IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

chore: move dashboard_acl models into dashboard service (#62151)

Browse Source
This commit is contained in:
Kristin Laemmert
2023-01-26 08:46:30 -05:00
committed by GitHub
parent c5cb5be3cc
commit e8b8a9e276
65 changed files with 553 additions and 572 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
pkg/services/team/model.go
View File

@@ -4,7 +4,7 @@ import (
"errors"
"time"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/user"
)
@@ -81,14 +81,14 @@ type SearchTeamsQuery struct {
}
type TeamDTO struct {
ID int64 `json:"id" xorm:"id"`
OrgID int64 `json:"orgId" xorm:"org_id"`
Name string `json:"name"`
Email string `json:"email"`
AvatarURL string `json:"avatarUrl"`
MemberCount int64 `json:"memberCount"`
Permission models.PermissionType `json:"permission"`
AccessControl map[string]bool `json:"accessControl"`
ID int64 `json:"id" xorm:"id"`
OrgID int64 `json:"orgId" xorm:"org_id"`
Name string `json:"name"`
Email string `json:"email"`
AvatarURL string `json:"avatarUrl"`
MemberCount int64 `json:"memberCount"`
Permission dashboards.PermissionType `json:"permission"`
AccessControl map[string]bool `json:"accessControl"`
}
type SearchTeamQueryResult struct {
@@ -109,7 +109,7 @@ type TeamMember struct {
TeamID int64 `xorm:"team_id"`
UserID int64 `xorm:"user_id"`
External bool // Signals that the membership has been created by an external systems, such as LDAP
Permission models.PermissionType
Permission dashboards.PermissionType
Created time.Time
Updated time.Time
@@ -119,18 +119,18 @@ type TeamMember struct {
// COMMANDS
type AddTeamMemberCommand struct {
UserID int64 `json:"userId" binding:"Required"`
OrgID int64 `json:"-"`
TeamID int64 `json:"-"`
External bool `json:"-"`
Permission models.PermissionType `json:"-"`
UserID int64 `json:"userId" binding:"Required"`
OrgID int64 `json:"-"`
TeamID int64 `json:"-"`
External bool `json:"-"`
Permission dashboards.PermissionType `json:"-"`
}
type UpdateTeamMemberCommand struct {
UserID int64 `json:"-"`
OrgID int64 `json:"-"`
TeamID int64 `json:"-"`
Permission models.PermissionType `json:"permission"`
UserID int64 `json:"-"`
OrgID int64 `json:"-"`
TeamID int64 `json:"-"`
Permission dashboards.PermissionType `json:"permission"`
}
type RemoveTeamMemberCommand struct {
@@ -154,15 +154,15 @@ type GetTeamMembersQuery struct {
// Projections and DTOs
type TeamMemberDTO struct {
OrgID int64 `json:"orgId" xorm:"org_id"`
TeamID int64 `json:"teamId" xorm:"team_id"`
UserID int64 `json:"userId" xorm:"user_id"`
External bool `json:"-"`
AuthModule string `json:"auth_module"`
Email string `json:"email"`
Name string `json:"name"`
Login string `json:"login"`
AvatarURL string `json:"avatarUrl" xorm:"avatar_url"`
Labels []string `json:"labels"`
Permission models.PermissionType `json:"permission"`
OrgID int64 `json:"orgId" xorm:"org_id"`
TeamID int64 `json:"teamId" xorm:"team_id"`
UserID int64 `json:"userId" xorm:"user_id"`
External bool `json:"-"`
AuthModule string `json:"auth_module"`
Email string `json:"email"`
Name string `json:"name"`
Login string `json:"login"`
AvatarURL string `json:"avatarUrl" xorm:"avatar_url"`
Labels []string `json:"labels"`
Permission dashboards.PermissionType `json:"permission"`
}

4
pkg/services/team/team.go
View File

@@ -3,7 +3,7 @@ package team
import (
"context"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/dashboards"
)
type Service interface {
@@ -13,7 +13,7 @@ type Service interface {
SearchTeams(ctx context.Context, query *SearchTeamsQuery) (SearchTeamQueryResult, error)
GetTeamByID(ctx context.Context, query *GetTeamByIDQuery) (*TeamDTO, error)
GetTeamsByUser(ctx context.Context, query *GetTeamsByUserQuery) ([]*TeamDTO, error)
AddTeamMember(userID, orgID, teamID int64, isExternal bool, permission models.PermissionType) error
AddTeamMember(userID, orgID, teamID int64, isExternal bool, permission dashboards.PermissionType) error
UpdateTeamMember(ctx context.Context, cmd *UpdateTeamMemberCommand) error
IsTeamMember(orgId int64, teamId int64, userId int64) (bool, error)
RemoveTeamMember(ctx context.Context, cmd *RemoveTeamMemberCommand) error

