mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
dashboard acl stuff
This commit is contained in:
parent
2257c1f874
commit
659a59107e
@ -25,18 +25,18 @@ func NewDashboardGuardian(dashId int64, orgId int64, user *m.SignedInUser) *Dash
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (g *DashboardGuardian) CanSave() (bool, error) {
|
func (g *DashboardGuardian) CanSave() (bool, error) {
|
||||||
return g.HasPermission(m.PERMISSION_EDIT, m.ROLE_EDITOR)
|
return g.HasPermission(m.PERMISSION_EDIT)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (g *DashboardGuardian) CanEdit() (bool, error) {
|
func (g *DashboardGuardian) CanEdit() (bool, error) {
|
||||||
return g.HasPermission(m.PERMISSION_EDIT, m.ROLE_READ_ONLY_EDITOR)
|
return g.HasPermission(m.PERMISSION_EDIT)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (g *DashboardGuardian) CanView() (bool, error) {
|
func (g *DashboardGuardian) CanView() (bool, error) {
|
||||||
return g.HasPermission(m.PERMISSION_VIEW, m.ROLE_VIEWER)
|
return g.HasPermission(m.PERMISSION_VIEW)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (g *DashboardGuardian) HasPermission(permission m.PermissionType, fallbackRole m.RoleType) (bool, error) {
|
func (g *DashboardGuardian) HasPermission(permission m.PermissionType) (bool, error) {
|
||||||
if g.user.OrgRole == m.ROLE_ADMIN {
|
if g.user.OrgRole == m.ROLE_ADMIN {
|
||||||
return true, nil
|
return true, nil
|
||||||
}
|
}
|
||||||
@ -46,11 +46,6 @@ func (g *DashboardGuardian) HasPermission(permission m.PermissionType, fallbackR
|
|||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// if no acl use org role to determine permission
|
|
||||||
if len(acl) == 0 {
|
|
||||||
return g.user.HasRole(fallbackRole), nil
|
|
||||||
}
|
|
||||||
|
|
||||||
userGroups, err := g.getUserGroups()
|
userGroups, err := g.getUserGroups()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
@ -66,6 +61,12 @@ func (g *DashboardGuardian) HasPermission(permission m.PermissionType, fallbackR
|
|||||||
return true, nil
|
return true, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if p.Role.IsValid() {
|
||||||
|
if p.Role == g.user.OrgRole && p.Permission >= permission {
|
||||||
|
return true, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return false, nil
|
return false, nil
|
||||||
|
@ -132,6 +132,7 @@ func GetInheritedDashboardAcl(query *m.GetInheritedDashboardAclQuery) error {
|
|||||||
da.dashboard_id,
|
da.dashboard_id,
|
||||||
da.user_id,
|
da.user_id,
|
||||||
da.user_group_id,
|
da.user_group_id,
|
||||||
|
da.role,
|
||||||
da.permission,
|
da.permission,
|
||||||
da.created,
|
da.created,
|
||||||
da.updated
|
da.updated
|
||||||
|
Loading…
Reference in New Issue
Block a user