2021-05-11 00:10:19 -05:00
|
|
|
package libraryelements
|
2021-03-01 08:33:17 -06:00
|
|
|
|
|
|
|
|
import (
|
2021-09-14 09:08:04 -05:00
|
|
|
"context"
|
|
|
|
|
|
2021-03-01 08:33:17 -06:00
|
|
|
"github.com/grafana/grafana/pkg/models"
|
|
|
|
|
"github.com/grafana/grafana/pkg/services/dashboards"
|
|
|
|
|
"github.com/grafana/grafana/pkg/services/guardian"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func isGeneralFolder(folderID int64) bool {
|
|
|
|
|
return folderID == 0
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-11 00:10:19 -05:00
|
|
|
func (l *LibraryElementService) requireSupportedElementKind(kindAsInt int64) error {
|
2021-05-23 23:11:01 -05:00
|
|
|
kind := models.LibraryElementKind(kindAsInt)
|
2021-05-11 00:10:19 -05:00
|
|
|
switch kind {
|
2021-05-23 23:11:01 -05:00
|
|
|
case models.PanelElement:
|
2021-05-11 00:10:19 -05:00
|
|
|
return nil
|
2021-05-23 23:11:01 -05:00
|
|
|
case models.VariableElement:
|
2021-05-11 00:10:19 -05:00
|
|
|
return nil
|
|
|
|
|
default:
|
|
|
|
|
return errLibraryElementUnSupportedElementKind
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-14 09:08:04 -05:00
|
|
|
func (l *LibraryElementService) requirePermissionsOnFolder(ctx context.Context, user *models.SignedInUser, folderID int64) error {
|
2021-03-01 08:33:17 -06:00
|
|
|
if isGeneralFolder(folderID) && user.HasRole(models.ROLE_EDITOR) {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if isGeneralFolder(folderID) && user.HasRole(models.ROLE_VIEWER) {
|
|
|
|
|
return models.ErrFolderAccessDenied
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-11 00:10:19 -05:00
|
|
|
s := dashboards.NewFolderService(user.OrgId, user, l.SQLStore)
|
2021-09-14 09:08:04 -05:00
|
|
|
folder, err := s.GetFolderByID(ctx, folderID)
|
2021-03-01 08:33:17 -06:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-23 10:43:32 -05:00
|
|
|
g := guardian.New(ctx, folder.Id, user.OrgId, user)
|
2021-03-01 08:33:17 -06:00
|
|
|
|
|
|
|
|
canEdit, err := g.CanEdit()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if !canEdit {
|
|
|
|
|
return models.ErrFolderAccessDenied
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
