WIP: Permission Type as string in permission query

2025-02-25 18:55:37 -06:00 · 2017-06-08 10:39:17 +02:00
parent 96afb91ac4
commit 2097ed0bb8
6 changed files with 70 additions and 24 deletions
--- a/pkg/api/dashboard_acl_test.go
+++ b/pkg/api/dashboard_acl_test.go
@@ -13,10 +13,10 @@ import (
 func TestDashboardAclApiEndpoint(t *testing.T) {
 	Convey("Given a dashboard acl", t, func() {
 		mockResult := []*models.DashboardAclInfoDTO{
-			{Id: 1, OrgId: 1, DashboardId: 1, UserId: 2, Permissions: models.PERMISSION_EDIT},
-			{Id: 2, OrgId: 1, DashboardId: 1, UserId: 3, Permissions: models.PERMISSION_VIEW},
-			{Id: 3, OrgId: 1, DashboardId: 1, UserGroupId: 1, Permissions: models.PERMISSION_EDIT},
-			{Id: 4, OrgId: 1, DashboardId: 1, UserGroupId: 2, Permissions: models.PERMISSION_READ_ONLY_EDIT},
+			{Id: 1, OrgId: 1, DashboardId: 1, UserId: 2, PermissionType: models.PERMISSION_EDIT},
+			{Id: 2, OrgId: 1, DashboardId: 1, UserId: 3, PermissionType: models.PERMISSION_VIEW},
+			{Id: 3, OrgId: 1, DashboardId: 1, UserGroupId: 1, PermissionType: models.PERMISSION_EDIT},
+			{Id: 4, OrgId: 1, DashboardId: 1, UserGroupId: 2, PermissionType: models.PERMISSION_READ_ONLY_EDIT},
 		}
 		bus.AddHandler("test", func(query *models.GetDashboardPermissionsQuery) error {
 			query.Result = mockResult
@@ -34,14 +34,14 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
 					respJSON, err := simplejson.NewJson(sc.resp.Body.Bytes())
 					So(err, ShouldBeNil)
 					So(respJSON.GetIndex(0).Get("userId").MustInt(), ShouldEqual, 2)
-					So(respJSON.GetIndex(0).Get("permissions").MustInt(), ShouldEqual, models.PERMISSION_EDIT)
+					So(respJSON.GetIndex(0).Get("permissionType").MustInt(), ShouldEqual, models.PERMISSION_EDIT)
 				})
 			})
 		})

 		Convey("When user is editor and in the ACL", func() {
 			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/1/acl", "/api/dashboards/:id/acl", models.ROLE_EDITOR, func(sc *scenarioContext) {
-				mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_EDIT})
+				mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, PermissionType: models.PERMISSION_EDIT})

 				bus.AddHandler("test2", func(query *models.GetAllowedDashboardsQuery) error {
 					query.Result = []int64{1}
@@ -57,7 +57,7 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
 			})

 			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/1/acl/user/1", "/api/dashboards/:id/acl/user/:userId", models.ROLE_EDITOR, func(sc *scenarioContext) {
-				mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_EDIT})
+				mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, PermissionType: models.PERMISSION_EDIT})

 				bus.AddHandler("test3", func(cmd *models.RemoveDashboardPermissionCommand) error {
 					return nil
@@ -110,7 +110,7 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
 			})

 			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/1/acl/user/1", "/api/dashboards/:id/acl/user/:userId", models.ROLE_EDITOR, func(sc *scenarioContext) {
-				mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_VIEW})
+				mockResult = append(mockResult, &models.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, PermissionType: models.PERMISSION_VIEW})
 				bus.AddHandler("test3", func(cmd *models.RemoveDashboardPermissionCommand) error {
 					return nil
 				})
--- a/pkg/models/dashboard_acl.go
+++ b/pkg/models/dashboard_acl.go
@@ -5,11 +5,20 @@ import "time"
 type PermissionType int

 const (
-	PERMISSION_EDIT           PermissionType = 4
-	PERMISSION_READ_ONLY_EDIT PermissionType = 2
-	PERMISSION_VIEW           PermissionType = 1
+	PERMISSION_EDIT PermissionType = 1 << iota
+	PERMISSION_READ_ONLY_EDIT
+	PERMISSION_VIEW
 )

+func (p PermissionType) String() string {
+	names := map[int]string{
+		int(PERMISSION_VIEW):           "View",
+		int(PERMISSION_READ_ONLY_EDIT): "Read-only Edit",
+		int(PERMISSION_EDIT):           "Edit",
+	}
+	return names[int(p)]
+}
+
 // Typed errors
 // var (
 // 	ErrDashboardPermissionAlreadyAdded = errors.New("A permission has  ")
@@ -37,12 +46,13 @@ type DashboardAclInfoDTO struct {
 	Created time.Time `json:"created"`
 	Updated time.Time `json:"updated"`

-	UserId      int64          `json:"userId"`
-	UserLogin   string         `json:"userLogin"`
-	UserEmail   string         `json:"userEmail"`
-	UserGroupId int64          `json:"userGroupId"`
-	UserGroup   string         `json:"userGroup"`
-	Permissions PermissionType `json:"permissions"`
+	UserId         int64          `json:"userId"`
+	UserLogin      string         `json:"userLogin"`
+	UserEmail      string         `json:"userEmail"`
+	UserGroupId    int64          `json:"userGroupId"`
+	UserGroup      string         `json:"userGroup"`
+	PermissionType PermissionType `json:"permissionType"`
+	Permissions    string         `json:"permissions"`
 }

