mirror of
https://github.com/grafana/grafana.git
synced 2024-12-28 18:01:40 -06:00
dashboard acl work
This commit is contained in:
parent
408c37170f
commit
43ffe826fa
@ -23,7 +23,39 @@ func GetDashboardAclList(c *middleware.Context) Response {
|
||||
return ApiError(500, "Failed to get Dashboard ACL", err)
|
||||
}
|
||||
|
||||
return Json(200, &query.Result)
|
||||
list := query.Result
|
||||
hasViewRoleAcl := false
|
||||
hasEditRoleAcl := false
|
||||
|
||||
for _, item := range list {
|
||||
if item.Role == m.ROLE_EDITOR {
|
||||
hasEditRoleAcl = true
|
||||
}
|
||||
if item.Role == m.ROLE_VIEWER {
|
||||
hasViewRoleAcl = true
|
||||
}
|
||||
}
|
||||
|
||||
if !hasEditRoleAcl {
|
||||
tmpList := append([]*m.DashboardAclInfoDTO{}, &m.DashboardAclInfoDTO{
|
||||
Id: 0,
|
||||
Role: m.ROLE_EDITOR,
|
||||
Permissions: m.PERMISSION_EDIT,
|
||||
PermissionName: "Edit",
|
||||
})
|
||||
list = append(tmpList, list...)
|
||||
}
|
||||
if !hasViewRoleAcl {
|
||||
tmpList := append([]*m.DashboardAclInfoDTO{}, &m.DashboardAclInfoDTO{
|
||||
Id: 0,
|
||||
Role: m.ROLE_VIEWER,
|
||||
Permissions: m.PERMISSION_VIEW,
|
||||
PermissionName: "View",
|
||||
})
|
||||
list = append(tmpList, list...)
|
||||
}
|
||||
|
||||
return Json(200, list)
|
||||
}
|
||||
|
||||
func PostDashboardAcl(c *middleware.Context, cmd m.SetDashboardAclCommand) Response {
|
||||
|
@ -8,16 +8,18 @@ import (
|
||||
type PermissionType int
|
||||
|
||||
const (
|
||||
PERMISSION_NONE = 0
|
||||
PERMISSION_VIEW PermissionType = 1 << iota
|
||||
PERMISSION_READ_ONLY_EDIT
|
||||
PERMISSION_EDIT
|
||||
PERMISSION_ADMIN
|
||||
)
|
||||
|
||||
func (p PermissionType) String() string {
|
||||
names := map[int]string{
|
||||
int(PERMISSION_VIEW): "View",
|
||||
int(PERMISSION_READ_ONLY_EDIT): "Read-only Edit",
|
||||
int(PERMISSION_EDIT): "Edit",
|
||||
int(PERMISSION_NONE): "None",
|
||||
int(PERMISSION_VIEW): "View",
|
||||
int(PERMISSION_EDIT): "Edit",
|
||||
int(PERMISSION_ADMIN): "Admin",
|
||||
}
|
||||
return names[int(p)]
|
||||
}
|
||||
@ -55,6 +57,7 @@ type DashboardAclInfoDTO struct {
|
||||
UserEmail string `json:"userEmail"`
|
||||
UserGroupId int64 `json:"userGroupId"`
|
||||
UserGroup string `json:"userGroup"`
|
||||
Role RoleType `json:"role"`
|
||||
Permissions PermissionType `json:"permissions"`
|
||||
PermissionName string `json:"permissionName"`
|
||||
}
|
||||
|
@ -29,7 +29,7 @@ func (g *DashboardGuardian) CanSave() (bool, error) {
|
||||
}
|
||||
|
||||
func (g *DashboardGuardian) CanEdit() (bool, error) {
|
||||
return g.HasPermission(m.PERMISSION_READ_ONLY_EDIT, m.ROLE_READ_ONLY_EDITOR)
|
||||
return g.HasPermission(m.PERMISSION_EDIT, m.ROLE_READ_ONLY_EDITOR)
|
||||
}
|
||||
|
||||
func (g *DashboardGuardian) CanView() (bool, error) {
|
||||
|
@ -22,6 +22,7 @@ function ($, angular, coreModule, _) {
|
||||
restrict: 'A',
|
||||
link: function(scope, elem) {
|
||||
var editorScope;
|
||||
var modalScope;
|
||||
var lastEditView;
|
||||
|
||||
function hideEditorPane(hideToShowOtherView) {
|
||||
@ -47,6 +48,11 @@ function ($, angular, coreModule, _) {
|
||||
