fix: initial fix for #10822

This commit is contained in:
Torkel Ödegaard 2018-02-07 17:54:21 +01:00
parent 39238c192d
commit b84fd3a7ae
3 changed files with 48 additions and 20 deletions

View File

@ -279,6 +279,7 @@ func findDashboards(query *search.FindPersistedDashboardsQuery) ([]DashboardSear
var res []DashboardSearchProjection
sql, params := sb.ToSql()
sqlog.Info("sql", "sql", sql, "params", params)
err := x.Sql(sql, params...).Find(&res)
if err != nil {
return nil, err

View File

@ -1,7 +1,6 @@
package sqlstore
import (
"bytes"
"strings"
m "github.com/grafana/grafana/pkg/models"
@ -9,6 +8,7 @@ import (
// SearchBuilder is a builder/object mother that builds a dashboard search query
type SearchBuilder struct {
SqlBuilder
tags []string
isStarred bool
limit int
@ -18,8 +18,6 @@ type SearchBuilder struct {
whereTypeFolder bool
whereTypeDash bool
whereFolderIds []int64
sql bytes.Buffer
params []interface{}
}
func NewSearchBuilder(signedInUser *m.SignedInUser, limit int) *SearchBuilder {
@ -176,23 +174,7 @@ func (sb *SearchBuilder) buildSearchWhereClause() {
}
}
if sb.signedInUser.OrgRole != m.ROLE_ADMIN {
allowedDashboardsSubQuery := ` AND (dashboard.has_acl = ` + dialect.BooleanStr(false) + ` OR dashboard.id in (
SELECT distinct d.id AS DashboardId
FROM dashboard AS d
LEFT JOIN dashboard_acl as da on d.folder_id = da.dashboard_id or d.id = da.dashboard_id
LEFT JOIN team_member as ugm on ugm.team_id = da.team_id
LEFT JOIN org_user ou on ou.role = da.role
WHERE
d.has_acl = ` + dialect.BooleanStr(true) + ` and
(da.user_id = ? or ugm.user_id = ? or ou.id is not null)
and d.org_id = ?
)
)`
sb.sql.WriteString(allowedDashboardsSubQuery)
sb.params = append(sb.params, sb.signedInUser.UserId, sb.signedInUser.UserId, sb.signedInUser.OrgId)
}
sb.writeDashboardPermissionFilter(sb.signedInUser, m.PERMISSION_VIEW)
if len(sb.whereTitle) > 0 {
sb.sql.WriteString(" AND dashboard.title " + dialect.LikeStr() + " ?")

View File

@ -0,0 +1,45 @@
package sqlstore
import (
"bytes"
"strings"
m "github.com/grafana/grafana/pkg/models"
)
type SqlBuilder struct {
sql bytes.Buffer
params []interface{}
}
func (sb *SqlBuilder) writeDashboardPermissionFilter(user *m.SignedInUser, minPermission m.PermissionType) {
if user.OrgRole == m.ROLE_ADMIN {
return
}
okRoles := []interface{}{user.OrgRole}
if user.OrgRole == m.ROLE_EDITOR {
okRoles = append(okRoles, m.ROLE_VIEWER)
}
sb.sql.WriteString(` AND
(
dashboard.has_acl = ` + dialect.BooleanStr(false) + ` OR
dashboard.id in (
SELECT distinct d.id AS DashboardId
FROM dashboard AS d
LEFT JOIN dashboard_acl as da on d.folder_id = da.dashboard_id or d.id = da.dashboard_id
LEFT JOIN team_member as ugm on ugm.team_id = da.team_id
WHERE
d.has_acl = ` + dialect.BooleanStr(true) + ` AND
d.org_id = ? AND
da.permission >= ? AND
(da.user_id = ? or ugm.user_id = ? or da.role IN (?` + strings.Repeat(",?", len(okRoles)-1) + `))
)
)`)
sb.params = append(sb.params, user.OrgId, minPermission, user.UserId, user.UserId)
sb.params = append(sb.params, okRoles...)
}