From 659a59107ec52f3551cd430cb3f9c13e878224c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torkel=20=C3=96degaard?= <torkel@grafana.org>
Date: Wed, 21 Jun 2017 19:23:24 -0400
Subject: [PATCH] dashboard acl stuff

---
 pkg/services/guardian/guardian.go      | 19 ++++++++++---------
 pkg/services/sqlstore/dashboard_acl.go |  1 +
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/pkg/services/guardian/guardian.go b/pkg/services/guardian/guardian.go
index ca7150e15c4..4a2c32f32ab 100644
--- a/pkg/services/guardian/guardian.go
+++ b/pkg/services/guardian/guardian.go
@@ -25,18 +25,18 @@ func NewDashboardGuardian(dashId int64, orgId int64, user *m.SignedInUser) *Dash
 }
 
 func (g *DashboardGuardian) CanSave() (bool, error) {
-	return g.HasPermission(m.PERMISSION_EDIT, m.ROLE_EDITOR)
+	return g.HasPermission(m.PERMISSION_EDIT)
 }
 
 func (g *DashboardGuardian) CanEdit() (bool, error) {
-	return g.HasPermission(m.PERMISSION_EDIT, m.ROLE_READ_ONLY_EDITOR)
+	return g.HasPermission(m.PERMISSION_EDIT)
 }
 
 func (g *DashboardGuardian) CanView() (bool, error) {
-	return g.HasPermission(m.PERMISSION_VIEW, m.ROLE_VIEWER)
+	return g.HasPermission(m.PERMISSION_VIEW)
 }
 
-func (g *DashboardGuardian) HasPermission(permission m.PermissionType, fallbackRole m.RoleType) (bool, error) {
+func (g *DashboardGuardian) HasPermission(permission m.PermissionType) (bool, error) {
 	if g.user.OrgRole == m.ROLE_ADMIN {
 		return true, nil
 	}
@@ -46,11 +46,6 @@ func (g *DashboardGuardian) HasPermission(permission m.PermissionType, fallbackR
 		return false, err
 	}
 
-	// if no acl use org role to determine permission
-	if len(acl) == 0 {
-		return g.user.HasRole(fallbackRole), nil
-	}
-
 	userGroups, err := g.getUserGroups()
 	if err != nil {
 		return false, err
@@ -66,6 +61,12 @@ func (g *DashboardGuardian) HasPermission(permission m.PermissionType, fallbackR
 				return true, nil
 			}
 		}
+
+		if p.Role.IsValid() {
+			if p.Role == g.user.OrgRole && p.Permission >= permission {
+				return true, nil
+			}
+		}
 	}
 
 	return false, nil
diff --git a/pkg/services/sqlstore/dashboard_acl.go b/pkg/services/sqlstore/dashboard_acl.go
index 511f8c9beba..0c1e448da90 100644
--- a/pkg/services/sqlstore/dashboard_acl.go
+++ b/pkg/services/sqlstore/dashboard_acl.go
@@ -132,6 +132,7 @@ func GetInheritedDashboardAcl(query *m.GetInheritedDashboardAclQuery) error {
   da.dashboard_id,
   da.user_id,
   da.user_group_id,
+  da.role,
   da.permission,
   da.created,
   da.updated