folders: use new folder service in folder api routes

This commit is contained in:
Marcus Efraimsson 2018-02-20 13:57:32 +01:00
parent 268fb4dc6c
commit ea7998ca8e
4 changed files with 541 additions and 591 deletions

View File

@ -248,8 +248,9 @@ func (hs *HttpServer) registerRoutes() {
// Folders // Folders
apiRoute.Group("/folders", func(folderRoute RouteRegister) { apiRoute.Group("/folders", func(folderRoute RouteRegister) {
folderRoute.Get("/:uid", wrap(GetFolder)) folderRoute.Get("/", wrap(GetFolders))
folderRoute.Get("/id/:id", wrap(GetFolder)) folderRoute.Get("/:uid", wrap(GetFolderByUid))
folderRoute.Get("/id/:id", wrap(GetFolderById))
folderRoute.Post("/", bind(m.CreateFolderCommand{}), wrap(CreateFolder)) folderRoute.Post("/", bind(m.CreateFolderCommand{}), wrap(CreateFolder))
folderRoute.Put("/:uid", bind(m.UpdateFolderCommand{}), wrap(UpdateFolder)) folderRoute.Put("/:uid", bind(m.UpdateFolderCommand{}), wrap(UpdateFolder))
folderRoute.Delete("/:uid", wrap(DeleteFolder)) folderRoute.Delete("/:uid", wrap(DeleteFolder))

View File

@ -17,3 +17,9 @@ type Folder struct {
Updated time.Time `json:"updated"` Updated time.Time `json:"updated"`
Version int `json:"version"` Version int `json:"version"`
} }
type FolderSearchHit struct {
Id int64 `json:"id"`
Uid string `json:"uid"`
Title string `json:"title"`
}

