mirror of
https://github.com/grafana/grafana.git
synced 2024-11-26 10:50:37 -06:00
RBAC: refactoring alertingQuery to remove OrgRole check (#67808)
* WIP * tests passing
This commit is contained in:
Eric Leijonmarck
GitHub
parent
33b372bebe
commit
c3a0b75357
@ -12,7 +12,6 @@ import (
|
||||
alertmodels "github.com/grafana/grafana/pkg/services/alerting/models"
|
||||
"github.com/grafana/grafana/pkg/services/dashboards"
|
||||
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
||||
"github.com/grafana/grafana/pkg/services/org"
|
||||
"github.com/grafana/grafana/pkg/services/tag"
|
||||
"github.com/grafana/grafana/pkg/setting"
|
||||
)
|
||||
@ -168,9 +167,7 @@ func (ss *sqlStore) HandleAlertsQuery(ctx context.Context, query *alertmodels.Ge
|
||||
builder.Write(")")
|
||||
}
|
||||
|
||||
if query.User.OrgRole != org.RoleAdmin {
|
||||
builder.WriteDashboardPermissionFilter(query.User, dashboards.PERMISSION_VIEW)
|
||||
}
|
||||
builder.WriteDashboardPermissionFilter(query.User, dashboards.PERMISSION_VIEW)
|
||||
|
||||
builder.Write(" ORDER BY name ASC")
|
||||
|
||||
|
||||
@ -84,6 +84,13 @@ func TestIntegrationAlertingDataAccess(t *testing.T) {
|
||||
// Get alert so we can use its ID in tests
|
||||
signedInUser := &user.SignedInUser{
|
||||
OrgRole: org.RoleAdmin,
|
||||
OrgID: 1,
|
||||
Permissions: map[int64]map[string][]string{
|
||||
1: {
|
||||
dashboards.ActionFoldersRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||
},
|
||||
},
|
||||
}
|
||||
alertQuery := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, PanelID: 1, OrgID: 1, User: signedInUser}
|
||||
result, err2 := store.HandleAlertsQuery(context.Background(), &alertQuery)
|
||||
@ -142,7 +149,16 @@ func TestIntegrationAlertingDataAccess(t *testing.T) {
|
||||
|
||||
t.Run("Can read properties", func(t *testing.T) {
|
||||
setup(t)
|
||||
alertQuery := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, PanelID: 1, OrgID: 1, User: &user.SignedInUser{OrgRole: org.RoleAdmin}}
|
||||
signedInUser := &user.SignedInUser{
|
||||
OrgRole: org.RoleAdmin,
|
||||
OrgID: 1,
|
||||
Permissions: map[int64]map[string][]string{
|
||||
1: {
|
||||
dashboards.ActionFoldersRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||
},
|
||||
}}
|
||||
alertQuery := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, PanelID: 1, OrgID: 1, User: signedInUser}
|
||||
result, err2 := store.HandleAlertsQuery(context.Background(), &alertQuery)
|
||||
|
||||
alert := result[0]
|
||||
@ -189,7 +205,16 @@ func TestIntegrationAlertingDataAccess(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("Alerts should be updated", func(t *testing.T) {
|
||||
query := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, OrgID: 1, User: &user.SignedInUser{OrgRole: org.RoleAdmin}}
|
||||
signedInUser := &user.SignedInUser{
|
||||
OrgRole: org.RoleAdmin,
|
||||
OrgID: 1,
|
||||
Permissions: map[int64]map[string][]string{
|
||||
1: {
|
||||
dashboards.ActionFoldersRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||
},
|
||||
}}
|
||||
query := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, OrgID: 1, User: signedInUser}
|
||||
res, err2 := store.HandleAlertsQuery(context.Background(), &query)
|
||||
|
||||
require.Nil(t, err2)
|
||||
@ -209,6 +234,16 @@ func TestIntegrationAlertingDataAccess(t *testing.T) {
|
||||
|
||||
t.Run("Multiple alerts per dashboard", func(t *testing.T) {
|
||||
setup(t)
|
||||
signedInUser := &user.SignedInUser{
|
||||
OrgRole: org.RoleAdmin,
|
||||
OrgID: 1,
|
||||
Permissions: map[int64]map[string][]string{
|
||||
1: {
|
||||
dashboards.ActionFoldersRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||
},
|
||||
},
|
||||
}
|
||||
multipleItems := []*models.Alert{
|
||||
{
|
||||
DashboardID: testDash.ID,
|
||||
@ -238,7 +273,7 @@ func TestIntegrationAlertingDataAccess(t *testing.T) {
|
||||
t.Run("Should save 3 dashboards", func(t *testing.T) {
|
||||
require.Nil(t, err)
|
||||
|
||||
queryForDashboard := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, OrgID: 1, User: &user.SignedInUser{OrgRole: org.RoleAdmin}}
|
||||
queryForDashboard := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, OrgID: 1, User: signedInUser}
|
||||
res, err2 := store.HandleAlertsQuery(context.Background(), &queryForDashboard)
|
||||
|
||||
require.Nil(t, err2)
|
||||
@ -251,7 +286,7 @@ func TestIntegrationAlertingDataAccess(t *testing.T) {
|
||||
err = store.SaveAlerts(context.Background(), testDash.ID, missingOneAlert)
|
||||
|
||||
t.Run("should delete the missing alert", func(t *testing.T) {
|
||||
query := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, OrgID: 1, User: &user.SignedInUser{OrgRole: org.RoleAdmin}}
|
||||
query := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, OrgID: 1, User: signedInUser}
|
||||
res, err2 := store.HandleAlertsQuery(context.Background(), &query)
|
||||
require.Nil(t, err2)
|
||||
require.Equal(t, 2, len(res))
|
||||
@ -299,7 +334,8 @@ func TestIntegrationPausingAlerts(t *testing.T) {
|
||||
|
||||
t.Run("Given an alert", func(t *testing.T) {
|
||||
ss := db.InitTestDB(t)
|
||||
sqlStore := sqlStore{db: ss, log: log.New(), tagService: tagimpl.ProvideService(ss, ss.Cfg)}
|
||||
cfg := setting.NewCfg()
|
||||
sqlStore := sqlStore{db: ss, cfg: cfg, log: log.New(), tagService: tagimpl.ProvideService(ss, ss.Cfg)}
|
||||
|
||||
testDash := insertTestDashboard(t, sqlStore.db, "dashboard with alerts", 1, 0, false, "alert")
|
||||
alert, err := insertTestAlert("Alerting title", "Alerting message", testDash.OrgID, testDash.ID, simplejson.New(), sqlStore)
|
||||
@ -307,9 +343,18 @@ func TestIntegrationPausingAlerts(t *testing.T) {
|
||||
|
||||
stateDateBeforePause := alert.NewStateDate
|
||||
stateDateAfterPause := stateDateBeforePause
|
||||
|
||||
signedInUser := &user.SignedInUser{
|
||||
OrgRole: org.RoleAdmin,
|
||||
OrgID: testDash.OrgID,
|
||||
Permissions: map[int64]map[string][]string{
|
||||
testDash.OrgID: {
|
||||
dashboards.ActionFoldersRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||
},
|
||||
},
|
||||
}
|
||||
// Get alert so we can use its ID in tests
|
||||
alertQuery := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, PanelID: 1, OrgID: 1, User: &user.SignedInUser{OrgRole: org.RoleAdmin}}
|
||||
alertQuery := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, PanelID: 1, OrgID: 1, User: signedInUser}
|
||||
res, err2 := sqlStore.HandleAlertsQuery(context.Background(), &alertQuery)
|
||||
require.Nil(t, err2)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user