2015-01-19 09:28:45 -06:00
|
|
|
package sqlstore
|
|
|
|
|
|
|
|
|
|
import (
|
2022-09-22 12:16:21 -05:00
|
|
|
"bytes"
|
2018-06-07 11:17:01 -05:00
|
|
|
"context"
|
2019-04-23 03:24:47 -05:00
|
|
|
"fmt"
|
2020-04-06 06:27:11 -05:00
|
|
|
"sort"
|
2017-04-14 08:47:39 -05:00
|
|
|
"strconv"
|
2015-01-19 11:01:04 -06:00
|
|
|
"strings"
|
2015-01-19 09:28:45 -06:00
|
|
|
|
2015-02-05 03:37:13 -06:00
|
|
|
"github.com/grafana/grafana/pkg/events"
|
2019-06-14 03:50:38 -05:00
|
|
|
"github.com/grafana/grafana/pkg/models"
|
2022-03-16 04:43:44 -05:00
|
|
|
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
|
2022-08-10 04:56:48 -05:00
|
|
|
"github.com/grafana/grafana/pkg/services/org"
|
2022-06-28 07:32:25 -05:00
|
|
|
"github.com/grafana/grafana/pkg/services/user"
|
2015-02-05 03:37:13 -06:00
|
|
|
"github.com/grafana/grafana/pkg/util"
|
2015-01-19 09:28:45 -06:00
|
|
|
)
|
|
|
|
|
|
2022-06-28 07:32:25 -05:00
|
|
|
func (ss *SQLStore) getOrgIDForNewUser(sess *DBSession, args user.CreateUserCommand) (int64, error) {
|
|
|
|
|
if ss.Cfg.AutoAssignOrg && args.OrgID != 0 {
|
|
|
|
|
if err := verifyExistingOrg(sess, args.OrgID); err != nil {
|
2020-04-15 04:11:45 -05:00
|
|
|
return -1, err
|
|
|
|
|
}
|
2022-06-28 07:32:25 -05:00
|
|
|
return args.OrgID, nil
|
2021-01-07 04:36:13 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
orgName := args.OrgName
|
|
|
|
|
if orgName == "" {
|
|
|
|
|
orgName = util.StringsFallback2(args.Email, args.Login)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ss.getOrCreateOrg(sess, orgName)
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-10 10:28:41 -06:00
|
|
|
// createUser creates a user in the database
|
2022-07-07 07:50:38 -05:00
|
|
|
// if autoAssignOrg is enabled then args.OrgID will be used
|
|
|
|
|
// to add to an existing Org with id=args.OrgID
|
|
|
|
|
// if autoAssignOrg is disabled then args.OrgName will be used
|
|
|
|
|
// to create a new Org with name=args.OrgName.
|
|
|
|
|
// If a org already exists with that name, it will error
|
2022-06-28 07:32:25 -05:00
|
|
|
func (ss *SQLStore) createUser(ctx context.Context, sess *DBSession, args user.CreateUserCommand) (user.User, error) {
|
|
|
|
|
var usr user.User
|
2021-03-18 08:27:59 -05:00
|
|
|
var orgID int64 = -1
|
2022-06-07 08:49:18 -05:00
|
|
|
if !args.SkipOrgSetup {
|
2021-03-18 08:27:59 -05:00
|
|
|
var err error
|
|
|
|
|
orgID, err = ss.getOrgIDForNewUser(sess, args)
|
2021-01-07 04:36:13 -06:00
|
|
|
if err != nil {
|
2022-06-28 07:32:25 -05:00
|
|
|
return usr, err
|
2021-01-07 04:36:13 -06:00
|
|
|
}
|
2021-03-18 08:27:59 -05:00
|
|
|
}
|
2021-01-07 04:36:13 -06:00
|
|
|
|
2021-03-18 08:27:59 -05:00
|
|
|
if args.Email == "" {
|
|
|
|
|
args.Email = args.Login
|
|
|
|
|
}
|
2021-01-07 04:36:13 -06:00
|
|
|
|
2022-06-24 09:59:45 -05:00
|
|
|
where := "email=? OR login=?"
|
|
|
|
|
if ss.Cfg.CaseInsensitiveLogin {
|
|
|
|
|
where = "LOWER(email)=LOWER(?) OR LOWER(login)=LOWER(?)"