View File

@ -1,10 +1,7 @@
package api package api
import ( import (
"fmt"
"github.com/grafana/grafana/pkg/api/dtos" "github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/bus"
"github.com/grafana/grafana/pkg/middleware" "github.com/grafana/grafana/pkg/middleware"
m "github.com/grafana/grafana/pkg/models" m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/dashboards" "github.com/grafana/grafana/pkg/services/dashboards"
@ -12,142 +9,84 @@ import (
"github.com/grafana/grafana/pkg/util" "github.com/grafana/grafana/pkg/util"
) )
func getFolderHelper(orgId int64, id int64, uid string) (*m.Dashboard, Response) { func GetFolders(c *middleware.Context) Response {
query := m.GetDashboardQuery{OrgId: orgId, Id: id, Uid: uid} s := dashboards.NewFolderService(c.OrgId, c.SignedInUser)
if err := bus.Dispatch(&query); err != nil { folders, err := s.GetFolders(c.QueryInt("limit"))
if err == m.ErrDashboardNotFound {
err = m.ErrFolderNotFound
}
return nil, ApiError(404, "Folder not found", err)
}
if !query.Result.IsFolder {
return nil, ApiError(404, "Folder not found", m.ErrFolderNotFound)
}
return query.Result, nil
}
func folderGuardianResponse(err error) Response {
if err != nil { if err != nil {
return ApiError(500, "Error while checking folder permissions", err) return toFolderError(err)
} }
return ApiError(403, "Access denied to this folder", nil) result := make([]dtos.FolderSearchHit, 0)
for _, f := range folders {
result = append(result, dtos.FolderSearchHit{
Id: f.Id,
Uid: f.Uid,
Title: f.Title,
})
}
return Json(200, result)
} }
func GetFolder(c *middleware.Context) Response { func GetFolderByUid(c *middleware.Context) Response {
folder, rsp := getFolderHelper(c.OrgId, c.ParamsInt64(":id"), c.Params(":uid")) s := dashboards.NewFolderService(c.OrgId, c.SignedInUser)
if rsp != nil { folder, err := s.GetFolderByUid(c.Params(":uid"))
return rsp
if err != nil {
return toFolderError(err)
} }
guardian := guardian.New(folder.Id, c.OrgId, c.SignedInUser) g := guardian.New(folder.Id, c.OrgId, c.SignedInUser)
if canView, err := guardian.CanView(); err != nil || !canView { return Json(200, toFolderDto(g, folder))
fmt.Printf("%v", err) }
return folderGuardianResponse(err)
func GetFolderById(c *middleware.Context) Response {
s := dashboards.NewFolderService(c.OrgId, c.SignedInUser)
folder, err := s.GetFolderById(c.ParamsInt64(":id"))
if err != nil {
return toFolderError(err)
} }
return Json(200, toFolderDto(&guardian, folder)) g := guardian.New(folder.Id, c.OrgId, c.SignedInUser)
return Json(200, toFolderDto(g, folder))
} }
func CreateFolder(c *middleware.Context, cmd m.CreateFolderCommand) Response { func CreateFolder(c *middleware.Context, cmd m.CreateFolderCommand) Response {
cmd.OrgId = c.OrgId s := dashboards.NewFolderService(c.OrgId, c.SignedInUser)
cmd.UserId = c.UserId err := s.CreateFolder(&cmd)
dashFolder := cmd.GetDashboardModel()
guardian := guardian.New(0, c.OrgId, c.SignedInUser)
if canSave, err := guardian.CanSave(); err != nil || !canSave {
return folderGuardianResponse(err)
}
if dashFolder.Title == "" {
return ApiError(400, m.ErrFolderTitleEmpty.Error(), nil)
}
limitReached, err := middleware.QuotaReached(c, "folder")
if err != nil {
return ApiError(500, "failed to get quota", err)
}
if limitReached {
return ApiError(403, "Quota reached", nil)
}
saveDashboardDto := &dashboards.SaveDashboardDTO{
Dashboard: dashFolder,
OrgId: c.OrgId,
UserId: c.UserId,
}
folder, err := dashboards.GetRepository().SaveDashboard(saveDashboardDto)
if err != nil { if err != nil {
return toFolderError(err) return toFolderError(err)
} }
return Json(200, toFolderDto(&guardian, folder)) g := guardian.New(cmd.Result.Id, c.OrgId, c.SignedInUser)
return Json(200, toFolderDto(g, cmd.Result))
} }
func UpdateFolder(c *middleware.Context, cmd m.UpdateFolderCommand) Response { func UpdateFolder(c *middleware.Context, cmd m.UpdateFolderCommand) Response {
cmd.OrgId = c.OrgId s := dashboards.NewFolderService(c.OrgId, c.SignedInUser)
cmd.UserId = c.UserId err := s.UpdateFolder(c.Params(":uid"), &cmd)
uid := c.Params(":uid")
dashFolder, rsp := getFolderHelper(c.OrgId, 0, uid)
if rsp != nil {
return rsp
}
guardian := guardian.New(dashFolder.Id, c.OrgId, c.SignedInUser)
if canSave, err := guardian.CanSave(); err != nil || !canSave {
return folderGuardianResponse(err)
}
cmd.UpdateDashboardModel(dashFolder)
if dashFolder.Title == "" {
return ApiError(400, m.ErrFolderTitleEmpty.Error(), nil)
}
saveDashboardDto := &dashboards.SaveDashboardDTO{
Dashboard: dashFolder,
OrgId: c.OrgId,
UserId: c.UserId,
Overwrite: cmd.Overwrite,
}
folder, err := dashboards.GetRepository().SaveDashboard(saveDashboardDto)
if err != nil { if err != nil {
return toFolderError(err) return toFolderError(err)
} }
return Json(200, toFolderDto(&guardian, folder)) g := guardian.New(cmd.Result.Id, c.OrgId, c.SignedInUser)
return Json(200, toFolderDto(g, cmd.Result))
} }
func DeleteFolder(c *middleware.Context) Response { func DeleteFolder(c *middleware.Context) Response {
dashFolder, rsp := getFolderHelper(c.OrgId, 0, c.Params(":uid")) s := dashboards.NewFolderService(c.OrgId, c.SignedInUser)
if rsp != nil { f, err := s.DeleteFolder(c.Params(":uid"))
return rsp if err != nil {
return toFolderError(err)
} }
guardian := guardian.New(dashFolder.Id, c.OrgId, c.SignedInUser) var resp = map[string]interface{}{"title": f.Title}
if canSave, err := guardian.CanSave(); err != nil || !canSave {
return folderGuardianResponse(err)
}
deleteCmd := m.DeleteDashboardCommand{OrgId: c.OrgId, Id: dashFolder.Id}
if err := bus.Dispatch(&deleteCmd); err != nil {
return ApiError(500, "Failed to delete folder", err)
}
var resp = map[string]interface{}{"title": dashFolder.Title}
return Json(200, resp) return Json(200, resp)
} }
func toFolderDto(g *guardian.DashboardGuardian, folder *m.Dashboard) dtos.Folder { func toFolderDto(g guardian.DashboardGuardian, folder *m.Folder) dtos.Folder {
canEdit, _ := g.CanEdit() canEdit, _ := g.CanEdit()
canSave, _ := g.CanSave() canSave, _ := g.CanSave()
canAdmin, _ := g.CanAdmin() canAdmin, _ := g.CanAdmin()
@ -165,7 +104,7 @@ func toFolderDto(g *guardian.DashboardGuardian, folder *m.Dashboard) dtos.Folder
Id: folder.Id, Id: folder.Id,
Uid: folder.Uid, Uid: folder.Uid,
Title: folder.Title, Title: folder.Title,
Url: folder.GetUrl(), Url: folder.Url,
HasAcl: folder.HasAcl, HasAcl: folder.HasAcl,
CanSave: canSave, CanSave: canSave,
CanEdit: canEdit, CanEdit: canEdit,
@ -183,6 +122,10 @@ func toFolderError(err error) Response {
return ApiError(400, m.ErrFolderTitleEmpty.Error(), nil) return ApiError(400, m.ErrFolderTitleEmpty.Error(), nil)
} }
if err == m.ErrFolderAccessDenied {
return ApiError(403, "Access denied", err)
}
if err == m.ErrDashboardWithSameNameInFolderExists { if err == m.ErrDashboardWithSameNameInFolderExists {
return Json(412, util.DynMap{"status": "name-exists", "message": m.ErrFolderSameNameExists.Error()}) return Json(412, util.DynMap{"status": "name-exists", "message": m.ErrFolderSameNameExists.Error()})
} }

