Add endpoint with UID for dashboard permissions (#47753)

* Replace sequential IDs with UID for dashboard permossion * Add back endpoint with id * Rename parameter from dashboarUid->uid and add swagger definitions for endpoints * Generate swagger json * Add deprecated to swagger and docs * Add deprecated comment in the api.go * Add model for POST body * Fix model post body for endpoint * Generate spec with enterprise
2025-02-25 18:55:37 -06:00 · 2022-04-21 16:24:03 +02:00
parent 3b256afb9e
commit d99d095ac6
7 changed files with 391 additions and 43 deletions
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -354,6 +354,12 @@ func (hs *HTTPServer) registerRoutes() {
 		apiRoute.Group("/dashboards", func(dashboardRoute routing.RouteRegister) {
 			dashboardRoute.Get("/uid/:uid", authorize(reqSignedIn, ac.EvalPermission(ac.ActionDashboardsRead)), routing.Wrap(hs.GetDashboard))
 			dashboardRoute.Delete("/uid/:uid", authorize(reqSignedIn, ac.EvalPermission(ac.ActionDashboardsDelete)), routing.Wrap(hs.DeleteDashboardByUID))
+			dashboardRoute.Group("/uid/:uid", func(dashUidRoute routing.RouteRegister) {
+				dashUidRoute.Group("/permissions", func(dashboardPermissionRoute routing.RouteRegister) {
+					dashboardPermissionRoute.Get("/", authorize(reqSignedIn, ac.EvalPermission(ac.ActionDashboardsPermissionsRead)), routing.Wrap(hs.GetDashboardPermissionList))
+					dashboardPermissionRoute.Post("/", authorize(reqSignedIn, ac.EvalPermission(ac.ActionDashboardsPermissionsWrite)), routing.Wrap(hs.UpdateDashboardPermissions))
+				})
+			})

 			if hs.ThumbService != nil {
 				dashboardRoute.Get("/uid/:uid/img/:kind/:theme", hs.ThumbService.GetImage)
@@ -371,6 +377,7 @@ func (hs *HTTPServer) registerRoutes() {
 			dashboardRoute.Get("/home", routing.Wrap(hs.GetHomeDashboard))
 			dashboardRoute.Get("/tags", hs.GetDashboardTags)

+			// Deprecated: use /uid/:uid API instead.
 			dashboardRoute.Group("/id/:dashboardId", func(dashIdRoute routing.RouteRegister) {
 				dashIdRoute.Get("/versions", authorize(reqSignedIn, ac.EvalPermission(ac.ActionDashboardsWrite)), routing.Wrap(hs.GetDashboardVersions))
 				dashIdRoute.Get("/versions/:id", authorize(reqSignedIn, ac.EvalPermission(ac.ActionDashboardsWrite)), routing.Wrap(hs.GetDashboardVersion))
--- a/pkg/api/dashboard_permission.go
+++ b/pkg/api/dashboard_permission.go
@@ -17,16 +17,25 @@ import (
 )

 func (hs *HTTPServer) GetDashboardPermissionList(c *models.ReqContext) response.Response {
-	dashID, err := strconv.ParseInt(web.Params(c.Req)[":dashboardId"], 10, 64)
-	if err != nil {
-		return response.Error(http.StatusBadRequest, "dashboardId is invalid", err)
+	var dashID int64
+	var err error
+	dashUID := web.Params(c.Req)[":uid"]
+	if dashUID == "" {
+		dashID, err = strconv.ParseInt(web.Params(c.Req)[":dashboardId"], 10, 64)
+		if err != nil {
+			return response.Error(http.StatusBadRequest, "dashboardId is invalid", err)
+		}
 	}

-	_, rsp := hs.getDashboardHelper(c.Req.Context(), c.OrgId, dashID, "")
+	dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.OrgId, dashID, dashUID)
 	if rsp != nil {
 		return rsp
 	}

