mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
RBAC: refactoring alertingQuery to remove OrgRole check (#67808)
* WIP * tests passing
This commit is contained in:
Eric Leijonmarck
GitHub
parent
33b372bebe
commit
c3a0b75357
@ -12,7 +12,6 @@ import (
|
|||||||
alertmodels "github.com/grafana/grafana/pkg/services/alerting/models"
|
alertmodels "github.com/grafana/grafana/pkg/services/alerting/models"
|
||||||
"github.com/grafana/grafana/pkg/services/dashboards"
|
"github.com/grafana/grafana/pkg/services/dashboards"
|
||||||
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
||||||
"github.com/grafana/grafana/pkg/services/org"
|
|
||||||
"github.com/grafana/grafana/pkg/services/tag"
|
"github.com/grafana/grafana/pkg/services/tag"
|
||||||
"github.com/grafana/grafana/pkg/setting"
|
"github.com/grafana/grafana/pkg/setting"
|
||||||
)
|
)
|
||||||
@ -168,9 +167,7 @@ func (ss *sqlStore) HandleAlertsQuery(ctx context.Context, query *alertmodels.Ge
|
|||||||
builder.Write(")")
|
builder.Write(")")
|
||||||
}
|
}
|
||||||
|
|
||||||
if query.User.OrgRole != org.RoleAdmin {
|
builder.WriteDashboardPermissionFilter(query.User, dashboards.PERMISSION_VIEW)
|
||||||
builder.WriteDashboardPermissionFilter(query.User, dashboards.PERMISSION_VIEW)
|
|
||||||
}
|
|
||||||
|
|
||||||
builder.Write(" ORDER BY name ASC")
|
builder.Write(" ORDER BY name ASC")
|
||||||
|
|
||||||
|
|||||||
@ -84,6 +84,13 @@ func TestIntegrationAlertingDataAccess(t *testing.T) {
|
|||||||
// Get alert so we can use its ID in tests
|
// Get alert so we can use its ID in tests
|
||||||
signedInUser := &user.SignedInUser{
|
signedInUser := &user.SignedInUser{
|
||||||
OrgRole: org.RoleAdmin,
|
OrgRole: org.RoleAdmin,
|
||||||
|
OrgID: 1,
|
||||||
|
Permissions: map[int64]map[string][]string{
|
||||||
|
1: {
|
||||||
|
dashboards.ActionFoldersRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||||
|
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
alertQuery := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, PanelID: 1, OrgID: 1, User: signedInUser}
|
alertQuery := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, PanelID: 1, OrgID: 1, User: signedInUser}
|
||||||
result, err2 := store.HandleAlertsQuery(context.Background(), &alertQuery)
|
result, err2 := store.HandleAlertsQuery(context.Background(), &alertQuery)
|
||||||
@ -142,7 +149,16 @@ func TestIntegrationAlertingDataAccess(t *testing.T) {
|
|||||||
|
|
||||||
t.Run("Can read properties", func(t *testing.T) {
|
t.Run("Can read properties", func(t *testing.T) {
|
||||||
setup(t)
|
setup(t)
|
||||||
alertQuery := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, PanelID: 1, OrgID: 1, User: &user.SignedInUser{OrgRole: org.RoleAdmin}}
|
signedInUser := &user.SignedInUser{
|
||||||
|
OrgRole: org.RoleAdmin,
|
||||||
|
OrgID: 1,
|
||||||
|
Permissions: map[int64]map[string][]string{
|
||||||
|
1: {
|
||||||
|
dashboards.ActionFoldersRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||||
|
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||||
|
},
|
||||||
|
}}
|
||||||
|
alertQuery := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, PanelID: 1, OrgID: 1, User: signedInUser}
|
||||||
result, err2 := store.HandleAlertsQuery(context.Background(), &alertQuery)
|
result, err2 := store.HandleAlertsQuery(context.Background(), &alertQuery)
|
||||||
|
|
||||||
alert := result[0]
|
alert := result[0]
|
||||||
@ -189,7 +205,16 @@ func TestIntegrationAlertingDataAccess(t *testing.T) {
|
|||||||
})
|
})
|
||||||
|
|
||||||
t.Run("Alerts should be updated", func(t *testing.T) {
|
t.Run("Alerts should be updated", func(t *testing.T) {
|
||||||
query := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, OrgID: 1, User: &user.SignedInUser{OrgRole: org.RoleAdmin}}
|
signedInUser := &user.SignedInUser{
|
||||||
|
OrgRole: org.RoleAdmin,
|
||||||
|
OrgID: 1,
|
||||||
|
Permissions: map[int64]map[string][]string{
|
||||||
|
1: {
|
||||||
|
dashboards.ActionFoldersRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||||
|
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||||
|
},
|
||||||
|
}}
|
||||||
|
query := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, OrgID: 1, User: signedInUser}
|
||||||
res, err2 := store.HandleAlertsQuery(context.Background(), &query)
|
res, err2 := store.HandleAlertsQuery(context.Background(), &query)
|
||||||
|
|
||||||
require.Nil(t, err2)
|
require.Nil(t, err2)
|
||||||
@ -209,6 +234,16 @@ func TestIntegrationAlertingDataAccess(t *testing.T) {
|
|||||||
|
|
||||||