|
|
|
|
|
args.Login = strings.ToLower(args.Login)
|
|
|
|
|
args.Email = strings.ToLower(args.Email)
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-28 07:32:25 -05:00
|
|
|
exists, err := sess.Where(where, args.Email, args.Login).Get(&user.User{})
|
2021-03-18 08:27:59 -05:00
|
|
|
if err != nil {
|
2022-06-28 07:32:25 -05:00
|
|
|
return usr, err
|
2021-03-18 08:27:59 -05:00
|
|
|
}
|
|
|
|
|
if exists {
|
2022-07-20 07:50:06 -05:00
|
|
|
return usr, user.ErrUserAlreadyExists
|
2021-03-18 08:27:59 -05:00
|
|
|
}
|
2021-01-07 04:36:13 -06:00
|
|
|
|
2021-03-18 08:27:59 -05:00
|
|
|
// create user
|
2022-06-28 07:32:25 -05:00
|
|
|
usr = user.User{
|
2022-02-18 06:08:00 -06:00
|
|
|
Email: args.Email,
|
|
|
|
|
Name: args.Name,
|
|
|
|
|
Login: args.Login,
|
|
|
|
|
Company: args.Company,
|
|
|
|
|
IsAdmin: args.IsAdmin,
|
|
|
|
|
IsDisabled: args.IsDisabled,
|
2022-06-28 07:32:25 -05:00
|
|
|
OrgID: orgID,
|
2022-02-18 06:08:00 -06:00
|
|
|
EmailVerified: args.EmailVerified,
|
2022-09-09 11:43:14 -05:00
|
|
|
Created: TimeNow(),
|
|
|
|
|
Updated: TimeNow(),
|
|
|
|
|
LastSeenAt: TimeNow().AddDate(-10, 0, 0),
|
2022-06-07 08:49:18 -05:00
|
|
|
IsServiceAccount: args.IsServiceAccount,
|
2021-03-18 08:27:59 -05:00
|
|
|
}
|
2021-01-07 04:36:13 -06:00
|
|
|
|
2021-03-18 08:27:59 -05:00
|
|
|
salt, err := util.GetRandomString(10)
|
|
|
|
|
if err != nil {
|
2022-06-28 07:32:25 -05:00
|
|
|
return usr, err
|
2021-03-18 08:27:59 -05:00
|
|
|
}
|
2022-06-28 07:32:25 -05:00
|
|
|
usr.Salt = salt
|
2021-03-18 08:27:59 -05:00
|
|
|
rands, err := util.GetRandomString(10)
|
|
|
|
|
if err != nil {
|
2022-06-28 07:32:25 -05:00
|
|
|
return usr, err
|
2021-03-18 08:27:59 -05:00
|
|
|
}
|
2022-06-28 07:32:25 -05:00
|
|
|
usr.Rands = rands
|
2021-01-07 04:36:13 -06:00
|
|
|
|
2021-03-18 08:27:59 -05:00
|
|
|
if len(args.Password) > 0 {
|
2022-06-28 07:32:25 -05:00
|
|
|
encodedPassword, err := util.EncodePassword(args.Password, usr.Salt)
|
2021-03-18 08:27:59 -05:00
|
|
|
if err != nil {
|
2022-06-28 07:32:25 -05:00
|
|
|
return usr, err
|
2021-01-07 04:36:13 -06:00
|
|
|
}
|
2022-06-28 07:32:25 -05:00
|
|
|
usr.Password = encodedPassword
|
2021-03-18 08:27:59 -05:00
|
|
|
}
|
2021-01-07 04:36:13 -06:00
|
|
|
|
2021-03-18 08:27:59 -05:00
|
|
|
sess.UseBool("is_admin")
|
2021-01-07 04:36:13 -06:00
|
|
|
|
2022-06-28 07:32:25 -05:00
|
|
|
if _, err := sess.Insert(&usr); err != nil {
|
|
|
|
|
return usr, err
|
2021-03-18 08:27:59 -05:00
|
|
|
}
|
2021-01-07 04:36:13 -06:00
|
|
|
|
2021-03-18 08:27:59 -05:00
|
|
|
sess.publishAfterCommit(&events.UserCreated{
|
2022-06-28 07:32:25 -05:00
|
|
|
Timestamp: usr.Created,
|
|
|
|
|
Id: usr.ID,
|
|
|
|
|
Name: usr.Name,
|
|
|
|
|
Login: usr.Login,
|
|
|
|
|
Email: usr.Email,
|
