mirror of
https://github.com/grafana/grafana.git
synced 2024-12-28 18:01:40 -06:00
teams: editor/viewer team admin cant remove the last admin.
This commit is contained in:
parent
246e128048
commit
c420af16b1
@ -67,6 +67,10 @@ func UpdateTeamMember(c *m.ReqContext, cmd m.UpdateTeamMemberCommand) Response {
|
||||
return Error(403, "Not allowed to update team member", err)
|
||||
}
|
||||
|
||||
if c.OrgRole != m.ROLE_ADMIN {
|
||||
cmd.ProtectLastAdmin = true
|
||||
}
|
||||
|
||||
cmd.TeamId = teamId
|
||||
cmd.UserId = c.ParamsInt64(":userId")
|
||||
cmd.OrgId = orgId
|
||||
@ -91,7 +95,7 @@ func (hs *HTTPServer) RemoveTeamMember(c *m.ReqContext) Response {
|
||||
}
|
||||
|
||||
protectLastAdmin := false
|
||||
if c.OrgRole == m.ROLE_EDITOR {
|
||||
if c.OrgRole != m.ROLE_ADMIN {
|
||||
protectLastAdmin = true
|
||||
}
|
||||
|
||||
|
@ -35,10 +35,11 @@ type AddTeamMemberCommand struct {
|
||||
}
|
||||
|
||||
type UpdateTeamMemberCommand struct {
|
||||
UserId int64 `json:"-"`
|
||||
OrgId int64 `json:"-"`
|
||||
TeamId int64 `json:"-"`
|
||||
Permission PermissionType `json:"permission"`
|
||||
UserId int64 `json:"-"`
|
||||
OrgId int64 `json:"-"`
|
||||
TeamId int64 `json:"-"`
|
||||
Permission PermissionType `json:"permission"`
|
||||
ProtectLastAdmin bool `json:"-"`
|
||||
}
|
||||
|
||||
type RemoveTeamMemberCommand struct {
|
||||
|
@ -271,6 +271,18 @@ func UpdateTeamMember(cmd *m.UpdateTeamMemberCommand) error {
|
||||
return m.ErrTeamMemberNotFound
|
||||
}
|
||||
|
||||
if cmd.ProtectLastAdmin {
|
||||
lastAdmin, err := isLastAdmin(sess, cmd.OrgId, cmd.TeamId, cmd.UserId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if lastAdmin {
|
||||
return m.ErrLastTeamAdmin
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if cmd.Permission != m.PERMISSION_ADMIN {
|
||||
cmd.Permission = 0
|
||||
}
|
||||
|
@ -190,11 +190,21 @@ func TestTeamCommandsAndQueries(t *testing.T) {
|
||||
})
|
||||
|
||||
Convey("A user should be able to remove an admin if there are other admins", func() {
|
||||
err = AddTeamMember(&m.AddTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[1], Permission: m.PERMISSION_ADMIN})
|
||||
AddTeamMember(&m.AddTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[1], Permission: m.PERMISSION_ADMIN})
|
||||
err = RemoveTeamMember(&m.RemoveTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[0], ProtectLastAdmin: true})
|
||||
So(err, ShouldEqual, nil)
|
||||
})
|
||||
|
||||
Convey("A user should not be able to remove the admin permission for the last admin", func() {
|
||||
err = UpdateTeamMember(&m.UpdateTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[0], Permission: 0, ProtectLastAdmin: true})
|
||||
So(err, ShouldEqual, m.ErrLastTeamAdmin)
|
||||
})
|
||||
|
||||
Convey("A user should be able to remove the admin permission if there are other admins", func() {
|
||||
AddTeamMember(&m.AddTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[1], Permission: m.PERMISSION_ADMIN})
|
||||
err = UpdateTeamMember(&m.UpdateTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[0], Permission: 0, ProtectLastAdmin: true})
|
||||
So(err, ShouldEqual, nil)
|
||||
})
|
||||
})
|
||||
|
||||
Convey("Should be able to remove a group with users and permissions", func() {
|
||||
|
Loading…
Reference in New Issue
Block a user