View File

@ -1,484 +1,484 @@
package api package api
import ( // import (
"encoding/json" // "encoding/json"
"path/filepath" // "path/filepath"
"testing" // "testing"
"github.com/go-macaron/session" // "github.com/go-macaron/session"
"github.com/grafana/grafana/pkg/api/dtos" // "github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/bus" // "github.com/grafana/grafana/pkg/bus"
"github.com/grafana/grafana/pkg/middleware" // "github.com/grafana/grafana/pkg/middleware"
m "github.com/grafana/grafana/pkg/models" // m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/dashboards" // "github.com/grafana/grafana/pkg/services/dashboards"
macaron "gopkg.in/macaron.v1" // macaron "gopkg.in/macaron.v1"
. "github.com/smartystreets/goconvey/convey" // . "github.com/smartystreets/goconvey/convey"
) // )
func TestFoldersApiEndpoint(t *testing.T) { // func TestFoldersApiEndpoint(t *testing.T) {
Convey("Given a dashboard", t, func() { // Convey("Given a dashboard", t, func() {
fakeDash := m.NewDashboard("Child dash") // fakeDash := m.NewDashboard("Child dash")
fakeDash.Id = 1 // fakeDash.Id = 1
fakeDash.FolderId = 1 // fakeDash.FolderId = 1
fakeDash.HasAcl = false // fakeDash.HasAcl = false
var getDashboardQueries []*m.GetDashboardQuery // var getDashboardQueries []*m.GetDashboardQuery
bus.AddHandler("test", func(query *m.GetDashboardQuery) error { // bus.AddHandler("test", func(query *m.GetDashboardQuery) error {
query.Result = fakeDash // query.Result = fakeDash
getDashboardQueries = append(getDashboardQueries, query) // getDashboardQueries = append(getDashboardQueries, query)
return nil // return nil
}) // })
updateFolderCmd := m.UpdateFolderCommand{} // updateFolderCmd := m.UpdateFolderCommand{}
Convey("When user is an Org Editor", func() { // Convey("When user is an Org Editor", func() {
role := m.ROLE_EDITOR // role := m.ROLE_EDITOR
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) { // loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
callGetFolder(sc) // callGetFolder(sc)
So(sc.resp.Code, ShouldEqual, 404) // So(sc.resp.Code, ShouldEqual, 404)
Convey("Should lookup folder by uid", func() { // Convey("Should lookup folder by uid", func() {
So(getDashboardQueries[0].Uid, ShouldEqual, "uid") // So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
}) // })
}) // })
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) { // loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) {
callGetFolder(sc) // callGetFolder(sc)
So(sc.resp.Code, ShouldEqual, 404) // So(sc.resp.Code, ShouldEqual, 404)
Convey("Should lookup folder by id", func() { // Convey("Should lookup folder by id", func() {
So(getDashboardQueries[0].Id, ShouldEqual, 1) // So(getDashboardQueries[0].Id, ShouldEqual, 1)
}) // })
}) // })
updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) { // updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) {
callUpdateFolder(sc) // callUpdateFolder(sc)
So(sc.resp.Code, ShouldEqual, 404) // So(sc.resp.Code, ShouldEqual, 404)
Convey("Should lookup folder by uid", func() { // Convey("Should lookup folder by uid", func() {
So(getDashboardQueries[0].Uid, ShouldEqual, "uid") // So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
}) // })
}) // })
loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) { // loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
callDeleteFolder(sc) // callDeleteFolder(sc)
So(sc.resp.Code, ShouldEqual, 404) // So(sc.resp.Code, ShouldEqual, 404)
Convey("Should lookup folder by uid", func() { // Convey("Should lookup folder by uid", func() {
So(getDashboardQueries[0].Uid, ShouldEqual, "uid") // So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
}) // })
}) // })
}) // })
}) // })
Convey("Given a folder which does not have an acl", t, func() { // Convey("Given a folder which does not have an acl", t, func() {
fakeFolder := m.NewDashboardFolder("Folder") // fakeFolder := m.NewDashboardFolder("Folder")
fakeFolder.Id = 1 // fakeFolder.Id = 1
fakeFolder.HasAcl = false // fakeFolder.HasAcl = false
var getDashboardQueries []*m.GetDashboardQuery // var getDashboardQueries []*m.GetDashboardQuery
