mirror of
https://github.com/grafana/grafana.git
synced 2024-12-28 01:41:24 -06:00
WIP: Permission Type as string in permission query
This commit is contained in:
Daniel Lee
parent
96afb91ac4
commit
2097ed0bb8
@ -13,10 +13,10 @@ import (
|
||||
func TestDashboardAclApiEndpoint(t *testing.T) {
|
||||
Convey("Given a dashboard acl", t, func() {
|
||||
mockResult := []*models.DashboardAclInfoDTO{
|
||||
{Id: 1, OrgId: 1, DashboardId: 1, UserId: 2, Permissions: models.PERMISSION_EDIT},
|
||||
{Id: 2, OrgId: 1, DashboardId: 1, UserId: 3, Permissions: models.PERMISSION_VIEW},
|
||||
{Id: 3, OrgId: 1, DashboardId: 1, UserGroupId: 1, Permissions: models.PERMISSION_EDIT},
|
||||
{Id: 4, OrgId: 1, DashboardId: 1, UserGroupId: 2, Permissions: models.PERMISSION_READ_ONLY_EDIT},
|
||||
{Id: 1, OrgId: 1, DashboardId: 1, UserId: 2, PermissionType: models.PERMISSION_EDIT},
|
||||
{Id: 2, OrgId: 1, DashboardId: 1, UserId: 3, PermissionType: models.PERMISSION_VIEW},
|
||||
{Id: 3, OrgId: 1, DashboardId: 1, UserGroupId: 1, PermissionType: models.PERMISSION_EDIT},
|
||||
{Id: 4, OrgId: 1, DashboardId: 1, UserGroupId: 2, PermissionType: models.PERMISSION_READ_ONLY_EDIT},
|
||||
}
|
||||
bus.AddHandler("test", func(query *models.GetDashboardPermissionsQuery) error {
|
||||
query.Result = mockResult
|
||||
@ -34,14 +34,14 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
|
||||
respJSON, err := simplejson.NewJson(sc.resp.Body.Bytes())
|
||||
So(err, ShouldBeNil)
|
||||
So(respJSON.GetIndex(0).Get("userId").MustInt(), ShouldEqual, 2)
|
||||
So(respJSON.GetIndex(0).Get("permissions").MustInt(), ShouldEqual, models.PERMISSION_EDIT)
|
||||
So(respJSON.GetIndex(0).Get("permissionType").MustInt(), ShouldEqual, models.PERMISSION_EDIT)
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
Convey("When user is editor and in the ACL", func() {
|
||||
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/1/acl", "/api/dashboards/:id/acl", models.ROLE_EDITOR, func(sc *scenarioContext) {
|
||||
mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_EDIT})
|
||||
mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, PermissionType: models.PERMISSION_EDIT})
|
||||
|
||||
bus.AddHandler("test2", func(query *models.GetAllowedDashboardsQuery) error {
|
||||
query.Result = []int64{1}
|
||||
@ -57,7 +57,7 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
|
||||
})
|
||||
|
||||
loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/1/acl/user/1", "/api/dashboards/:id/acl/user/:userId", models.ROLE_EDITOR, func(sc *scenarioContext) {
|
||||
mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_EDIT})
|
||||
mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, PermissionType: models.PERMISSION_EDIT})
|
||||
|
||||
bus.AddHandler("test3", func(cmd *models.RemoveDashboardPermissionCommand) error {
|
||||
return nil
|
||||
@ -110,7 +110,7 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
|
||||
})
|
||||
|
||||
loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/1/acl/user/1", "/api/dashboards/:id/acl/user/:userId", models.ROLE_EDITOR, func(sc *scenarioContext) {
