IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

folders: changed api urls for dashboard acls

Browse Source
This commit is contained in:
Torkel Ödegaard 2017-06-19 18:11:30 -04:00
parent c4a1803060
commit aaf2a897b0
6 changed files with 37 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/api/api.go
View File

@ -235,24 +235,24 @@ func (hs *HttpServer) registerRoutes() {
// Dashboard // Dashboard
r.Group("/dashboards", func() { r.Group("/dashboards", func() {
r.Combo("/db/:slug").Get(wrap(GetDashboard)).Delete(wrap(DeleteDashboard)) r.Combo("/db/:slug").Get(wrap(GetDashboard)).Delete(wrap(DeleteDashboard))
r.Post("/db", bind(m.SaveDashboardCommand{}), wrap(PostDashboard))
r.Get("/id/:dashboardId/versions", wrap(GetDashboardVersions))
r.Get("/id/:dashboardId/versions/:id", wrap(GetDashboardVersion))
r.Post("/id/:dashboardId/restore", reqEditorRole, bind(dtos.RestoreDashboardVersionCommand{}), wrap(RestoreDashboardVersion))
r.Post("/calculate-diff", bind(dtos.CalculateDiffOptions{}), wrap(CalculateDashboardDiff)) r.Post("/calculate-diff", bind(dtos.CalculateDiffOptions{}), wrap(CalculateDashboardDiff))
r.Post("/db", bind(m.SaveDashboardCommand{}), wrap(PostDashboard))
r.Get("/file/:file", GetDashboardFromJsonFile) r.Get("/file/:file", GetDashboardFromJsonFile)
r.Get("/home", wrap(GetHomeDashboard)) r.Get("/home", wrap(GetHomeDashboard))
r.Get("/tags", GetDashboardTags) r.Get("/tags", GetDashboardTags)
r.Post("/import", bind(dtos.ImportDashboardCommand{}), wrap(ImportDashboard)) r.Post("/import", bind(dtos.ImportDashboardCommand{}), wrap(ImportDashboard))
r.Group("/:id/acl", func() { r.Group("/id/:dashboardId", func() {
r.Get("/", wrap(GetDashboardAcl)) r.Get("/versions", wrap(GetDashboardVersions))
r.Post("/", quota("acl"), bind(m.SetDashboardAclCommand{}), wrap(PostDashboardAcl)) r.Get("/versions/:id", wrap(GetDashboardVersion))
r.Delete("/user/:userId", wrap(DeleteDashboardAclByUser)) r.Post("/restore", bind(dtos.RestoreDashboardVersionCommand{}), wrap(RestoreDashboardVersion))
r.Delete("/user-group/:userGroupId", wrap(DeleteDashboardAclByUserGroup))
r.Group("/acl", func() {
r.Get("/", wrap(GetDashboardAclList))
r.Post("/", bind(m.SetDashboardAclCommand{}), wrap(PostDashboardAcl))
r.Delete("/:aclId", wrap(DeleteDashboardAcl))
})
}, reqSignedIn) }, reqSignedIn)
}) })

31
pkg/api/dashboard_acl.go
View File

@ -9,8 +9,8 @@ import (
"github.com/grafana/grafana/pkg/util" "github.com/grafana/grafana/pkg/util"
) )
func GetDashboardAcl(c *middleware.Context) Response { func GetDashboardAclList(c *middleware.Context) Response {
dashId := c.ParamsInt64(":id") dashId := c.ParamsInt64(":dashboardId")
guardian := guardian.NewDashboardGuardian(dashId, c.OrgId, c.SignedInUser) guardian := guardian.NewDashboardGuardian(dashId, c.OrgId, c.SignedInUser)
@ -52,35 +52,16 @@ func PostDashboardAcl(c *middleware.Context, cmd m.SetDashboardAclCommand) Respo
}) })
} }
func DeleteDashboardAclByUser(c *middleware.Context) Response { func DeleteDashboardAcl(c *middleware.Context) Response {
dashId := c.ParamsInt64(":id") dashId := c.ParamsInt64(":dashboardId")
userId := c.ParamsInt64(":userId") aclId := c.ParamsInt64(":aclId")
guardian := guardian.NewDashboardGuardian(dashId, c.OrgId, c.SignedInUser) guardian := guardian.NewDashboardGuardian(dashId, c.OrgId, c.SignedInUser)
if canSave, err := guardian.CanSave(); err != nil || !canSave { if canSave, err := guardian.CanSave(); err != nil || !canSave {
return dashboardGuardianResponse(err) return dashboardGuardianResponse(err)
} }
cmd := m.RemoveDashboardAclCommand{DashboardId: dashId, UserId: userId, OrgId: c.OrgId} cmd := m.RemoveDashboardAclCommand{OrgId: c.OrgId, AclId: aclId}
if err := bus.Dispatch(&cmd); err != nil {
return ApiError(500, "Failed to delete permission for user", err)
}
return Json(200, "")
}
func DeleteDashboardAclByUserGroup(c *middleware.Context) Response {
dashId := c.ParamsInt64(":id")
userGroupId := c.ParamsInt64(":userGroupId")
guardian := guardian.NewDashboardGuardian(dashId, c.OrgId, c.SignedInUser)
if canSave, err := guardian.CanSave(); err != nil || !canSave {
return dashboardGuardianResponse(err)
}
cmd := m.RemoveDashboardAclCommand{DashboardId: dashId, UserGroupId: userGroupId, OrgId: c.OrgId}
if err := bus.Dispatch(&cmd); err != nil { if err := bus.Dispatch(&cmd); err != nil {
return ApiError(500, "Failed to delete permission for user", err) return ApiError(500, "Failed to delete permission for user", err)
} }

