2017-04-09 18:24:16 -05:00
|
|
|
package api
|
|
|
|
|
|
|
|
|
|
import (
|
2020-11-19 06:34:28 -06:00
|
|
|
"errors"
|
2021-11-29 03:18:01 -06:00
|
|
|
"net/http"
|
2022-01-14 10:55:57 -06:00
|
|
|
"strconv"
|
2020-11-19 06:34:28 -06:00
|
|
|
|
2017-12-20 14:20:12 -06:00
|
|
|
"github.com/grafana/grafana/pkg/api/dtos"
|
2021-01-15 07:43:20 -06:00
|
|
|
"github.com/grafana/grafana/pkg/api/response"
|
2020-03-04 05:57:20 -06:00
|
|
|
"github.com/grafana/grafana/pkg/models"
|
2017-04-09 18:24:16 -05:00
|
|
|
"github.com/grafana/grafana/pkg/util"
|
2021-11-29 03:18:01 -06:00
|
|
|
"github.com/grafana/grafana/pkg/web"
|
2017-04-09 18:24:16 -05:00
|
|
|
)
|
|
|
|
|
|
2017-12-08 09:25:45 -06:00
|
|
|
// POST /api/teams
|
2021-11-29 03:18:01 -06:00
|
|
|
func (hs *HTTPServer) CreateTeam(c *models.ReqContext) response.Response {
|
|
|
|
|
cmd := models.CreateTeamCommand{}
|
|
|
|
|
if err := web.Bind(c.Req, &cmd); err != nil {
|
|
|
|
|
return response.Error(http.StatusBadRequest, "bad request data", err)
|
|
|
|
|
}
|
2022-04-25 03:42:09 -05:00
|
|
|
accessControlEnabled := !hs.AccessControl.IsDisabled()
|
2022-01-10 11:05:53 -06:00
|
|
|
if !accessControlEnabled && c.OrgRole == models.ROLE_VIEWER {
|
2021-01-15 07:43:20 -06:00
|
|
|
return response.Error(403, "Not allowed to create team.", nil)
|
2019-03-13 04:38:09 -05:00
|
|
|
}
|
|
|
|
|
|
2022-02-03 02:20:20 -06:00
|
|
|
team, err := hs.SQLStore.CreateTeam(cmd.Name, cmd.Email, c.OrgId)
|
2021-03-17 10:06:10 -05:00
|
|
|
if err != nil {
|
2020-11-19 06:34:28 -06:00
|
|
|
if errors.Is(err, models.ErrTeamNameTaken) {
|
2021-01-15 07:43:20 -06:00
|
|
|
return response.Error(409, "Team name taken", err)
|
2017-04-09 18:24:16 -05:00
|
|
|
}
|
2021-01-15 07:43:20 -06:00
|
|
|
return response.Error(500, "Failed to create Team", err)
|
2017-04-09 18:24:16 -05:00
|
|
|
}
|
|
|
|
|
|
2022-01-10 11:05:53 -06:00
|
|
|
if accessControlEnabled || (c.OrgRole == models.ROLE_EDITOR && hs.Cfg.EditorsCanAdmin) {
|
2019-08-08 03:27:47 -05:00
|
|
|
// if the request is authenticated using API tokens
|
|
|
|
|
// the SignedInUser is an empty struct therefore
|
|
|
|
|
// an additional check whether it is an actual user is required
|
|
|
|
|
if c.SignedInUser.IsRealUser() {
|
2022-02-17 07:03:45 -06:00
|
|
|
if err := addOrUpdateTeamMember(c.Req.Context(), hs.teamPermissionsService, c.SignedInUser.UserId, c.OrgId, team.Id, models.PERMISSION_ADMIN.String()); err != nil {
|
2021-03-17 10:06:10 -05:00
|
|
|
c.Logger.Error("Could not add creator to team", "error", err)
|
2019-08-08 03:27:47 -05:00
|
|
|
}
|
|
|
|
|
} else {
|
2021-03-17 10:06:10 -05:00
|
|
|
c.Logger.Warn("Could not add creator to team because is not a real user")
|
2019-03-08 04:56:48 -06:00
|
|
|
}
|
2019-03-06 04:47:18 -06:00
|
|
|
}
|
2022-04-15 07:01:58 -05:00
|
|
|
return response.JSON(http.StatusOK, &util.DynMap{
|
2021-03-17 10:06:10 -05:00
|
|
|
"teamId": team.Id,
|
