2017-04-28 14:22:53 -05:00
|
|
|
package models
|
|
|
|
|
2017-06-09 14:56:13 -05:00
|
|
|
import (
|
|
|
|
"errors"
|
|
|
|
"time"
|
2022-08-10 04:56:48 -05:00
|
|
|
|
|
|
|
"github.com/grafana/grafana/pkg/services/org"
|
2017-06-09 14:56:13 -05:00
|
|
|
)
|
2017-04-28 14:22:53 -05:00
|
|
|
|
|
|
|
type PermissionType int
|
|
|
|
|
|
|
|
const (
|
2017-06-09 14:56:13 -05:00
|
|
|
PERMISSION_VIEW PermissionType = 1 << iota
|
|
|
|
PERMISSION_EDIT
|
2017-06-20 16:18:20 -05:00
|
|
|
PERMISSION_ADMIN
|
2017-04-28 14:22:53 -05:00
|
|
|
)
|
|
|
|
|
2017-06-08 03:39:17 -05:00
|
|
|
func (p PermissionType) String() string {
|
|
|
|
names := map[int]string{
|
2017-06-20 16:18:20 -05:00
|
|
|
int(PERMISSION_VIEW): "View",
|
|
|
|
int(PERMISSION_EDIT): "Edit",
|
|
|
|
int(PERMISSION_ADMIN): "Admin",
|
2017-06-08 03:39:17 -05:00
|
|
|
}
|
|
|
|
return names[int(p)]
|
|
|
|
}
|
|
|
|
|
2017-04-28 14:22:53 -05:00
|
|
|
// Typed errors
|
2017-06-09 14:56:13 -05:00
|
|
|
var (
|
2022-07-18 08:14:58 -05:00
|
|
|
ErrDashboardACLInfoMissing = errors.New("user id and team id cannot both be empty for a dashboard permission")
|
2021-10-13 13:16:58 -05:00
|
|
|
ErrDashboardPermissionDashboardEmpty = errors.New("dashboard id must be greater than zero for a dashboard permission")
|
2022-07-18 08:14:58 -05:00
|
|
|
ErrFolderACLInfoMissing = errors.New("user id and team id cannot both be empty for a folder permission")
|
2021-10-13 13:16:58 -05:00
|
|
|
ErrFolderPermissionFolderEmpty = errors.New("folder id must be greater than zero for a folder permission")
|
|
|
|
ErrPermissionsWithRoleNotAllowed = errors.New("permissions cannot have both a user and team")
|
|
|
|
ErrPermissionsWithUserAndTeamNotAllowed = errors.New("team and user permissions cannot have an associated role")
|
2017-06-09 14:56:13 -05:00
|
|
|
)
|
2017-04-28 14:22:53 -05:00
|
|
|
|
|
|
|
// Dashboard ACL model
|
2022-07-18 08:14:58 -05:00
|
|
|
type DashboardACL struct {
|
2020-11-17 10:09:14 -06:00
|
|
|
// nolint:stylecheck
|
2017-06-19 17:19:58 -05:00
|
|
|
Id int64
|
2020-11-17 10:09:14 -06:00
|
|
|
OrgID int64 `xorm:"org_id"`
|
|
|
|
DashboardID int64 `xorm:"dashboard_id"`
|
2017-05-08 08:35:34 -05:00
|
|
|
|
2022-08-10 04:56:48 -05:00
|
|
|
UserID int64 `xorm:"user_id"`
|
|
|
|
TeamID int64 `xorm:"team_id"`
|
|
|
|
Role *org.RoleType // pointer to be nullable
|
2017-12-11 10:46:05 -06:00
|
|
|
Permission PermissionType
|
2017-05-08 08:35:34 -05:00
|
|
|
|
2017-06-19 17:19:58 -05:00
|
|
|
Created time.Time
|
|
|
|
Updated time.Time
|
2017-05-08 08:35:34 -05:00
|
|
|
}
|
|
|
|
|
2022-07-18 08:14:58 -05:00
|
|
|
type DashboardACLInfoDTO struct {
|
2017-05-08 08:35:34 -05:00
|
|
|
OrgId int64 `json:"-"`
|
2018-02-20 08:25:16 -06:00
|
|
|
DashboardId int64 `json:"dashboardId,omitempty"`
|
|
|
|
FolderId int64 `json:"folderId,omitempty"`