24
pkg/api/dashboard_acl_test.go
View File

@ -42,9 +42,9 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
}) })
Convey("When user is org admin", func() { Convey("When user is org admin", func() {
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/1/acl", "/api/dashboards/:id/acl", models.ROLE_ADMIN, func(sc *scenarioContext) { loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/id/1/acl", "/api/dashboards/id/:dashboardsId/acl", models.ROLE_ADMIN, func(sc *scenarioContext) {
Convey("Should be able to access ACL", func() { Convey("Should be able to access ACL", func() {
sc.handlerFunc = GetDashboardAcl sc.handlerFunc = GetDashboardAclList
sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec() sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()
So(sc.resp.Code, ShouldEqual, 200) So(sc.resp.Code, ShouldEqual, 200)
@ -58,18 +58,18 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
}) })
Convey("When user is editor and in the ACL", func() { Convey("When user is editor and in the ACL", func() {
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/1/acl", "/api/dashboards/:id/acl", models.ROLE_EDITOR, func(sc *scenarioContext) { loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/id/1/acl", "/api/dashboards/id/:dashboardId/acl", models.ROLE_EDITOR, func(sc *scenarioContext) {
mockResult = append(mockResult, &models.DashboardAcl{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_EDIT}) mockResult = append(mockResult, &models.DashboardAcl{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_EDIT})
Convey("Should be able to access ACL", func() { Convey("Should be able to access ACL", func() {
sc.handlerFunc = GetDashboardAcl sc.handlerFunc = GetDashboardAclList
sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec() sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()
So(sc.resp.Code, ShouldEqual, 200) So(sc.resp.Code, ShouldEqual, 200)
}) })
}) })
loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/1/acl/user/1", "/api/dashboards/:id/acl/user/:userId", models.ROLE_EDITOR, func(sc *scenarioContext) { loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/id/1/acl/1", "/api/dashboards/id/:dashboardId/acl/:aclId", models.ROLE_EDITOR, func(sc *scenarioContext) {
mockResult = append(mockResult, &models.DashboardAcl{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_EDIT}) mockResult = append(mockResult, &models.DashboardAcl{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_EDIT})
bus.AddHandler("test3", func(cmd *models.RemoveDashboardAclCommand) error { bus.AddHandler("test3", func(cmd *models.RemoveDashboardAclCommand) error {
@ -77,7 +77,7 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
}) })
Convey("Should be able to delete permission", func() { Convey("Should be able to delete permission", func() {
sc.handlerFunc = DeleteDashboardAclByUser sc.handlerFunc = DeleteDashboardAcl
sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec() sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()
So(sc.resp.Code, ShouldEqual, 200) So(sc.resp.Code, ShouldEqual, 200)
@ -85,7 +85,7 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
}) })
Convey("When user is a member of a user group in the ACL with edit permission", func() { Convey("When user is a member of a user group in the ACL with edit permission", func() {
loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/1/acl/user/1", "/api/dashboards/:id/acl/user/:userId", models.ROLE_EDITOR, func(sc *scenarioContext) { loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/id/1/acl/1", "/api/dashboards/id/:dashboardsId/acl/:aclId", models.ROLE_EDITOR, func(sc *scenarioContext) {
userGroupResp = append(userGroupResp, &models.UserGroup{Id: 1, OrgId: 1, Name: "UG1"}) userGroupResp = append(userGroupResp, &models.UserGroup{Id: 1, OrgId: 1, Name: "UG1"})
bus.AddHandler("test3", func(cmd *models.RemoveDashboardAclCommand) error { bus.AddHandler("test3", func(cmd *models.RemoveDashboardAclCommand) error {
@ -93,7 +93,7 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
}) })
Convey("Should be able to delete permission", func() { Convey("Should be able to delete permission", func() {
sc.handlerFunc = DeleteDashboardAclByUser sc.handlerFunc = DeleteDashboardAcl
sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec() sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()
So(sc.resp.Code, ShouldEqual, 200) So(sc.resp.Code, ShouldEqual, 200)
@ -103,24 +103,24 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
}) })
Convey("When user is editor and not in the ACL", func() { Convey("When user is editor and not in the ACL", func() {
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/1/acl", "/api/dashboards/:id/acl", models.ROLE_EDITOR, func(sc *scenarioContext) { loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/id/1/acl", "/api/dashboards/id/:dashboardsId/acl", models.ROLE_EDITOR, func(sc *scenarioContext) {
Convey("Should not be able to access ACL", func() { Convey("Should not be able to access ACL", func() {
sc.handlerFunc = GetDashboardAcl sc.handlerFunc = GetDashboardAclList
sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec() sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()
So(sc.resp.Code, ShouldEqual, 403) So(sc.resp.Code, ShouldEqual, 403)
}) })
}) })
loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/1/acl/user/1", "/api/dashboards/:id/acl/user/:userId", models.ROLE_EDITOR, func(sc *scenarioContext) { loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/id/1/acl/user/1", "/api/dashboards/id/:dashboardsId/acl/user/:userId", models.ROLE_EDITOR, func(sc *scenarioContext) {
mockResult = append(mockResult, &models.DashboardAcl{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_VIEW}) mockResult = append(mockResult, &models.DashboardAcl{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_VIEW})
bus.AddHandler("test3", func(cmd *models.RemoveDashboardAclCommand) error { bus.AddHandler("test3", func(cmd *models.RemoveDashboardAclCommand) error {
return nil return nil
}) })
Convey("Should be not be able to delete permission", func() { Convey("Should be not be able to delete permission", func() {
sc.handlerFunc = DeleteDashboardAclByUser sc.handlerFunc = DeleteDashboardAcl
sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec() sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()
So(sc.resp.Code, ShouldEqual, 403) So(sc.resp.Code, ShouldEqual, 403)