editorScope = options.scope ? options.scope.$new() : scope.$new();
|
||||
|
||||
editorScope.dismiss = function(hideToShowOtherView) {
|
||||
if (modalScope) {
|
||||
modalScope.dismiss();
|
||||
modalScope = null;
|
||||
}
|
||||
|
||||
editorScope.$destroy();
|
||||
lastEditView = null;
|
||||
editorScope = null;
|
||||
@ -73,7 +79,7 @@ function ($, angular, coreModule, _) {
|
||||
};
|
||||
|
||||
if (options.isModal) {
|
||||
var modalScope = $rootScope.$new();
|
||||
modalScope = $rootScope.$new();
|
||||
modalScope.$on("$destroy", function() {
|
||||
editorScope.dismiss();
|
||||
});
|
||||
|
@ -36,53 +36,27 @@
|
||||
<!-- </div> -->
|
||||
<!-- </form> -->
|
||||
|
||||
<div>
|
||||
<div class="section">
|
||||
<h5 class="section-heading">Groups & Users</h5>
|
||||
<div class="gf-form" ng-repeat="acl in ctrl.userAcl">
|
||||
<span class="gf-form-label width-15">
|
||||
<i class="fa fa-fw fa-user"></i>
|
||||
{{acl.userLogin}}
|
||||
</span>
|
||||
<div class="gf-form-select-wrapper">
|
||||
<select class="gf-form-input gf-size-auto" ng-model="acl.permissions" ng-options="p.value as p.text for p in ctrl.permissionTypeOptions" ng-change="ctrl.updatePermission(permission)"></select>
|
||||
</div>
|
||||
<button class="btn btn-inverse gf-form-btn" ng-click="ctrl.addQuery()" ng-hide="ctrl.current.meta.mixed">
|
||||
<table class="filter-table">
|
||||
<tr ng-repeat="acl in ctrl.aclItems">
|
||||
<td style="width: 100%;">
|
||||
<i class="{{acl.icon}}"></i>
|
||||
<span ng-bind-html="acl.nameHtml"></span>
|
||||
</td>
|
||||
<td>can...</td>
|
||||
<td class="dropdown">
|
||||
<a class="pointer" style="white-space: nowrap">
|
||||
{{acl.permissionName}}
|
||||
<i class="fa fa-caret-down"></i>
|
||||
</a>
|
||||
</td>
|
||||
<td>
|
||||
<a class="btn btn-inverse btn-small" ng-show="revision.version !== ctrl.dashboard.version" ng-click="ctrl.restore(revision.version)">
|
||||
<i class="fa fa-remove"></i>
|
||||
</button>
|
||||
</div>
|
||||
<div class="gf-form dropdown">
|
||||
<button class="btn btn-inverse gf-form-btn" data-toggle="dropdown">
|
||||
<i class="fa fa-fw fa-plus"></i> Add Permission
|
||||
</button>
|
||||
<ul class="dropdown-menu dropdown-menu--new">
|
||||
<li>
|
||||
<a class="pointer" ng-click="ctrl.addUserGroup()">
|
||||
<i class="fa fa-fw fa-users"></i> User Group
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a class="pointer" ng-click="ctrl.addUserAcl()">
|
||||
<i class="fa fa-fw fa-user"></i> User
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<div class="section pull-right">
|
||||
<h5 class="section-heading">Built-in roles</h5>
|
||||
<div class="gf-form" ng-repeat="roleAcl in ctrl.roles">
|
||||
<span class="gf-form-label width-5">
|
||||
{{roleAcl.name}}
|
||||
</span>
|
||||
<div class="gf-form-select-wrapper">
|
||||
<select class="gf-form-input gf-size-auto" ng-model="roleAcl.permissions" ng-options="p.value as p.text for p in ctrl.roleOptions" ng-change="ctrl.updatePermission(permission)"></select>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<div class="clearfix"></div>
|
||||
|
||||