|
2017-04-28 14:22:53 -05:00
|
|
|
|
2017-05-08 08:35:34 -05:00
|
|
|
Created time.Time `json:"created"`
|
|
|
|
Updated time.Time `json:"updated"`
|
2017-04-28 14:22:53 -05:00
|
|
|
|
2017-06-08 03:39:17 -05:00
|
|
|
UserId int64 `json:"userId"`
|
|
|
|
UserLogin string `json:"userLogin"`
|
|
|
|
UserEmail string `json:"userEmail"`
|
2018-02-14 08:02:42 -06:00
|
|
|
UserAvatarUrl string `json:"userAvatarUrl"`
|
2017-12-11 10:46:05 -06:00
|
|
|
TeamId int64 `json:"teamId"`
|
2018-02-14 08:02:42 -06:00
|
|
|
TeamEmail string `json:"teamEmail"`
|
|
|
|
TeamAvatarUrl string `json:"teamAvatarUrl"`
|
2017-12-11 10:46:05 -06:00
|
|
|
Team string `json:"team"`
|
2022-08-10 04:56:48 -05:00
|
|
|
Role *org.RoleType `json:"role,omitempty"`
|
2017-06-21 13:11:16 -05:00
|
|
|
Permission PermissionType `json:"permission"`
|
2017-06-16 20:25:24 -05:00
|
|
|
PermissionName string `json:"permissionName"`
|
2018-02-05 07:28:24 -06:00
|
|
|
Uid string `json:"uid"`
|
|
|
|
Title string `json:"title"`
|
|
|
|
Slug string `json:"slug"`
|
|
|
|
IsFolder bool `json:"isFolder"`
|
|
|
|
Url string `json:"url"`
|
2018-04-23 02:23:14 -05:00
|
|
|
Inherited bool `json:"inherited"`
|
2017-04-28 14:22:53 -05:00
|
|
|
}
|
|
|
|
|
2022-07-18 08:14:58 -05:00
|
|
|
func (dto *DashboardACLInfoDTO) hasSameRoleAs(other *DashboardACLInfoDTO) bool {
|
2018-02-28 01:48:28 -06:00
|
|
|
if dto.Role == nil || other.Role == nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
return dto.UserId <= 0 && dto.TeamId <= 0 && dto.UserId == other.UserId && dto.TeamId == other.TeamId && *dto.Role == *other.Role
|
|
|
|
}
|
|
|
|
|
2022-07-18 08:14:58 -05:00
|
|
|
func (dto *DashboardACLInfoDTO) hasSameUserAs(other *DashboardACLInfoDTO) bool {
|
2018-02-28 01:48:28 -06:00
|
|
|
return dto.UserId > 0 && dto.UserId == other.UserId
|
|
|
|
}
|
|
|
|
|
2022-07-18 08:14:58 -05:00
|
|
|
func (dto *DashboardACLInfoDTO) hasSameTeamAs(other *DashboardACLInfoDTO) bool {
|
2018-02-28 01:48:28 -06:00
|
|
|
return dto.TeamId > 0 && dto.TeamId == other.TeamId
|
|
|
|
}
|
|
|
|
|
|
|
|
// IsDuplicateOf returns true if other item has same role, same user or same team
|
2022-07-18 08:14:58 -05:00
|
|
|
func (dto *DashboardACLInfoDTO) IsDuplicateOf(other *DashboardACLInfoDTO) bool {
|
2018-02-28 01:48:28 -06:00
|
|
|
return dto.hasSameRoleAs(other) || dto.hasSameUserAs(other) || dto.hasSameTeamAs(other)
|
|
|
|
}
|
|
|
|
|
2017-04-28 14:22:53 -05:00
|
|
|
// QUERIES
|
2022-07-18 08:14:58 -05:00
|
|
|
type GetDashboardACLInfoListQuery struct {
|
2020-11-17 10:09:14 -06:00
|
|
|
DashboardID int64
|
|
|
|
OrgID int64
|
2022-07-18 08:14:58 -05:00
|
|
|
Result []*DashboardACLInfoDTO
|
2017-06-19 10:03:54 -05:00
|
|
|
}
|
2022-07-18 08:14:58 -05:00
|
|
|
|
|
|
|
func (p DashboardACL) TableName() string { return "dashboard_acl" }
|