+	if dashID == 0 {
+		dashID = dash.Id
+	}
+
 	g := guardian.New(c.Req.Context(), dashID, c.OrgId, c.SignedInUser)

 	if canAdmin, err := g.CanAdmin(); err != nil || !canAdmin {
@@ -60,6 +69,8 @@ func (hs *HTTPServer) GetDashboardPermissionList(c *models.ReqContext) response.
 }

 func (hs *HTTPServer) UpdateDashboardPermissions(c *models.ReqContext) response.Response {
+	var dashID int64
+	var err error
 	apiCmd := dtos.UpdateDashboardAclCommand{}
 	if err := web.Bind(c.Req, &apiCmd); err != nil {
 		return response.Error(http.StatusBadRequest, "bad request data", err)
@@ -68,16 +79,23 @@ func (hs *HTTPServer) UpdateDashboardPermissions(c *models.ReqContext) response.
 		return response.Error(400, err.Error(), err)
 	}

-	dashID, err := strconv.ParseInt(web.Params(c.Req)[":dashboardId"], 10, 64)
-	if err != nil {
-		return response.Error(http.StatusBadRequest, "dashboardId is invalid", err)
+	dashUID := web.Params(c.Req)[":uid"]
+	if dashUID == "" {
+		dashID, err = strconv.ParseInt(web.Params(c.Req)[":dashboardId"], 10, 64)
+		if err != nil {
+			return response.Error(http.StatusBadRequest, "dashboardId is invalid", err)
+		}
 	}

-	dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.OrgId, dashID, "")
+	dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.OrgId, 0, dashUID)
 	if rsp != nil {
 		return rsp
 	}

+	if dashUID != "" {
+		dashID = dash.Id
+	}
+
 	g := guardian.New(c.Req.Context(), dashID, c.OrgId, c.SignedInUser)
 	if canAdmin, err := g.CanAdmin(); err != nil || !canAdmin {
 		return dashboardGuardianResponse(err)
--- a/pkg/api/docs/definitions/dashboard.go
+++ b/pkg/api/docs/definitions/dashboard.go
@@ -101,7 +101,7 @@ import (
 // 422: unprocessableEntityError
 // 500: internalServerError

-// swagger:parameters getDashboardByUID deleteDashboardByUID
+// swagger:parameters getDashboardByUID deleteDashboardByUID getDashboardPermissionsWithUid postDashboardPermissionsWithUid
 type UID struct {
 	// in:path
 	// required:true
--- a/pkg/api/docs/definitions/dashboard_permissions.go
+++ b/pkg/api/docs/definitions/dashboard_permissions.go
@@ -9,6 +9,10 @@ import (
 //
 // Gets all existing permissions for the given dashboard.
 //
+// Please refer to [updated API](#/dashboard_permissions/getDashboardPermissionsWithUid) instead
+//
+// Deprecated: true
+//
 // Responses:
 // 200: getDashboardPermissionsResponse
 // 401: unauthorisedError
@@ -20,6 +24,35 @@ import (
 //
 // Updates permissions for a dashboard.
 //
+// Please refer to [updated API](#/dashboard_permissions/postDashboardPermissionsWithUid) instead
+//
+// This operation will remove existing permissions if they’re not included in the request.
+//
+// Deprecated: true
+//
+// Responses:
+// 200: okResponse
+// 400: badRequestError
+// 401: unauthorisedError
+// 403: forbiddenError
+// 404: notFoundError
+// 500: internalServerError
+
+// swagger:route GET /dashboards/uid/{uid}/permissions dashboard_permissions getDashboardPermissionsWithUid
+//
+// Gets all existing permissions for the given dashboard.
+//
+// Responses:
+// 200: getDashboardPermissionsResponse
+// 401: unauthorisedError
+// 403: forbiddenError
+// 404: notFoundError
+// 500: internalServerError
+
+// swagger:route POST /dashboards/uid/{uid}/permissions dashboard_permissions postDashboardPermissionsWithUid
+//
+// Updates permissions for a dashboard.
+//
 // This operation will remove existing permissions if they’re not included in the request.
 //
 // Responses:
@@ -30,7 +63,7 @@ import (
 // 404: notFoundError
 // 500: internalServerError

-// swagger:parameters postDashboardPermissions updateFolderPermissions
+// swagger:parameters postDashboardPermissions updateFolderPermissions postDashboardPermissionsWithUid
 type PostDashboardPermissionsParam struct {
 	// in:body
 	// required:true