2021-03-18 08:27:59 -05:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// create org user link
|
2022-06-07 08:49:18 -05:00
|
|
|
if !args.SkipOrgSetup {
|
2021-03-18 08:27:59 -05:00
|
|
|
orgUser := models.OrgUser{
|
|
|
|
|
OrgId: orgID,
|
2022-06-28 07:32:25 -05:00
|
|
|
UserId: usr.ID,
|
2022-08-10 04:56:48 -05:00
|
|
|
Role: org.RoleAdmin,
|
2022-09-09 11:43:14 -05:00
|
|
|
Created: TimeNow(),
|
|
|
|
|
Updated: TimeNow(),
|
2021-03-18 08:27:59 -05:00
|
|
|
}
|
|
|
|
|
|
2022-06-28 07:32:25 -05:00
|
|
|
if ss.Cfg.AutoAssignOrg && !usr.IsAdmin {
|
2021-03-18 08:27:59 -05:00
|
|
|
if len(args.DefaultOrgRole) > 0 {
|
2022-08-10 04:56:48 -05:00
|
|
|
orgUser.Role = org.RoleType(args.DefaultOrgRole)
|
2021-03-18 08:27:59 -05:00
|
|
|
} else {
|
2022-08-10 04:56:48 -05:00
|
|
|
orgUser.Role = org.RoleType(ss.Cfg.AutoAssignOrgRole)
|
2021-01-07 04:36:13 -06:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-18 08:27:59 -05:00
|
|
|
if _, err = sess.Insert(&orgUser); err != nil {
|
2022-06-28 07:32:25 -05:00
|
|
|
return usr, err
|
2021-03-18 08:27:59 -05:00
|
|
|
}
|
2021-01-07 04:36:13 -06:00
|
|
|
}
|
|
|
|
|
|
2022-06-28 07:32:25 -05:00
|
|
|
return usr, nil
|
2021-01-07 04:36:13 -06:00
|
|
|
}
|
|
|
|
|
|
2022-09-12 05:03:49 -05:00
|
|
|
// deprecated method, use only for tests
|
2022-06-28 07:32:25 -05:00
|
|
|
func (ss *SQLStore) CreateUser(ctx context.Context, cmd user.CreateUserCommand) (*user.User, error) {
|
|
|
|
|
var user user.User
|
2022-06-07 08:49:18 -05:00
|
|
|
createErr := ss.WithTransactionalDbSession(ctx, func(sess *DBSession) (err error) {
|
|
|
|
|
user, err = ss.createUser(ctx, sess, cmd)
|
|
|
|
|
return
|
2018-06-15 14:57:13 -05:00
|
|
|
})
|
2022-06-07 08:49:18 -05:00
|
|
|
return &user, createErr
|
2018-06-07 11:17:01 -05:00
|
|
|
}
|
|
|
|
|
|
2022-09-29 07:26:24 -05:00
|
|
|
func NotServiceAccountFilter(ss *SQLStore) string {
|
2022-03-14 12:24:07 -05:00
|
|
|
return fmt.Sprintf("%s.is_service_account = %s",
|
|
|
|
|
ss.Dialect.Quote("user"),
|
|
|
|
|
ss.Dialect.BooleanStr(false))
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-13 11:01:50 -05:00
|
|
|
func setUsingOrgInTransaction(sess *DBSession, userID int64, orgID int64) error {
|
2022-06-28 07:32:25 -05:00
|
|
|
user := user.User{
|
|
|
|
|
ID: userID,
|
|
|
|
|
OrgID: orgID,
|
2018-06-13 11:01:50 -05:00
|
|
|
}
|
|
|
|
|
|
2018-09-16 05:37:08 -05:00
|
|
|
_, err := sess.ID(userID).Update(&user)
|
2018-06-13 11:01:50 -05:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-06 06:27:11 -05:00
|
|
|
type byOrgName []*models.UserOrgDTO
|
|
|
|
|
|
|
|
|
|
// Len returns the length of an array of organisations.
|
|
|
|
|
func (o byOrgName) Len() int {
|
|
|
|
|
return len(o)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Swap swaps two indices of an array of organizations.