7
pkg/models/dashboard_acl.go
View File

@ -73,11 +73,8 @@ type SetDashboardAclCommand struct {
} }
type RemoveDashboardAclCommand struct { type RemoveDashboardAclCommand struct {
DashboardId int64 `json:"dashboardId" binding:"Required"` AclId int64
UserId int64 `json:"userId"` OrgId int64
UserGroupId int64 `json:"userGroupId"`
OrgId int64 `json:"-"`
} }
// //

4
pkg/services/sqlstore/dashboard_acl.go
View File

@ -76,8 +76,8 @@ func SetDashboardAcl(cmd *m.SetDashboardAclCommand) error {
func RemoveDashboardAcl(cmd *m.RemoveDashboardAclCommand) error { func RemoveDashboardAcl(cmd *m.RemoveDashboardAclCommand) error {
return inTransaction(func(sess *DBSession) error { return inTransaction(func(sess *DBSession) error {
var rawSQL = "DELETE FROM " + dialect.Quote("dashboard_acl") + " WHERE dashboard_id =? and (user_group_id=? or user_id=?)" var rawSQL = "DELETE FROM " + dialect.Quote("dashboard_acl") + " WHERE org_id =? and id=?"
_, err := sess.Exec(rawSQL, cmd.DashboardId, cmd.UserGroupId, cmd.UserId) _, err := sess.Exec(rawSQL, cmd.OrgId, cmd.AclId)
if err != nil { if err != nil {
return err return err
} }

10
pkg/services/sqlstore/dashboard_acl_test.go
View File

@ -114,9 +114,8 @@ func TestDashboardAclDataAccess(t *testing.T) {
Convey("Should be able to delete an existing permission", func() { Convey("Should be able to delete an existing permission", func() {
err := RemoveDashboardAcl(&m.RemoveDashboardAclCommand{ err := RemoveDashboardAcl(&m.RemoveDashboardAclCommand{
OrgId: 1, OrgId: 1,
UserId: 1, AclId: 1,
DashboardId: savedFolder.Id,
}) })
So(err, ShouldBeNil) So(err, ShouldBeNil)
@ -170,9 +169,8 @@ func TestDashboardAclDataAccess(t *testing.T) {
Convey("Should be able to delete an existing permission for a user group", func() { Convey("Should be able to delete an existing permission for a user group", func() {
err := RemoveDashboardAcl(&m.RemoveDashboardAclCommand{ err := RemoveDashboardAcl(&m.RemoveDashboardAclCommand{
OrgId: 1, OrgId: 1,
UserGroupId: group1.Result.Id, AclId: 1,
DashboardId: savedFolder.Id,
}) })
So(err, ShouldBeNil) So(err, ShouldBeNil)