t.Run("Multiple alerts per dashboard", func(t *testing.T) {
|
t.Run("Multiple alerts per dashboard", func(t *testing.T) {
|
||||||
setup(t)
|
setup(t)
|
||||||
|
signedInUser := &user.SignedInUser{
|
||||||
|
OrgRole: org.RoleAdmin,
|
||||||
|
OrgID: 1,
|
||||||
|
Permissions: map[int64]map[string][]string{
|
||||||
|
1: {
|
||||||
|
dashboards.ActionFoldersRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||||
|
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
multipleItems := []*models.Alert{
|
multipleItems := []*models.Alert{
|
||||||
{
|
{
|
||||||
DashboardID: testDash.ID,
|
DashboardID: testDash.ID,
|
||||||
@ -238,7 +273,7 @@ func TestIntegrationAlertingDataAccess(t *testing.T) {
|
|||||||
t.Run("Should save 3 dashboards", func(t *testing.T) {
|
t.Run("Should save 3 dashboards", func(t *testing.T) {
|
||||||
require.Nil(t, err)
|
require.Nil(t, err)
|
||||||
|
|
||||||
queryForDashboard := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, OrgID: 1, User: &user.SignedInUser{OrgRole: org.RoleAdmin}}
|
queryForDashboard := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, OrgID: 1, User: signedInUser}
|
||||||
res, err2 := store.HandleAlertsQuery(context.Background(), &queryForDashboard)
|
res, err2 := store.HandleAlertsQuery(context.Background(), &queryForDashboard)
|
||||||
|
|
||||||
require.Nil(t, err2)
|
require.Nil(t, err2)
|
||||||
@ -251,7 +286,7 @@ func TestIntegrationAlertingDataAccess(t *testing.T) {
|
|||||||
err = store.SaveAlerts(context.Background(), testDash.ID, missingOneAlert)
|
err = store.SaveAlerts(context.Background(), testDash.ID, missingOneAlert)
|
||||||
|
|
||||||
t.Run("should delete the missing alert", func(t *testing.T) {
|
t.Run("should delete the missing alert", func(t *testing.T) {
|
||||||
query := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, OrgID: 1, User: &user.SignedInUser{OrgRole: org.RoleAdmin}}
|
query := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, OrgID: 1, User: signedInUser}
|
||||||
res, err2 := store.HandleAlertsQuery(context.Background(), &query)
|
res, err2 := store.HandleAlertsQuery(context.Background(), &query)
|
||||||
require.Nil(t, err2)
|
require.Nil(t, err2)
|
||||||
require.Equal(t, 2, len(res))
|
require.Equal(t, 2, len(res))
|
||||||
@ -299,7 +334,8 @@ func TestIntegrationPausingAlerts(t *testing.T) {
|
|||||||
|
|
||||||
t.Run("Given an alert", func(t *testing.T) {
|
t.Run("Given an alert", func(t *testing.T) {
|
||||||
ss := db.InitTestDB(t)
|
ss := db.InitTestDB(t)
|
||||||
sqlStore := sqlStore{db: ss, log: log.New(), tagService: tagimpl.ProvideService(ss, ss.Cfg)}
|
cfg := setting.NewCfg()
|
||||||
|
sqlStore := sqlStore{db: ss, cfg: cfg, log: log.New(), tagService: tagimpl.ProvideService(ss, ss.Cfg)}
|
||||||
|
|
||||||
testDash := insertTestDashboard(t, sqlStore.db, "dashboard with alerts", 1, 0, false, "alert")
|
testDash := insertTestDashboard(t, sqlStore.db, "dashboard with alerts", 1, 0, false, "alert")
|
||||||
alert, err := insertTestAlert("Alerting title", "Alerting message", testDash.OrgID, testDash.ID, simplejson.New(), sqlStore)
|
alert, err := insertTestAlert("Alerting title", "Alerting message", testDash.OrgID, testDash.ID, simplejson.New(), sqlStore)
|
||||||
@ -307,9 +343,18 @@ func TestIntegrationPausingAlerts(t *testing.T) {
|
|||||||
|
|
||||||
stateDateBeforePause := alert.NewStateDate
|
stateDateBeforePause := alert.NewStateDate
|
||||||
stateDateAfterPause := stateDateBeforePause
|
stateDateAfterPause := stateDateBeforePause
|
||||||
|
signedInUser := &user.SignedInUser{
|
||||||
|
OrgRole: org.RoleAdmin,
|
||||||
|
OrgID: testDash.OrgID,
|
||||||
|
Permissions: map[int64]map[string][]string{
|
||||||
|
testDash.OrgID: {
|
||||||
|
dashboards.ActionFoldersRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||||
|
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll, dashboards.ScopeFoldersAll},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
// Get alert so we can use its ID in tests
|
// Get alert so we can use its ID in tests
|
||||||
alertQuery := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, PanelID: 1, OrgID: 1, User: &user.SignedInUser{OrgRole: org.RoleAdmin}}
|
alertQuery := models.GetAlertsQuery{DashboardIDs: []int64{testDash.ID}, PanelID: 1, OrgID: 1, User: signedInUser}
|
||||||
res, err2 := sqlStore.HandleAlertsQuery(context.Background(), &alertQuery)
|
res, err2 := sqlStore.HandleAlertsQuery(context.Background(), &alertQuery)
|
||||||
require.Nil(t, err2)
|
require.Nil(t, err2)
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user