|
|
|
|
|
func (o byOrgName) Swap(i, j int) {
|
|
|
|
|
o[i], o[j] = o[j], o[i]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Less returns whether element i of an array of organizations is less than element j.
|
|
|
|
|
func (o byOrgName) Less(i, j int) bool {
|
|
|
|
|
if strings.ToLower(o[i].Name) < strings.ToLower(o[j].Name) {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return o[i].Name < o[j].Name
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-26 13:24:05 -06:00
|
|
|
func (ss *SQLStore) GetUserOrgList(ctx context.Context, query *models.GetUserOrgListQuery) error {
|
2022-03-18 03:15:23 -05:00
|
|
|
return ss.WithDbSession(ctx, func(dbSess *DBSession) error {
|
|
|
|
|
query.Result = make([]*models.UserOrgDTO, 0)
|
|
|
|
|
sess := dbSess.Table("org_user")
|
|
|
|
|
sess.Join("INNER", "org", "org_user.org_id=org.id")
|
2022-04-18 14:19:01 -05:00
|
|
|
sess.Join("INNER", ss.Dialect.Quote("user"), fmt.Sprintf("org_user.user_id=%s.id", ss.Dialect.Quote("user")))
|
2022-03-18 03:15:23 -05:00
|
|
|
sess.Where("org_user.user_id=?", query.UserId)
|
2022-09-29 07:26:24 -05:00
|
|
|
sess.Where(NotServiceAccountFilter(ss))
|
2022-03-18 03:15:23 -05:00
|
|
|
sess.Cols("org.name", "org_user.role", "org_user.org_id")
|
|
|
|
|
sess.OrderBy("org.name")
|
|
|
|
|
err := sess.Find(&query.Result)
|
|
|
|
|
sort.Sort(byOrgName(query.Result))
|
|
|
|
|
return err
|
|
|
|
|
})
|
2015-01-19 11:01:04 -06:00
|
|
|
}
|
|
|
|
|
|
2022-09-22 12:16:21 -05:00
|
|
|
// GetTeamsByUser is used by the Guardian when checking a users' permissions
|
|
|
|
|
// TODO: use team.Service after user service is split
|
|
|
|
|
func (ss *SQLStore) GetTeamsByUser(ctx context.Context, query *models.GetTeamsByUserQuery) error {
|
|
|
|
|
return ss.WithDbSession(ctx, func(sess *DBSession) error {
|
|
|
|
|
query.Result = make([]*models.TeamDTO, 0)
|
|
|
|
|
|
|
|
|
|
var sql bytes.Buffer
|
|
|
|
|
var params []interface{}
|
|
|
|
|
params = append(params, query.OrgId, query.UserId)
|
|
|
|
|
|
|
|
|
|
sql.WriteString(getTeamSelectSQLBase([]string{}))
|
|
|
|
|
sql.WriteString(` INNER JOIN team_member on team.id = team_member.team_id`)
|
|
|
|
|
sql.WriteString(` WHERE team.org_id = ? and team_member.user_id = ?`)
|
|
|
|
|
|
|
|
|
|
if !ac.IsDisabled(ss.Cfg) {
|
|
|
|
|
acFilter, err := ac.Filter(query.SignedInUser, "team.id", "teams:id:", ac.ActionTeamsRead)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
sql.WriteString(` and` + acFilter.Where)
|
|
|
|
|
params = append(params, acFilter.Args...)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err := sess.SQL(sql.String(), params...).Find(&query.Result)
|
|
|
|
|
return err
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getTeamMemberCount(filteredUsers []string) string {
|
|
|
|
|
if len(filteredUsers) > 0 {
|
|
|
|
|
return `(SELECT COUNT(*) FROM team_member
|
|
|
|
|
INNER JOIN ` + dialect.Quote("user") + ` ON team_member.user_id = ` + dialect.Quote("user") + `.id
|
|
|
|
|
WHERE team_member.team_id = team.id AND ` + dialect.Quote("user") + `.login NOT IN (?` +
|
|
|
|
|
strings.Repeat(",?", len(filteredUsers)-1) + ")" +
|
|
|
|
|
`) AS member_count `
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return "(SELECT COUNT(*) FROM team_member WHERE team_member.team_id = team.id) AS member_count "
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getTeamSelectSQLBase(filteredUsers []string) string {
|
|
|
|
|
return `SELECT
|
|
|
|
|
team.id as id,
|
|
|
|
|
team.org_id,
