WIP: move guardian logic for search into the sql query

2025-02-25 18:55:37 -06:00 · 2017-06-17 02:33:53 +02:00
parent 84ff62d773
commit 5cf40cbd12
11 changed files with 153 additions and 118 deletions
--- a/pkg/services/sqlstore/dashboard_test.go
+++ b/pkg/services/sqlstore/dashboard_test.go
@@ -9,6 +9,7 @@ import (
 	"github.com/grafana/grafana/pkg/components/simplejson"
 	m "github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/services/search"
+	"github.com/grafana/grafana/pkg/setting"
 )

 func insertTestDashboard(title string, orgId int64, parentId int64, isFolder bool, tags ...interface{}) *m.Dashboard {
@@ -116,9 +117,10 @@ func TestDashboardDataAccess(t *testing.T) {

 			Convey("Should be able to search for dashboard and return in folder hierarchy", func() {
 				query := search.FindPersistedDashboardsQuery{
-					Title: "test dash 23",
-					OrgId: 1,
-					Mode:  "tree",
+					Title:        "test dash 23",
+					OrgId:        1,
+					Mode:         "tree",
+					SignedInUser: &m.SignedInUser{OrgId: 1},
 				}

 				err := SearchDashboards(&query)
@@ -135,8 +137,9 @@ func TestDashboardDataAccess(t *testing.T) {

 			Convey("Should be able to search for dashboard folder", func() {
 				query := search.FindPersistedDashboardsQuery{
-					Title: "1 test dash folder",
-					OrgId: 1,
+					Title:        "1 test dash folder",
+					OrgId:        1,
+					SignedInUser: &m.SignedInUser{OrgId: 1},
 				}

 				err := SearchDashboards(&query)
@@ -149,8 +152,9 @@ func TestDashboardDataAccess(t *testing.T) {

 			Convey("Should be able to search for a dashboard folder's children", func() {
 				query := search.FindPersistedDashboardsQuery{
-					OrgId:    1,
-					ParentId: savedFolder.Id,
+					OrgId:        1,
+					ParentId:     savedFolder.Id,
+					SignedInUser: &m.SignedInUser{OrgId: 1},
 				}

 				err := SearchDashboards(&query)
@@ -164,9 +168,9 @@ func TestDashboardDataAccess(t *testing.T) {
 			Convey("Should be able to search for dashboard by dashboard ids", func() {
 				Convey("should be able to find two dashboards by id", func() {
 					query := search.FindPersistedDashboardsQuery{
-						DashboardIds: []int{2, 3},
-						OrgId:        1,
+						DashboardIds: []int64{2, 3},
 						Mode:         "tree",
+						SignedInUser: &m.SignedInUser{OrgId: 1},
 					}

 					err := SearchDashboards(&query)
@@ -183,8 +187,8 @@ func TestDashboardDataAccess(t *testing.T) {

 				Convey("DashboardIds that does not exists should not cause errors", func() {
 					query := search.FindPersistedDashboardsQuery{
-						DashboardIds: []int{1000},
-						OrgId:        1,
+						DashboardIds: []int64{1000},
+						SignedInUser: &m.SignedInUser{OrgId: 1},
 					}

 					err := SearchDashboards(&query)
@@ -253,8 +257,9 @@ func TestDashboardDataAccess(t *testing.T) {
 				So(err, ShouldBeNil)

 				query := search.FindPersistedDashboardsQuery{
-					OrgId:    1,
-					ParentId: savedFolder.Id,
+					OrgId:        1,
+					ParentId:     savedFolder.Id,
+					SignedInUser: &m.SignedInUser{},
 				}

 				err = SearchDashboards(&query)
@@ -285,7 +290,7 @@ func TestDashboardDataAccess(t *testing.T) {
 				})

 				Convey("Should be able to search for starred dashboards", func() {
-					query := search.FindPersistedDashboardsQuery{OrgId: 1, UserId: 10, IsStarred: true}
+					query := search.FindPersistedDashboardsQuery{SignedInUser: &m.SignedInUser{UserId: 10, OrgId: 1}, IsStarred: true}
 					err := SearchDashboards(&query)