16
pkg/services/team/teamimpl/store.go
View File

@@ -8,8 +8,8 @@ import (
"time"
"github.com/grafana/grafana/pkg/infra/db"
"github.com/grafana/grafana/pkg/models"
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/team"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/setting"
@@ -22,7 +22,7 @@ type store interface {
Search(ctx context.Context, query *team.SearchTeamsQuery) (team.SearchTeamQueryResult, error)
GetByID(ctx context.Context, query *team.GetTeamByIDQuery) (*team.TeamDTO, error)
GetByUser(ctx context.Context, query *team.GetTeamsByUserQuery) ([]*team.TeamDTO, error)
AddMember(userID, orgID, teamID int64, isExternal bool, permission models.PermissionType) error
AddMember(userID, orgID, teamID int64, isExternal bool, permission dashboards.PermissionType) error
UpdateMember(ctx context.Context, cmd *team.UpdateTeamMemberCommand) error
IsMember(orgId int64, teamId int64, userId int64) (bool, error)
RemoveMember(ctx context.Context, cmd *team.RemoveTeamMemberCommand) error
@@ -358,7 +358,7 @@ func (ss *xormStore) GetByUser(ctx context.Context, query *team.GetTeamsByUserQu
}
// AddTeamMember adds a user to a team
func (ss *xormStore) AddMember(userID, orgID, teamID int64, isExternal bool, permission models.PermissionType) error {
func (ss *xormStore) AddMember(userID, orgID, teamID int64, isExternal bool, permission dashboards.PermissionType) error {
return ss.db.WithTransactionalDbSession(context.Background(), func(sess *db.Session) error {
if isMember, err := isTeamMember(sess, orgID, teamID, userID); err != nil {
return err
@@ -416,7 +416,7 @@ func isTeamMember(sess *db.Session, orgId int64, teamId int64, userId int64) (bo
// AddOrUpdateTeamMemberHook is called from team resource permission service
// it adds user to a team or updates user permissions in a team within the given transaction session
func AddOrUpdateTeamMemberHook(sess *db.Session, userID, orgID, teamID int64, isExternal bool, permission models.PermissionType) error {
func AddOrUpdateTeamMemberHook(sess *db.Session, userID, orgID, teamID int64, isExternal bool, permission dashboards.PermissionType) error {
isMember, err := isTeamMember(sess, orgID, teamID, userID)
if err != nil {
return err
@@ -431,7 +431,7 @@ func AddOrUpdateTeamMemberHook(sess *db.Session, userID, orgID, teamID int64, is
return err
}
func addTeamMember(sess *db.Session, orgID, teamID, userID int64, isExternal bool, permission models.PermissionType) error {
func addTeamMember(sess *db.Session, orgID, teamID, userID int64, isExternal bool, permission dashboards.PermissionType) error {
if _, err := teamExists(orgID, teamID, sess); err != nil {
return err
}
@@ -450,13 +450,13 @@ func addTeamMember(sess *db.Session, orgID, teamID, userID int64, isExternal boo
return err
}
func updateTeamMember(sess *db.Session, orgID, teamID, userID int64, permission models.PermissionType) error {
func updateTeamMember(sess *db.Session, orgID, teamID, userID int64, permission dashboards.PermissionType) error {
member, err := getTeamMember(sess, orgID, teamID, userID)
if err != nil {
return err
}
if permission != models.PERMISSION_ADMIN {
if permission != dashboards.PERMISSION_ADMIN {
permission = 0 // make sure we don't get invalid permission levels in store
}
@@ -590,7 +590,7 @@ func (ss *xormStore) IsAdmin(ctx context.Context, query *team.IsAdminOfTeamsQuer
var queryResult bool
err := ss.db.WithDbSession(ctx, func(sess *db.Session) error {
sql := "SELECT COUNT(team.id) AS count FROM team INNER JOIN team_member ON team_member.team_id = team.id WHERE team.org_id = ? AND team_member.user_id = ? AND team_member.permission = ?"
params := []interface{}{query.SignedInUser.OrgID, query.SignedInUser.UserID, models.PERMISSION_ADMIN}
params := []interface{}{query.SignedInUser.OrgID, query.SignedInUser.UserID, dashboards.PERMISSION_ADMIN}
type teamCount struct {
Count int64