|
|
|
|
|
team.name as name,
|
|
|
|
|
team.email as email, ` +
|
|
|
|
|
getTeamMemberCount(filteredUsers) +
|
|
|
|
|
` FROM team as team `
|
|
|
|
|
}
|
|
|
|
|
|
2022-09-29 07:26:24 -05:00
|
|
|
func (ss *SQLStore) DeleteUserInSession(ctx context.Context, sess *DBSession, cmd *models.DeleteUserCommand) error {
|
|
|
|
|
return deleteUserInTransaction(ss, sess, cmd)
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-14 12:24:07 -05:00
|
|
|
func deleteUserInTransaction(ss *SQLStore, sess *DBSession, cmd *models.DeleteUserCommand) error {
|
2020-09-22 09:22:19 -05:00
|
|
|
// Check if user exists
|
2022-07-20 07:50:06 -05:00
|
|
|
usr := user.User{ID: cmd.UserId}
|
2022-09-29 07:26:24 -05:00
|
|
|
has, err := sess.Where(NotServiceAccountFilter(ss)).Get(&usr)
|
2020-01-10 04:43:44 -06:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if !has {
|
2022-07-20 07:50:06 -05:00
|
|
|
return user.ErrUserNotFound
|
2020-01-10 04:43:44 -06:00
|
|
|
}
|
2022-03-14 12:24:07 -05:00
|
|
|
for _, sql := range UserDeletions() {
|
2021-11-11 09:10:24 -06:00
|
|
|
_, err := sess.Exec(sql, cmd.UserId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-03-16 04:43:44 -05:00
|
|
|
|
|
|
|
|
return deleteUserAccessControl(sess, cmd.UserId)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func deleteUserAccessControl(sess *DBSession, userID int64) error {
|
|
|
|
|
// Delete user role assignments
|
|
|
|
|
if _, err := sess.Exec("DELETE FROM user_role WHERE user_id = ?", userID); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Delete permissions that are scoped to user
|
|
|
|
|
if _, err := sess.Exec("DELETE FROM permission WHERE scope = ?", ac.Scope("users", "id", strconv.FormatInt(userID, 10))); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var roleIDs []int64
|
|
|
|
|
if err := sess.SQL("SELECT id FROM role WHERE name = ?", ac.ManagedUserRoleName(userID)).Find(&roleIDs); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(roleIDs) == 0 {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
query := "DELETE FROM permission WHERE role_id IN(? " + strings.Repeat(",?", len(roleIDs)-1) + ")"
|
|
|
|
|
args := make([]interface{}, 0, len(roleIDs)+1)
|
|
|
|
|
args = append(args, query)
|
|
|
|
|
for _, id := range roleIDs {
|
|
|
|
|
args = append(args, id)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Delete managed user permissions
|
|
|
|
|
if _, err := sess.Exec(args...); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Delete managed user roles
|
|
|
|
|
if _, err := sess.Exec("DELETE FROM role WHERE name = ?", ac.ManagedUserRoleName(userID)); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-11 09:10:24 -06:00
|
|
|
return nil
|
|
|
|
|
}
|
2020-01-10 04:43:44 -06:00
|
|
|
|
2022-03-14 12:24:07 -05:00
|
|
|
func UserDeletions() []string {
|
2018-10-11 00:48:35 -05:00
|
|
|
deletes := []string{
|
|
|
|
|
"DELETE FROM star WHERE user_id = ?",
|
|
|
|
|
"DELETE FROM " + dialect.Quote("user") + " WHERE id = ?",
|
|
|
|
|
"DELETE FROM org_user WHERE user_id = ?",
|
|
|
|
|
"DELETE FROM dashboard_acl WHERE user_id = ?",
|
|
|
|
|
"DELETE FROM preferences WHERE user_id = ?",
|
|
|
|
|
"DELETE FROM team_member WHERE user_id = ?",
|
|
|
|
|
"DELETE FROM user_auth WHERE user_id = ?",
|
2019-06-10 06:35:47 -05:00
|
|
|
"DELETE FROM user_auth_token WHERE user_id = ?",
|
|
|
|
|
"DELETE FROM quota WHERE user_id = ?",
|
2018-10-11 00:48:35 -05:00
|
|
|
}
|
2021-11-11 09:10:24 -06:00
|
|
|
return deletes
|
|
|
|
|
}
|
