mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
dashfolders: fixes #10671. Allow Editors default access to Root.
Editors should be able to create dashboards in root and should be able to create folders. They cannot administrate permissions though and these dashboards and folders will get the default permissions.
This commit is contained in:
Daniel Lee
@@ -126,14 +126,10 @@ func RemoveDashboardAcl(cmd *m.RemoveDashboardAclCommand) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func GetDashboardAclInfoList(query *m.GetDashboardAclInfoListQuery) error {
|
func GetDashboardAclInfoList(query *m.GetDashboardAclInfoListQuery) error {
|
||||||
dashboardFilter := fmt.Sprintf(`IN (
|
var err error
|
||||||
SELECT %d
|
|
||||||
UNION
|
|
||||||
SELECT folder_id from dashboard where id = %d
|
|
||||||
)`, query.DashboardId, query.DashboardId)
|
|
||||||
|
|
||||||
rawSQL := `
|
if query.DashboardId == 0 {
|
||||||
SELECT
|
sql := `SELECT
|
||||||
da.id,
|
da.id,
|
||||||
da.org_id,
|
da.org_id,
|
||||||
da.dashboard_id,
|
da.dashboard_id,
|
||||||
@@ -143,44 +139,71 @@ func GetDashboardAclInfoList(query *m.GetDashboardAclInfoListQuery) error {
|
|||||||
da.role,
|
da.role,
|
||||||
da.created,
|
da.created,
|
||||||
da.updated,
|
da.updated,
|
||||||
u.login AS user_login,
|
'' as user_login,
|
||||||
u.email AS user_email,
|
'' as user_email,
|
||||||
ug.name AS team
|
'' as team
|
||||||
FROM` + dialect.Quote("dashboard_acl") + ` as da
|
FROM dashboard_acl as da
|
||||||
LEFT OUTER JOIN ` + dialect.Quote("user") + ` AS u ON u.id = da.user_id
|
WHERE da.dashboard_id = -1`
|
||||||
LEFT OUTER JOIN team ug on ug.id = da.team_id
|
query.Result = make([]*m.DashboardAclInfoDTO, 0)
|
||||||
WHERE dashboard_id ` + dashboardFilter + ` AND da.org_id = ?
|
err = x.SQL(sql).Find(&query.Result)
|
||||||
|
|
||||||
-- Also include default permission if has_acl = 0
|
} else {
|
||||||
|
dashboardFilter := fmt.Sprintf(`IN (
|
||||||
|
SELECT %d
|
||||||
|
UNION
|
||||||
|
SELECT folder_id from dashboard where id = %d
|
||||||
|
)`, query.DashboardId, query.DashboardId)
|
||||||
|
|
||||||
UNION
|
rawSQL := `
|
||||||
SELECT
|
SELECT
|
||||||
da.id,
|
da.id,
|
||||||
da.org_id,
|
da.org_id,
|
||||||
da.dashboard_id,
|
da.dashboard_id,
|
||||||
da.user_id,
|
da.user_id,
|
||||||
da.team_id,
|
da.team_id,
|
||||||
da.permission,
|
da.permission,
|
||||||
da.role,
|
da.role,
|
||||||
da.created,
|
da.created,
|
||||||
da.updated,
|
da.updated,
|
||||||
'' as user_login,
|
u.login AS user_login,
|
||||||
'' as user_email,
|
u.email AS user_email,
|
||||||
'' as team
|
ug.name AS team
|
||||||
FROM dashboard_acl as da,
|
FROM` + dialect.Quote("dashboard_acl") + ` as da
|
||||||
dashboard as dash
|
LEFT OUTER JOIN ` + dialect.Quote("user") + ` AS u ON u.id = da.user_id
|
||||||
LEFT JOIN dashboard folder on dash.folder_id = folder.id
|
LEFT OUTER JOIN team ug on ug.id = da.team_id
|
||||||
WHERE
|
WHERE dashboard_id ` + dashboardFilter + ` AND da.org_id = ?
|
||||||
dash.id = ? AND (
|
|
||||||
dash.has_acl = ` + dialect.BooleanStr(false) + ` or
|
|
||||||
folder.has_acl = ` + dialect.BooleanStr(false) + `
|
|
||||||
) AND
|
|
||||||
da.dashboard_id = -1
|
|
||||||
ORDER BY 1 ASC
|
|
||||||
`
|
|
||||||
|
|
||||||
query.Result = make([]*m.DashboardAclInfoDTO, 0)
|
-- Also include default permission if has_acl = 0
|
||||||
err := x.SQL(rawSQL, query.OrgId, query.DashboardId).Find(&query.Result)
|
|
||||||
|
UNION
|
||||||
|
SELECT
|
||||||
|
da.id,
|
||||||
|
da.org_id,
|
||||||
|
da.dashboard_id,
|
||||||
|
da.user_id,
|
||||||
|
da.team_id,
|
||||||
|
da.permission,
|
||||||
|
da.role,
|
||||||
|
da.created,
|
||||||
|
da.updated,
|
||||||
|
'' as user_login,
|
||||||
|
'' as user_email,
|
||||||
|
'' as team
|
||||||
|
FROM dashboard_acl as da,
|
||||||
|
dashboard as dash
|
||||||
|
LEFT JOIN dashboard folder on dash.folder_id = folder.id
|
||||||
|
WHERE
|
||||||
|
dash.id = ? AND (
|
||||||
|
dash.has_acl = ` + dialect.BooleanStr(false) + ` or
|
||||||
|
folder.has_acl = ` + dialect.BooleanStr(false) + `
|
||||||
|
) AND
|
||||||
|
da.dashboard_id = -1
|
||||||
|
ORDER BY 1 ASC
|
||||||
|
`
|
||||||
|
|
||||||
|
query.Result = make([]*m.DashboardAclInfoDTO, 0)
|
||||||
|
err = x.SQL(rawSQL, query.OrgId, query.DashboardId).Find(&query.Result)
|
||||||
|
}
|
||||||
|
|
||||||
for _, p := range query.Result {
|
for _, p := range query.Result {
|
||||||
p.PermissionName = p.Permission.String()
|
p.PermissionName = p.Permission.String()
|
||||||
|
|||||||
@@ -232,5 +232,23 @@ func TestDashboardAclDataAccess(t *testing.T) {
|
|||||||
|
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
Convey("Given a root folder", func() {
|
||||||
|
var rootFolderId int64 = 0
|
||||||
|
|
||||||
|
Convey("When reading dashboard acl should return default permissions", func() {
|
||||||
|
query := m.GetDashboardAclInfoListQuery{DashboardId: rootFolderId, OrgId: 1}
|
||||||
|
|
||||||
|
err := GetDashboardAclInfoList(&query)
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
|
||||||
|
So(len(query.Result), ShouldEqual, 2)
|
||||||
|
defaultPermissionsId := -1
|
||||||
|
So(query.Result[0].DashboardId, ShouldEqual, defaultPermissionsId)
|
||||||
|
So(*query.Result[0].Role, ShouldEqual, m.ROLE_VIEWER)
|
||||||
|
So(query.Result[1].DashboardId, ShouldEqual, defaultPermissionsId)
|
||||||
|
So(*query.Result[1].Role, ShouldEqual, m.ROLE_EDITOR)
|
||||||
|
})
|
||||||
|
})
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user