2017-12-08 09:25:45 -06:00
|
|
|
"message": "Team created",
|
2017-04-09 18:24:16 -05:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-08 09:25:45 -06:00
|
|
|
// PUT /api/teams/:teamId
|
2021-11-29 03:18:01 -06:00
|
|
|
func (hs *HTTPServer) UpdateTeam(c *models.ReqContext) response.Response {
|
|
|
|
|
cmd := models.UpdateTeamCommand{}
|
2022-01-14 10:55:57 -06:00
|
|
|
var err error
|
2021-11-29 03:18:01 -06:00
|
|
|
if err := web.Bind(c.Req, &cmd); err != nil {
|
|
|
|
|
return response.Error(http.StatusBadRequest, "bad request data", err)
|
|
|
|
|
}
|
2018-02-09 10:26:15 -06:00
|
|
|
cmd.OrgId = c.OrgId
|
2022-01-14 10:55:57 -06:00
|
|
|
cmd.Id, err = strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return response.Error(http.StatusBadRequest, "teamId is invalid", err)
|
|
|
|
|
}
|
2019-03-11 05:26:01 -05:00
|
|
|
|
2022-04-25 03:42:09 -05:00
|
|
|
if hs.AccessControl.IsDisabled() {
|
2022-01-27 09:16:44 -06:00
|
|
|
if err := hs.teamGuardian.CanAdmin(c.Req.Context(), cmd.OrgId, cmd.Id, c.SignedInUser); err != nil {
|
|
|
|
|
return response.Error(403, "Not allowed to update team", err)
|
|
|
|
|
}
|
2019-03-11 05:26:01 -05:00
|
|
|
}
|
|
|
|
|
|
2022-01-24 04:52:35 -06:00
|
|
|
if err := hs.SQLStore.UpdateTeam(c.Req.Context(), &cmd); err != nil {
|
2020-11-19 06:34:28 -06:00
|
|
|
if errors.Is(err, models.ErrTeamNameTaken) {
|
2021-01-15 07:43:20 -06:00
|
|
|
return response.Error(400, "Team name taken", err)
|
2017-04-18 08:01:05 -05:00
|
|
|
}
|
2021-01-15 07:43:20 -06:00
|
|
|
return response.Error(500, "Failed to update Team", err)
|
2017-04-18 08:01:05 -05:00
|
|
|
}
|
|
|
|
|
|
2021-01-15 07:43:20 -06:00
|
|
|
return response.Success("Team updated")
|
2017-04-18 08:01:05 -05:00
|
|
|
}
|
|
|
|
|
|
2017-12-08 09:25:45 -06:00
|
|
|
// DELETE /api/teams/:teamId
|
2021-01-15 07:43:20 -06:00
|
|
|
func (hs *HTTPServer) DeleteTeamByID(c *models.ReqContext) response.Response {
|
2019-03-11 06:03:15 -05:00
|
|
|
orgId := c.OrgId
|
2022-01-14 10:55:57 -06:00
|
|
|
teamId, err := strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return response.Error(http.StatusBadRequest, "teamId is invalid", err)
|
|
|
|
|
}
|
2019-03-11 06:03:15 -05:00
|
|
|
user := c.SignedInUser
|
|
|
|
|
|
2022-04-25 03:42:09 -05:00
|
|
|
if hs.AccessControl.IsDisabled() {
|
2022-01-27 09:16:44 -06:00
|
|
|
if err := hs.teamGuardian.CanAdmin(c.Req.Context(), orgId, teamId, user); err != nil {
|
|
|
|
|
return response.Error(403, "Not allowed to delete team", err)
|
|
|
|
|
}
|
2019-03-11 06:03:15 -05:00
|
|
|
}
|
|
|
|
|
|
2022-01-24 04:52:35 -06:00
|
|
|
if err := hs.SQLStore.DeleteTeam(c.Req.Context(), &models.DeleteTeamCommand{OrgId: orgId, Id: teamId}); err != nil {
|
2020-11-19 06:34:28 -06:00
|
|
|
if errors.Is(err, models.ErrTeamNotFound) {
|
2021-01-15 07:43:20 -06:00
|
|
|
return response.Error(404, "Failed to delete Team. ID not found", nil)
|
2017-04-09 18:24:16 -05:00
|
|
|
}
|