 					So(err, ShouldBeNil)
@@ -294,5 +299,95 @@ func TestDashboardDataAccess(t *testing.T) {
 				})
 			})
 		})
+
+		Convey("Given one dashboard folder with two dashboard and one dashboard in the root folder", func() {
+			folder := insertTestDashboard("1 test dash folder", 1, 0, true, "prod", "webapp")
+			dashInRoot := insertTestDashboard("test dash 67", 1, 0, false, "prod", "webapp")
+			insertTestDashboard("test dash 23", 1, folder.Id, false, "prod", "webapp")
+			insertTestDashboard("test dash 45", 1, folder.Id, false, "prod")
+
+			currentUser := createUser("viewer", "Viewer", false)
+
+			Convey("and no acls are set", func() {
+				Convey("should return all dashboards", func() {
+					query := &search.FindPersistedDashboardsQuery{SignedInUser: &m.SignedInUser{UserId: currentUser.Id, OrgId: 1}, OrgId: 1, DashboardIds: []int64{folder.Id, dashInRoot.Id}}
+					err := SearchDashboards(query)
+					So(err, ShouldBeNil)
+					So(len(query.Result), ShouldEqual, 2)
+					So(query.Result[0].Id, ShouldEqual, folder.Id)
+					So(query.Result[1].Id, ShouldEqual, dashInRoot.Id)
+				})
+			})
+
+			Convey("and acl is set for dashboard folder", func() {
+				var otherUser int64 = 999
+				updateTestDashboardWithAcl(folder.Id, otherUser, m.PERMISSION_EDIT)
+
+				Convey("should not return folder", func() {
+					query := &search.FindPersistedDashboardsQuery{SignedInUser: &m.SignedInUser{UserId: currentUser.Id, OrgId: 1}, OrgId: 1, DashboardIds: []int64{folder.Id, dashInRoot.Id}}
+					err := SearchDashboards(query)
+					So(err, ShouldBeNil)
+					So(len(query.Result), ShouldEqual, 1)
+					So(query.Result[0].Id, ShouldEqual, dashInRoot.Id)
+				})
+
+				Convey("when the user is given permission", func() {
+					updateTestDashboardWithAcl(folder.Id, currentUser.Id, m.PERMISSION_EDIT)
+
+					Convey("should be able to access folder", func() {
+						query := &search.FindPersistedDashboardsQuery{SignedInUser: &m.SignedInUser{UserId: currentUser.Id, OrgId: 1}, OrgId: 1, DashboardIds: []int64{folder.Id, dashInRoot.Id}}
+						err := SearchDashboards(query)
+						So(err, ShouldBeNil)
+						So(len(query.Result), ShouldEqual, 2)
+						So(query.Result[0].Id, ShouldEqual, folder.Id)
+						So(query.Result[1].Id, ShouldEqual, dashInRoot.Id)
+					})
+				})
+
+				Convey("when the user is an admin", func() {
+					Convey("should be able to access folder", func() {
+						query := &search.FindPersistedDashboardsQuery{
+							SignedInUser: &m.SignedInUser{
+								UserId:  currentUser.Id,
+								OrgId:   1,
+								OrgRole: m.ROLE_ADMIN,
+							},
+							OrgId:        1,
+							DashboardIds: []int64{folder.Id, dashInRoot.Id},
+						}
+						err := SearchDashboards(query)
+						So(err, ShouldBeNil)
+						So(len(query.Result), ShouldEqual, 2)
+						So(query.Result[0].Id, ShouldEqual, folder.Id)
+						So(query.Result[1].Id, ShouldEqual, dashInRoot.Id)
+					})
+				})
+			})
+		})
 	})
 }
+
+func createUser(name string, role string, isAdmin bool) m.User {
+	setting.AutoAssignOrg = true
+	setting.AutoAssignOrgRole = role
+
+	currentUserCmd := m.CreateUserCommand{Login: name, Email: name + "@test.com", Name: "a " + name, IsAdmin: isAdmin}
+	err := CreateUser(&currentUserCmd)
+	So(err, ShouldBeNil)
+
+	q1 := m.GetUserOrgListQuery{UserId: currentUserCmd.Result.Id}
+	GetUserOrgList(&q1)
+	So(q1.Result[0].Role, ShouldEqual, role)
+
+	return currentUserCmd.Result
+}
+
+func updateTestDashboardWithAcl(dashId int64, userId int64, permissionType m.PermissionType) {
+	err := AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{
+		OrgId:          1,
+		UserId:         userId,
+		DashboardId:    dashId,
+		PermissionType: permissionType,
+	})
+	So(err, ShouldBeNil)
+}