23
pkg/services/team/teamimpl/store_test.go
View File

@@ -11,7 +11,6 @@ import (
"github.com/stretchr/testify/require"
"github.com/grafana/grafana/pkg/infra/db"
"github.com/grafana/grafana/pkg/models"
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/org/orgimpl"
@@ -165,7 +164,7 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
UserID: userId,
OrgID: testOrgID,
TeamID: team1.ID,
Permission: models.PERMISSION_ADMIN,
Permission: dashboards.PERMISSION_ADMIN,
})
require.NoError(t, err)
@@ -173,7 +172,7 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
qAfterUpdate := &team.GetTeamMembersQuery{OrgID: testOrgID, TeamID: team1.ID, SignedInUser: testUser}
qAfterUpdateResult, err := teamSvc.GetTeamMembers(context.Background(), qAfterUpdate)
require.NoError(t, err)
require.Equal(t, qAfterUpdateResult[0].Permission, models.PERMISSION_ADMIN)
require.Equal(t, qAfterUpdateResult[0].Permission, dashboards.PERMISSION_ADMIN)
})
t.Run("Should default to member permission level when updating a user with invalid permission level", func(t *testing.T) {
@@ -188,7 +187,7 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
require.NoError(t, err)
require.EqualValues(t, qBeforeUpdateResult[0].Permission, 0)
invalidPermissionLevel := models.PERMISSION_EDIT
invalidPermissionLevel := dashboards.PERMISSION_EDIT
err = teamSvc.UpdateTeamMember(context.Background(), &team.UpdateTeamMemberCommand{
UserID: userID,
OrgID: testOrgID,
@@ -211,7 +210,7 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
UserID: 1,
OrgID: testOrgID,
TeamID: team1.ID,
Permission: models.PERMISSION_ADMIN,
Permission: dashboards.PERMISSION_ADMIN,
})
require.Error(t, err, team.ErrTeamMemberNotFound)
@@ -267,7 +266,7 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
})
t.Run("Should have empty teams", func(t *testing.T) {
err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.ID, false, models.PERMISSION_ADMIN)
err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.ID, false, dashboards.PERMISSION_ADMIN)
require.NoError(t, err)
t.Run("A user should be able to remove the admin permission for the last admin", func(t *testing.T) {
@@ -284,10 +283,10 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
sqlStore = db.InitTestDB(t)
setup()
err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.ID, false, models.PERMISSION_ADMIN)
err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.ID, false, dashboards.PERMISSION_ADMIN)
require.NoError(t, err)
err = teamSvc.AddTeamMember(userIds[1], testOrgID, team1.ID, false, models.PERMISSION_ADMIN)
err = teamSvc.AddTeamMember(userIds[1], testOrgID, team1.ID, false, dashboards.PERMISSION_ADMIN)
require.NoError(t, err)
err = teamSvc.UpdateTeamMember(context.Background(), &team.UpdateTeamMemberCommand{OrgID: testOrgID, TeamID: team1.ID, UserID: userIds[0], Permission: 0})
require.NoError(t, err)
@@ -301,7 +300,7 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
err = teamSvc.AddTeamMember(userIds[2], testOrgID, groupID, false, 0)
require.NoError(t, err)
err = updateDashboardACL(t, sqlStore, 1, &dashboards.DashboardACL{
DashboardID: 1, OrgID: testOrgID, Permission: models.PERMISSION_EDIT, TeamID: groupID,
DashboardID: 1, OrgID: testOrgID, Permission: dashboards.PERMISSION_EDIT, TeamID: groupID,
})
require.NoError(t, err)
err = teamSvc.DeleteTeam(context.Background(), &team.DeleteTeamCommand{OrgID: testOrgID, ID: groupID})
@@ -324,7 +323,7 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
groupId := team2.ID
err := teamSvc.AddTeamMember(userIds[0], testOrgID, groupId, false, 0)
require.NoError(t, err)
err = teamSvc.AddTeamMember(userIds[1], testOrgID, groupId, false, models.PERMISSION_ADMIN)
err = teamSvc.AddTeamMember(userIds[1], testOrgID, groupId, false, dashboards.PERMISSION_ADMIN)
require.NoError(t, err)
query := &team.IsAdminOfTeamsQuery{SignedInUser: &user.SignedInUser{OrgID: testOrgID, UserID: userIds[0]}}
@@ -630,11 +629,11 @@ func updateDashboardACL(t *testing.T, sqlStore *sqlstore.SQLStore, dashboardID i
item.Created = time.Now()
item.Updated = time.Now()
if item.UserID == 0 && item.TeamID == 0 && (item.Role == nil || !item.Role.IsValid()) {
return models.ErrDashboardACLInfoMissing
return dashboards.ErrDashboardACLInfoMissing
}
if item.DashboardID == 0 {
return models.ErrDashboardPermissionDashboardEmpty
return dashboards.ErrDashboardPermissionDashboardEmpty
}
sess.Nullable("user_id", "team_id")

4
pkg/services/team/teamimpl/team.go
View File

@@ -4,7 +4,7 @@ import (
"context"
"github.com/grafana/grafana/pkg/infra/db"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/team"
"github.com/grafana/grafana/pkg/setting"
)
@@ -41,7 +41,7 @@ func (s *Service) GetTeamsByUser(ctx context.Context, query *team.GetTeamsByUser
return s.store.GetByUser(ctx, query)
}
func (s *Service) AddTeamMember(userID, orgID, teamID int64, isExternal bool, permission models.PermissionType) error {
func (s *Service) AddTeamMember(userID, orgID, teamID int64, isExternal bool, permission dashboards.PermissionType) error {
return s.store.AddMember(userID, orgID, teamID, isExternal, permission)
}

4
pkg/services/team/teamtest/team.go
View File

@@ -3,7 +3,7 @@ package teamtest
import (
"context"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/team"
)
@@ -44,7 +44,7 @@ func (s *FakeService) GetTeamsByUser(ctx context.Context, query *team.GetTeamsBy
return s.ExpectedTeamsByUser, s.ExpectedError
}
func (s *FakeService) AddTeamMember(userID, orgID, teamID int64, isExternal bool, permission models.PermissionType) error {
func (s *FakeService) AddTeamMember(userID, orgID, teamID int64, isExternal bool, permission dashboards.PermissionType) error {
return s.ExpectedError
}