2021-01-15 07:43:20 -06:00
|
|
|
return response.Error(500, "Failed to delete Team", err)
|
2017-04-09 18:24:16 -05:00
|
|
|
}
|
2021-01-15 07:43:20 -06:00
|
|
|
return response.Success("Team deleted")
|
2017-04-09 18:24:16 -05:00
|
|
|
}
|
|
|
|
|
|
2017-12-08 09:25:45 -06:00
|
|
|
// GET /api/teams/search
|
2021-01-15 07:43:20 -06:00
|
|
|
func (hs *HTTPServer) SearchTeams(c *models.ReqContext) response.Response {
|
2017-04-09 18:24:16 -05:00
|
|
|
perPage := c.QueryInt("perpage")
|
|
|
|
|
if perPage <= 0 {
|
|
|
|
|
perPage = 1000
|
|
|
|
|
}
|
|
|
|
|
page := c.QueryInt("page")
|
|
|
|
|
if page < 1 {
|
|
|
|
|
page = 1
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-09 09:17:31 -06:00
|
|
|
// Using accesscontrol the filtering is done based on user permissions
|
|
|
|
|
userIdFilter := models.FilterIgnoreUser
|
2022-04-25 03:42:09 -05:00
|
|
|
if hs.AccessControl.IsDisabled() {
|
2022-02-15 11:09:03 -06:00
|
|
|
userIdFilter = userFilter(c)
|
2022-02-09 09:17:31 -06:00
|
|
|
}
|
|
|
|
|
|
2020-03-04 05:57:20 -06:00
|
|
|
query := models.SearchTeamsQuery{
|
2019-03-11 08:40:57 -05:00
|
|
|
OrgId: c.OrgId,
|
|
|
|
|
Query: c.Query("query"),
|
|
|
|
|
Name: c.Query("name"),
|
2022-02-09 09:17:31 -06:00
|
|
|
UserIdFilter: userIdFilter,
|
2019-03-11 08:40:57 -05:00
|
|
|
Page: page,
|
|
|
|
|
Limit: perPage,
|
2020-11-24 05:10:32 -06:00
|
|
|
SignedInUser: c.SignedInUser,
|
|
|
|
|
HiddenUsers: hs.Cfg.HiddenUsers,
|
2017-04-09 18:24:16 -05:00
|
|
|
}
|
|
|
|
|
|
2022-01-24 04:52:35 -06:00
|
|
|
if err := hs.SQLStore.SearchTeams(c.Req.Context(), &query); err != nil {
|
2021-01-15 07:43:20 -06:00
|
|
|
return response.Error(500, "Failed to search Teams", err)
|
2017-04-09 18:24:16 -05:00
|
|
|
}
|
|
|
|
|
|
2022-02-03 10:49:39 -06:00
|
|
|
teamIDs := map[string]bool{}
|
2017-12-20 14:20:12 -06:00
|
|
|
for _, team := range query.Result.Teams {
|
|
|
|
|
team.AvatarUrl = dtos.GetGravatarUrlWithDefault(team.Email, team.Name)
|
2022-02-03 10:49:39 -06:00
|
|
|
teamIDs[strconv.FormatInt(team.Id, 10)] = true
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-24 02:58:10 -05:00
|
|
|
metadata := hs.getMultiAccessControlMetadata(c, c.OrgId, "teams:id:", teamIDs)
|
2022-02-18 04:27:00 -06:00
|
|
|
if len(metadata) > 0 {
|
2022-02-03 10:49:39 -06:00
|
|
|
for _, team := range query.Result.Teams {
|
|
|
|
|
team.AccessControl = metadata[strconv.FormatInt(team.Id, 10)]
|
|
|
|
|
}
|
2017-12-20 14:20:12 -06:00
|
|
|
}
|
|
|
|
|
|
2017-04-09 18:24:16 -05:00
|
|
|
query.Result.Page = page
|
|
|
|
|
query.Result.PerPage = perPage
|
|
|
|
|
|
2022-04-15 07:01:58 -05:00
|
|
|
return response.JSON(http.StatusOK, query.Result)
|
2017-04-09 18:24:16 -05:00
|
|
|
}
|
2017-04-18 08:01:05 -05:00
|
|
|
|
2022-02-09 06:44:38 -06:00
|
|
|
// UserFilter returns the user ID used in a filter when querying a team
|
|
|
|
|
// 1. If the user is a viewer or editor, this will return the user's ID.