|
||||
mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_VIEW})
|
||||
mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, PermissionType: models.PERMISSION_VIEW})
|
||||
bus.AddHandler("test3", func(cmd *models.RemoveDashboardPermissionCommand) error {
|
||||
return nil
|
||||
})
|
||||
|
||||
@ -5,11 +5,20 @@ import "time"
|
||||
type PermissionType int
|
||||
|
||||
const (
|
||||
PERMISSION_EDIT PermissionType = 4
|
||||
PERMISSION_READ_ONLY_EDIT PermissionType = 2
|
||||
PERMISSION_VIEW PermissionType = 1
|
||||
PERMISSION_EDIT PermissionType = 1 << iota
|
||||
PERMISSION_READ_ONLY_EDIT
|
||||
PERMISSION_VIEW
|
||||
)
|
||||
|
||||
func (p PermissionType) String() string {
|
||||
names := map[int]string{
|
||||
int(PERMISSION_VIEW): "View",
|
||||
int(PERMISSION_READ_ONLY_EDIT): "Read-only Edit",
|
||||
int(PERMISSION_EDIT): "Edit",
|
||||
}
|
||||
return names[int(p)]
|
||||
}
|
||||
|
||||
// Typed errors
|
||||
// var (
|
||||
// ErrDashboardPermissionAlreadyAdded = errors.New("A permission has ")
|
||||
@ -37,12 +46,13 @@ type DashboardAclInfoDTO struct {
|
||||
Created time.Time `json:"created"`
|
||||
Updated time.Time `json:"updated"`
|
||||
|
||||
UserId int64 `json:"userId"`
|
||||
UserLogin string `json:"userLogin"`
|
||||
UserEmail string `json:"userEmail"`
|
||||
UserGroupId int64 `json:"userGroupId"`
|
||||
UserGroup string `json:"userGroup"`
|
||||
Permissions PermissionType `json:"permissions"`
|
||||
UserId int64 `json:"userId"`
|
||||
UserLogin string `json:"userLogin"`
|
||||
UserEmail string `json:"userEmail"`
|
||||
UserGroupId int64 `json:"userGroupId"`
|
||||
UserGroup string `json:"userGroup"`
|
||||
PermissionType PermissionType `json:"permissionType"`
|
||||
Permissions string `json:"permissions"`
|
||||
}
|
||||
|
||||
//
|
||||
|
||||
21
pkg/models/dashboard_acl_test.go
Normal file
21
pkg/models/dashboard_acl_test.go
Normal file
@ -0,0 +1,21 @@
|
||||
package models
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"fmt"
|
||||
|
||||
. "github.com/smartystreets/goconvey/convey"
|
||||
)
|
||||
|
||||
func TestDashboardAclModel(t *testing.T) {
|
||||
|
||||
Convey("When printing a PermissionType", t, func() {
|
||||
view := PERMISSION_VIEW
|
||||
printed := fmt.Sprint(view)
|
||||
|
||||
Convey("Should output a friendly name", func() {
|
||||
So(printed, ShouldEqual, "View")
|
||||
})
|
||||
})
|
||||
}
|
||||
@ -57,12 +57,12 @@ func CanDeleteFromAcl(dashboardId int64, role m.RoleType, isGrafanaAdmin bool, o
|
||||
userGroups, err := getUserGroupsByUser(userId)
|
||||
|
||||
for _, p := range permissions {
|
||||
if p.UserId == userId && p.Permissions == m.PERMISSION_EDIT {
|
||||
if p.UserId == userId && p.PermissionType == m.PERMISSION_EDIT {
|
||||
return true, nil
|
||||
}
|
||||
|
||||
for _, ug := range userGroups {
|
||||
if ug.Id == p.UserGroupId && p.Permissions == m.PERMISSION_EDIT {
|
||||
if ug.Id == p.UserGroupId && p.PermissionType == m.PERMISSION_EDIT {
|
||||
return true, nil