 //
--- a/pkg/models/dashboard_acl_test.go
+++ b/pkg/models/dashboard_acl_test.go
@@ -0,0 +1,21 @@
+package models
+
+import (
+	"testing"
+
+	"fmt"
+
+	. "github.com/smartystreets/goconvey/convey"
+)
+
+func TestDashboardAclModel(t *testing.T) {
+
+	Convey("When printing a PermissionType", t, func() {
+		view := PERMISSION_VIEW
+		printed := fmt.Sprint(view)
+
+		Convey("Should output a friendly name", func() {
+			So(printed, ShouldEqual, "View")
+		})
+	})
+}
--- a/pkg/services/guardian/guardian.go
+++ b/pkg/services/guardian/guardian.go
@@ -57,12 +57,12 @@ func CanDeleteFromAcl(dashboardId int64, role m.RoleType, isGrafanaAdmin bool, o
 	userGroups, err := getUserGroupsByUser(userId)

 	for _, p := range permissions {
-		if p.UserId == userId && p.Permissions == m.PERMISSION_EDIT {
+		if p.UserId == userId && p.PermissionType == m.PERMISSION_EDIT {
 			return true, nil
 		}

 		for _, ug := range userGroups {
-			if ug.Id == p.UserGroupId && p.Permissions == m.PERMISSION_EDIT {
+			if ug.Id == p.UserGroupId && p.PermissionType == m.PERMISSION_EDIT {
 				return true, nil
 			}
 		}
--- a/pkg/services/sqlstore/dashboard_acl.go
+++ b/pkg/services/sqlstore/dashboard_acl.go
@@ -3,6 +3,8 @@ package sqlstore
 import (
 	"time"

+	"fmt"
+
 	"github.com/grafana/grafana/pkg/bus"
 	m "github.com/grafana/grafana/pkg/models"
 )
@@ -79,7 +81,15 @@ func RemoveDashboardPermission(cmd *m.RemoveDashboardPermissionCommand) error {

 func GetDashboardPermissions(query *m.GetDashboardPermissionsQuery) error {
 	rawSQL := `SELECT
-  da.*,
+  da.id,
+  da.org_id,
+  da.id,
+  da.dashboard_id,
+  da.user_id,
+  da.user_group_id,
+  da.permissions as permission_type,
+  da.created,
+  da.updated,
  u.login AS user_login,
  u.email AS user_email,
  ug.name AS user_group
@@ -92,5 +102,9 @@ func GetDashboardPermissions(query *m.GetDashboardPermissionsQuery) error {

 	err := x.SQL(rawSQL, query.DashboardId).Find(&query.Result)

+	for _, p := range query.Result {
+		p.Permissions = fmt.Sprint(p.PermissionType)
+	}
+
 	return err
 }
--- a/pkg/services/sqlstore/dashboard_acl_test.go
+++ b/pkg/services/sqlstore/dashboard_acl_test.go
@@ -29,7 +29,8 @@ func TestDashboardAclDataAccess(t *testing.T) {
 				err = GetDashboardPermissions(q1)
 				So(err, ShouldBeNil)
 				So(q1.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
-				So(q1.Result[0].Permissions, ShouldEqual, m.PERMISSION_EDIT)
+				So(q1.Result[0].PermissionType, ShouldEqual, m.PERMISSION_EDIT)
+				So(q1.Result[0].Permissions, ShouldEqual, "Edit")
 				So(q1.Result[0].UserId, ShouldEqual, currentUser.Id)
 				So(q1.Result[0].UserLogin, ShouldEqual, currentUser.Login)
 				So(q1.Result[0].UserEmail, ShouldEqual, currentUser.Email)
@@ -56,7 +57,7 @@ func TestDashboardAclDataAccess(t *testing.T) {
 					So(err, ShouldBeNil)
 					So(len(q3.Result), ShouldEqual, 1)
 					So(q3.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
-					So(q3.Result[0].Permissions, ShouldEqual, m.PERMISSION_READ_ONLY_EDIT)
+					So(q3.Result[0].PermissionType, ShouldEqual, m.PERMISSION_READ_ONLY_EDIT)
 					So(q3.Result[0].UserId, ShouldEqual, 1)

 				})
@@ -94,7 +95,7 @@ func TestDashboardAclDataAccess(t *testing.T) {
 					err = GetDashboardPermissions(q1)
 					So(err, ShouldBeNil)
 					So(q1.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
-					So(q1.Result[0].Permissions, ShouldEqual, m.PERMISSION_EDIT)
+					So(q1.Result[0].PermissionType, ShouldEqual, m.PERMISSION_EDIT)
 					So(q1.Result[0].UserGroupId, ShouldEqual, group1.Result.Id)
 				})

@@ -112,7 +113,7 @@ func TestDashboardAclDataAccess(t *testing.T) {
 					So(err, ShouldBeNil)
 					So(len(q3.Result), ShouldEqual, 1)
 					So(q3.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
-					So(q3.Result[0].Permissions, ShouldEqual, m.PERMISSION_READ_ONLY_EDIT)
+					So(q3.Result[0].PermissionType, ShouldEqual, m.PERMISSION_READ_ONLY_EDIT)
 					So(q3.Result[0].UserGroupId, ShouldEqual, group1.Result.Id)

 				})