|
2022-02-15 11:09:03 -06:00
|
|
|
// 2. If the user is an admin, this will return models.FilterIgnoreUser (0)
|
|
|
|
|
func userFilter(c *models.ReqContext) int64 {
|
2022-02-09 06:44:38 -06:00
|
|
|
userIdFilter := c.SignedInUser.UserId
|
2022-02-15 11:09:03 -06:00
|
|
|
if c.OrgRole == models.ROLE_ADMIN {
|
2022-02-09 06:44:38 -06:00
|
|
|
userIdFilter = models.FilterIgnoreUser
|
|
|
|
|
}
|
|
|
|
|
return userIdFilter
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-08 09:25:45 -06:00
|
|
|
// GET /api/teams/:teamId
|
2021-01-15 07:43:20 -06:00
|
|
|
func (hs *HTTPServer) GetTeamByID(c *models.ReqContext) response.Response {
|
2022-01-14 10:55:57 -06:00
|
|
|
teamId, err := strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return response.Error(http.StatusBadRequest, "teamId is invalid", err)
|
|
|
|
|
}
|
2022-02-09 06:44:38 -06:00
|
|
|
|
2022-02-09 09:17:31 -06:00
|
|
|
// Using accesscontrol the filtering has already been performed at middleware layer
|
|
|
|
|
userIdFilter := models.FilterIgnoreUser
|
2022-04-25 03:42:09 -05:00
|
|
|
if hs.AccessControl.IsDisabled() {
|
2022-02-15 11:09:03 -06:00
|
|
|
userIdFilter = userFilter(c)
|
2022-02-09 09:17:31 -06:00
|
|
|
}
|
|
|
|
|
|
2020-11-24 05:10:32 -06:00
|
|
|
query := models.GetTeamByIdQuery{
|
|
|
|
|
OrgId: c.OrgId,
|
2022-01-14 10:55:57 -06:00
|
|
|
Id: teamId,
|
2020-11-24 05:10:32 -06:00
|
|
|
SignedInUser: c.SignedInUser,
|
|
|
|
|
HiddenUsers: hs.Cfg.HiddenUsers,
|
2022-02-09 09:17:31 -06:00
|
|
|
UserIdFilter: userIdFilter,
|
2020-11-24 05:10:32 -06:00
|
|
|
}
|
2017-04-18 08:01:05 -05:00
|
|
|
|
2022-01-24 04:52:35 -06:00
|
|
|
if err := hs.SQLStore.GetTeamById(c.Req.Context(), &query); err != nil {
|
2020-11-19 06:34:28 -06:00
|
|
|
if errors.Is(err, models.ErrTeamNotFound) {
|
2021-01-15 07:43:20 -06:00
|
|
|
return response.Error(404, "Team not found", err)
|
2017-04-18 08:01:05 -05:00
|
|
|
}
|
|
|
|
|
|
2021-01-15 07:43:20 -06:00
|
|
|
return response.Error(500, "Failed to get Team", err)
|
2017-04-18 08:01:05 -05:00
|
|
|
}
|
|
|
|
|
|
2022-02-18 04:27:00 -06:00
|
|
|
// Add accesscontrol metadata
|
2022-03-24 02:58:10 -05:00
|
|
|
query.Result.AccessControl = hs.getAccessControlMetadata(c, c.OrgId, "teams:id:", strconv.FormatInt(query.Result.Id, 10))
|
2022-02-03 10:49:39 -06:00
|
|
|
|
2018-07-11 13:23:07 -05:00
|
|
|
