInfo(query *m.GetUserInfoQuery) error {`
			`var user m.User`
			`has, err := x.Id(query.UserId).Get(&user)`

			`if err != nil {`
			`return err`
			`} else if has == false {`
			`return m.ErrUserNotFound`
			`}`

			`query.Result = m.UserDTO{`
			`Name: user.Name,`
			`Email: user.Email,`
			`Login: user.Login,`
			`}`

			`return err`
			`}`

			`func GetUserAccounts(query *m.GetUserAccountsQuery) error {`
			`query.Result = make([]*m.UserAccountDTO, 0)`
			`sess := x.Table("account_user")`
			`sess.Join("INNER", "account", "account_user.account_id=account.id")`
			`sess.Where("account_user.user_id=?", query.UserId)`
			`sess.Cols("account.name", "account_user.role", "account_user.account_id")`
			`err := sess.Find(&query.Result)`
			`return err`
			`}`

			`func GetSignedInUser(query *m.GetSignedInUserQuery) error {`
			var rawSql = `SELECT
a lot of work on database schema and migration setup, postgres now works, every integration test passes for all database types, only token table left to do 2015-01-20 07:15:48 -06:00			`u.id as user_id,`
			`u.is_admin as is_grafana_admin,`
			`u.email as email,`
			`u.login as login,`
			`u.name as name,`
User / Account model split, User and account now seperate entities, collaborators are now AccountUsers 2015-01-19 11:01:04 -06:00			`account.name as account_name,`
			`account_user.role as account_role,`
			`account.id as account_id`
a lot of work on database schema and migration setup, postgres now works, every integration test passes for all database types, only token table left to do 2015-01-20 07:15:48 -06:00			FROM ` + dialect.Quote("user") + ` as u
			`LEFT OUTER JOIN account_user on account_user.account_id = u.account_id and account_user.user_id = u.id`
			`LEFT OUTER JOIN account on account.id = u.account_id`
			WHERE u.id=?`
User / Account model split, User and account now seperate entities, collaborators are now AccountUsers 2015-01-19 11:01:04 -06:00
			`var user m.SignedInUser`
			`sess := x.Table("user")`
			`has, err := sess.Sql(rawSql, query.UserId).Get(&user)`
			`if err != nil {`
			`return err`
			`} else if !has {`
			`return m.ErrUserNotFound`
			`}`

			`query.Result = &user`
			`return err`
			`}`

			`func SearchUsers(query *m.SearchUsersQuery) error {`
			`query.Result = make([]*m.UserSearchHitDTO, 0)`
			`sess := x.Table("user")`
			`sess.Where("email LIKE ?", query.Query+"%")`
			`sess.Limit(query.Limit, query.Limit*query.Page)`
			`sess.Cols("id", "email", "name", "login", "is_admin")`
			`err := sess.Find(&query.Result)`
			`return err`
			`}`
Added delete user action to user admin api, and made it work in UI, Closes #1466, #1446 2015-02-11 09:47:22 -06:00
			`func DeleteUser(cmd *m.DeleteUserCommand) error {`
			`return inTransaction(func(sess *xorm.Session) error {`
			`var rawSql = fmt.Sprintf("DELETE FROM %s WHERE id=?", x.Dialect().Quote("user"))`
			`_, err := sess.Exec(rawSql, cmd.UserId)`
			`return err`
			`})`
			`}`