IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix: initial fix for #10822

Browse Source
This commit is contained in:
Torkel Ödegaard
2018-02-07 17:54:21 +01:00
parent 39238c192d
commit b84fd3a7ae
3 changed files with 48 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pkg/services/sqlstore/dashboard.go
View File

@@ -279,6 +279,7 @@ func findDashboards(query *search.FindPersistedDashboardsQuery) ([]DashboardSear
var res []DashboardSearchProjection var res []DashboardSearchProjection
sql, params := sb.ToSql() sql, params := sb.ToSql()
sqlog.Info("sql", "sql", sql, "params", params)
err := x.Sql(sql, params...).Find(&res) err := x.Sql(sql, params...).Find(&res)
if err != nil { if err != nil {
return nil, err return nil, err

22
pkg/services/sqlstore/search_builder.go
View File

@@ -1,7 +1,6 @@
package sqlstore package sqlstore
import ( import (
"bytes"
"strings" "strings"
m "github.com/grafana/grafana/pkg/models" m "github.com/grafana/grafana/pkg/models"
@@ -9,6 +8,7 @@ import (
// SearchBuilder is a builder/object mother that builds a dashboard search query // SearchBuilder is a builder/object mother that builds a dashboard search query
type SearchBuilder struct { type SearchBuilder struct {
SqlBuilder
tags []string tags []string
isStarred bool isStarred bool
limit int limit int
@@ -18,8 +18,6 @@ type SearchBuilder struct {
whereTypeFolder bool whereTypeFolder bool
whereTypeDash bool whereTypeDash bool
whereFolderIds []int64 whereFolderIds []int64
sql bytes.Buffer
params []interface{}
} }
func NewSearchBuilder(signedInUser *m.SignedInUser, limit int) *SearchBuilder { func NewSearchBuilder(signedInUser *m.SignedInUser, limit int) *SearchBuilder {
@@ -176,23 +174,7 @@ func (sb *SearchBuilder) buildSearchWhereClause() {
} }
} }
if sb.signedInUser.OrgRole != m.ROLE_ADMIN { sb.writeDashboardPermissionFilter(sb.signedInUser, m.PERMISSION_VIEW)
allowedDashboardsSubQuery := ` AND (dashboard.has_acl = ` + dialect.BooleanStr(false) + ` OR dashboard.id in (
SELECT distinct d.id AS DashboardId
FROM dashboard AS d
LEFT JOIN dashboard_acl as da on d.folder_id = da.dashboard_id or d.id = da.dashboard_id
LEFT JOIN team_member as ugm on ugm.team_id = da.team_id
LEFT JOIN org_user ou on ou.role = da.role
WHERE
d.has_acl = ` + dialect.BooleanStr(true) + ` and
(da.user_id = ? or ugm.user_id = ? or ou.id is not null)
and d.org_id = ?
)
)`
sb.sql.WriteString(allowedDashboardsSubQuery)
sb.params = append(sb.params, sb.signedInUser.UserId, sb.signedInUser.UserId, sb.signedInUser.OrgId)
}
if len(sb.whereTitle) > 0 { if len(sb.whereTitle) > 0 {
sb.sql.WriteString(" AND dashboard.title " + dialect.LikeStr() + " ?") sb.sql.WriteString(" AND dashboard.title " + dialect.LikeStr() + " ?")

45
pkg/services/sqlstore/sqlbuilder.go Normal file
View File

@@ -0,0 +1,45 @@
package sqlstore
import (
"bytes"
"strings"
m "github.com/grafana/grafana/pkg/models"
)
type SqlBuilder struct {
sql bytes.Buffer
params []interface{}
}
func (sb *SqlBuilder) writeDashboardPermissionFilter(user *m.SignedInUser, minPermission m.PermissionType) {
if user.OrgRole == m.ROLE_ADMIN {
return
}
okRoles := []interface{}{user.OrgRole}
if user.OrgRole == m.ROLE_EDITOR {
okRoles = append(okRoles, m.ROLE_VIEWER)
}
sb.sql.WriteString(` AND
(
dashboard.has_acl = ` + dialect.BooleanStr(false) + ` OR
dashboard.id in (
SELECT distinct d.id AS DashboardId
FROM dashboard AS d
LEFT JOIN dashboard_acl as da on d.folder_id = da.dashboard_id or d.id = da.dashboard_id
LEFT JOIN team_member as ugm on ugm.team_id = da.team_id
WHERE
d.has_acl = ` + dialect.BooleanStr(true) + ` AND
d.org_id = ? AND
da.permission >= ? AND
(da.user_id = ? or ugm.user_id = ? or da.role IN (?` + strings.Repeat(",?", len(okRoles)-1) + `))
)
)`)
sb.params = append(sb.params, user.OrgId, minPermission, user.UserId, user.UserId)
sb.params = append(sb.params, okRoles...)
}