query.Result.AvatarUrl = dtos.GetGravatarUrlWithDefault(query.Result.Email, query.Result.Name)
|
2022-04-15 07:01:58 -05:00
|
|
|
return response.JSON(http.StatusOK, &query.Result)
|
2017-04-18 08:01:05 -05:00
|
|
|
}
|
2018-11-12 13:01:53 -06:00
|
|
|
|
|
|
|
|
// GET /api/teams/:teamId/preferences
|
2021-01-15 07:43:20 -06:00
|
|
|
func (hs *HTTPServer) GetTeamPreferences(c *models.ReqContext) response.Response {
|
2022-01-14 10:55:57 -06:00
|
|
|
teamId, err := strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return response.Error(http.StatusBadRequest, "teamId is invalid", err)
|
|
|
|
|
}
|
2022-01-28 05:17:54 -06:00
|
|
|
|
2019-03-12 07:59:53 -05:00
|
|
|
orgId := c.OrgId
|
|
|
|
|
|
2022-04-25 03:42:09 -05:00
|
|
|
if hs.AccessControl.IsDisabled() {
|
2022-01-28 05:17:54 -06:00
|
|
|
if err := hs.teamGuardian.CanAdmin(c.Req.Context(), orgId, teamId, c.SignedInUser); err != nil {
|
|
|
|
|
return response.Error(403, "Not allowed to view team preferences.", err)
|
|
|
|
|
}
|
2019-03-12 07:59:53 -05:00
|
|
|
}
|
|
|
|
|
|
2021-11-02 07:41:45 -05:00
|
|
|
return hs.getPreferencesFor(c.Req.Context(), orgId, 0, teamId)
|
2018-11-12 13:01:53 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// PUT /api/teams/:teamId/preferences
|
2021-11-29 03:18:01 -06:00
|
|
|
func (hs *HTTPServer) UpdateTeamPreferences(c *models.ReqContext) response.Response {
|
|
|
|
|
dtoCmd := dtos.UpdatePrefsCmd{}
|
|
|
|
|
if err := web.Bind(c.Req, &dtoCmd); err != nil {
|
|
|
|
|
return response.Error(http.StatusBadRequest, "bad request data", err)
|
|
|
|
|
}
|
2022-01-28 05:17:54 -06:00
|
|
|
|
2022-01-14 10:55:57 -06:00
|
|
|
teamId, err := strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return response.Error(http.StatusBadRequest, "teamId is invalid", err)
|
|
|
|
|
}
|
2022-01-28 05:17:54 -06:00
|
|
|
|
2019-03-11 07:14:06 -05:00
|
|
|
orgId := c.OrgId
|
|
|
|
|
|
2022-04-25 03:42:09 -05:00
|
|
|
if hs.AccessControl.IsDisabled() {
|
2022-01-28 05:17:54 -06:00
|
|
|
if err := hs.teamGuardian.CanAdmin(c.Req.Context(), orgId, teamId, c.SignedInUser); err != nil {
|
|
|
|
|
return response.Error(403, "Not allowed to update team preferences.", err)
|
|
|
|
|
}
|
2019-03-11 07:14:06 -05:00
|
|
|
}
|
|
|
|
|
|
2021-11-02 07:41:45 -05:00
|
|
|
return hs.updatePreferencesFor(c.Req.Context(), orgId, 0, teamId, &dtoCmd)
|
2018-11-12 13:01:53 -06:00
|
|
|
}
|