|
||||
}
|
||||
}
|
||||
|
||||
@ -3,6 +3,8 @@ package sqlstore
|
||||
import (
|
||||
"time"
|
||||
|
||||
"fmt"
|
||||
|
||||
"github.com/grafana/grafana/pkg/bus"
|
||||
m "github.com/grafana/grafana/pkg/models"
|
||||
)
|
||||
@ -79,7 +81,15 @@ func RemoveDashboardPermission(cmd *m.RemoveDashboardPermissionCommand) error {
|
||||
|
||||
func GetDashboardPermissions(query *m.GetDashboardPermissionsQuery) error {
|
||||
rawSQL := `SELECT
|
||||
da.*,
|
||||
da.id,
|
||||
da.org_id,
|
||||
da.id,
|
||||
da.dashboard_id,
|
||||
da.user_id,
|
||||
da.user_group_id,
|
||||
da.permissions as permission_type,
|
||||
da.created,
|
||||
da.updated,
|
||||
u.login AS user_login,
|
||||
u.email AS user_email,
|
||||
ug.name AS user_group
|
||||
@ -92,5 +102,9 @@ func GetDashboardPermissions(query *m.GetDashboardPermissionsQuery) error {
|
||||
|
||||
err := x.SQL(rawSQL, query.DashboardId).Find(&query.Result)
|
||||
|
||||
for _, p := range query.Result {
|
||||
p.Permissions = fmt.Sprint(p.PermissionType)
|
||||
}
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
@ -29,7 +29,8 @@ func TestDashboardAclDataAccess(t *testing.T) {
|
||||
err = GetDashboardPermissions(q1)
|
||||
So(err, ShouldBeNil)
|
||||
So(q1.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
|
||||
So(q1.Result[0].Permissions, ShouldEqual, m.PERMISSION_EDIT)
|
||||
So(q1.Result[0].PermissionType, ShouldEqual, m.PERMISSION_EDIT)
|
||||
So(q1.Result[0].Permissions, ShouldEqual, "Edit")
|
||||
So(q1.Result[0].UserId, ShouldEqual, currentUser.Id)
|
||||
So(q1.Result[0].UserLogin, ShouldEqual, currentUser.Login)
|
||||
So(q1.Result[0].UserEmail, ShouldEqual, currentUser.Email)
|
||||
@ -56,7 +57,7 @@ func TestDashboardAclDataAccess(t *testing.T) {
|
||||
So(err, ShouldBeNil)
|
||||
So(len(q3.Result), ShouldEqual, 1)
|
||||
So(q3.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
|
||||
So(q3.Result[0].Permissions, ShouldEqual, m.PERMISSION_READ_ONLY_EDIT)
|
||||
So(q3.Result[0].PermissionType, ShouldEqual, m.PERMISSION_READ_ONLY_EDIT)
|
||||
So(q3.Result[0].UserId, ShouldEqual, 1)
|
||||
|
||||
})
|
||||
@ -94,7 +95,7 @@ func TestDashboardAclDataAccess(t *testing.T) {
|
||||
err = GetDashboardPermissions(q1)
|
||||
So(err, ShouldBeNil)
|
||||
So(q1.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
|
||||
So(q1.Result[0].Permissions, ShouldEqual, m.PERMISSION_EDIT)
|
||||
So(q1.Result[0].PermissionType, ShouldEqual, m.PERMISSION_EDIT)
|
||||
So(q1.Result[0].UserGroupId, ShouldEqual, group1.Result.Id)
|
||||
})
|
||||
|
||||
@ -112,7 +113,7 @@ func TestDashboardAclDataAccess(t *testing.T) {
|
||||
So(err, ShouldBeNil)
|
||||
So(len(q3.Result), ShouldEqual, 1)
|
||||
So(q3.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
|
||||
So(q3.Result[0].Permissions, ShouldEqual, m.PERMISSION_READ_ONLY_EDIT)
|
||||
So(q3.Result[0].PermissionType, ShouldEqual, m.PERMISSION_READ_ONLY_EDIT)
|
||||
So(q3.Result[0].UserGroupId, ShouldEqual, group1.Result.Id)
|
||||
|
||||
})
|
||||
|
||||
Loading…
Reference in New Issue
Block a user