<div class="gf-form-button-row text-center">
|
||||
<button type="submit" class="btn btn-danger" ng-disabled="!ctrl.canUpdate">Update Permissions</button>
|
||||
@ -136,11 +110,11 @@
|
||||
<!-- <td>{{role.name}}</td> -->
|
||||
<!-- <td><select class="gf-form-input gf-size-auto" ng-model="role.permissions" ng-options="p.value as p.text for p in ctrl.roleOptions" ng-change="ctrl.updatePermission(role)"></select></td> -->
|
||||
<!-- <td class="text-right"> -->
|
||||
<!-- -->
|
||||
<!-- </td> -->
|
||||
<!-- </tr> -->
|
||||
<!-- </tbody> -->
|
||||
<!-- </table> -->
|
||||
<!-- </div> -->
|
||||
<!-- -->
|
||||
<!-- </td> -->
|
||||
<!-- </tr> -->
|
||||
<!-- </tbody> -->
|
||||
<!-- </table> -->
|
||||
<!-- </div> -->
|
||||
<!-- </div> -->
|
||||
<!-- </div> -->
|
||||
|
@ -6,32 +6,21 @@ import _ from 'lodash';
|
||||
|
||||
export class AclCtrl {
|
||||
dashboard: any;
|
||||
userAcl: DashboardAcl[];
|
||||
groupAcl: DashboardAcl[];
|
||||
permissionTypeOptions = [
|
||||
aclItems: DashboardAcl[];
|
||||
permissionOptions = [
|
||||
{value: 1, text: 'View'},
|
||||
{value: 2, text: 'Edit'},
|
||||
{value: 4, text: 'Admin'}
|
||||
];
|
||||
|
||||
roleOptions = [
|
||||
{value: 0, text: 'No Access'},
|
||||
{value: 1, text: 'View'},
|
||||
{value: 2, text: 'Edit'},
|
||||
{value: 4, text: 'Admin'}
|
||||
];
|
||||
|
||||
roles = [];
|
||||
|
||||
type = 'User Group';
|
||||
permission = 1;
|
||||
userId: number;
|
||||
userGroupId: number;
|
||||
|
||||
/** @ngInject */
|
||||
constructor(private backendSrv, private dashboardSrv) {
|
||||
this.userAcl = [];
|
||||
this.groupAcl = [];
|
||||
constructor(private backendSrv, private dashboardSrv, private $sce) {
|
||||
this.aclItems = [];
|
||||
this.dashboard = dashboardSrv.getCurrent();
|
||||
this.get(this.dashboard.id);
|
||||
}
|
||||
@ -39,20 +28,22 @@ export class AclCtrl {
|
||||
get(dashboardId: number) {
|
||||
return this.backendSrv.get(`/api/dashboards/id/${dashboardId}/acl`)
|
||||
.then(result => {
|
||||
this.userAcl = _.filter(result, p => { return p.userId > 0;});
|
||||
this.groupAcl = _.filter(result, p => { return p.userGroupId > 0;});
|
||||
this.roles = this.setRoles(result);
|
||||
this.aclItems = _.map(result, item => {
|
||||
if (item.userId > 0) {
|
||||
item.icon = "fa fa-fw fa-user";
|
||||
item.nameHtml = this.$sce.trustAsHtml(item.userLogin);
|
||||
} else if (item.userGroupId > 0) {
|
||||
item.icon = "fa fa-fw fa-users";
|
||||
item.nameHtml = this.$sce.trustAsHtml(item.userGroup);
|
||||
} else if (item.role) {
|
||||
item.icon = "fa fa-fw fa-street-view";
|
||||
item.nameHtml = this.$sce.trustAsHtml(`Everyone with <span class="query-keyword">${item.role}</span> Role`);
|
||||
}
|
||||
return item;
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
setRoles(result: any) {
|
||||
return [
|
||||
{name: 'Viewer', permissions: 1},
|
||||
{name: 'Editor', permissions: 2},
|
||||
{name: 'Admin', permissions: 4}
|
||||
];
|
||||
}
|
||||
|
||||
addPermission() {
|
||||
if (this.type === 'User') {
|
||||
if (!this.userId) {
|
||||
|
Loading…
Reference in New Issue
Block a user