bus.AddHandler("test", func(query *m.GetDashboardQuery) error { // bus.AddHandler("test", func(query *m.GetDashboardQuery) error {
query.Result = fakeFolder // query.Result = fakeFolder
getDashboardQueries = append(getDashboardQueries, query) // getDashboardQueries = append(getDashboardQueries, query)
return nil // return nil
}) // })
viewerRole := m.ROLE_VIEWER // viewerRole := m.ROLE_VIEWER
editorRole := m.ROLE_EDITOR // editorRole := m.ROLE_EDITOR
aclMockResp := []*m.DashboardAclInfoDTO{ // aclMockResp := []*m.DashboardAclInfoDTO{
{Role: &viewerRole, Permission: m.PERMISSION_VIEW}, // {Role: &viewerRole, Permission: m.PERMISSION_VIEW},
{Role: &editorRole, Permission: m.PERMISSION_EDIT}, // {Role: &editorRole, Permission: m.PERMISSION_EDIT},
} // }
bus.AddHandler("test", func(query *m.GetDashboardAclInfoListQuery) error { // bus.AddHandler("test", func(query *m.GetDashboardAclInfoListQuery) error {
query.Result = aclMockResp // query.Result = aclMockResp
return nil // return nil
}) // })
bus.AddHandler("test", func(query *m.GetTeamsByUserQuery) error { // bus.AddHandler("test", func(query *m.GetTeamsByUserQuery) error {
query.Result = []*m.Team{} // query.Result = []*m.Team{}
return nil // return nil
}) // })
cmd := m.CreateFolderCommand{ // cmd := m.CreateFolderCommand{
Title: fakeFolder.Title, // Title: fakeFolder.Title,
} // }
updateFolderCmd := m.UpdateFolderCommand{ // updateFolderCmd := m.UpdateFolderCommand{
Title: fakeFolder.Title, // Title: fakeFolder.Title,
} // }
Convey("When user is an Org Viewer", func() { // Convey("When user is an Org Viewer", func() {
role := m.ROLE_VIEWER // role := m.ROLE_VIEWER
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) { // loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
folder := getFolderShouldReturn200(sc) // folder := getFolderShouldReturn200(sc)
Convey("Should lookup folder by uid", func() { // Convey("Should lookup folder by uid", func() {
So(getDashboardQueries[0].Uid, ShouldEqual, "uid") // So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
}) // })
Convey("Should not be able to edit or save folder", func() { // Convey("Should not be able to edit or save folder", func() {
So(folder.CanEdit, ShouldBeFalse) // So(folder.CanEdit, ShouldBeFalse)
So(folder.CanSave, ShouldBeFalse) // So(folder.CanSave, ShouldBeFalse)
So(folder.CanAdmin, ShouldBeFalse) // So(folder.CanAdmin, ShouldBeFalse)
}) // })
}) // })
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) { // loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) {
folder := getFolderShouldReturn200(sc) // folder := getFolderShouldReturn200(sc)
Convey("Should lookup folder by id", func() { // Convey("Should lookup folder by id", func() {
So(getDashboardQueries[0].Id, ShouldEqual, 1) // So(getDashboardQueries[0].Id, ShouldEqual, 1)
}) // })
Convey("Should not be able to edit or save folder", func() { // Convey("Should not be able to edit or save folder", func() {
So(folder.CanEdit, ShouldBeFalse) // So(folder.CanEdit, ShouldBeFalse)
So(folder.CanSave, ShouldBeFalse) // So(folder.CanSave, ShouldBeFalse)
So(folder.CanAdmin, ShouldBeFalse) // So(folder.CanAdmin, ShouldBeFalse)
}) // })
}) // })
loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) { // loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
callDeleteFolder(sc) // callDeleteFolder(sc)
So(sc.resp.Code, ShouldEqual, 403) // So(sc.resp.Code, ShouldEqual, 403)
Convey("Should lookup folder by uid", func() { // Convey("Should lookup folder by uid", func() {
So(getDashboardQueries[0].Uid, ShouldEqual, "uid") // So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
}) // })
}) // })
createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) { // createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) {
callCreateFolder(sc) // callCreateFolder(sc)
So(sc.resp.Code, ShouldEqual, 403) // So(sc.resp.Code, ShouldEqual, 403)
}) // })
updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) { // updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) {
callUpdateFolder(sc) // callUpdateFolder(sc)
So(sc.resp.Code, ShouldEqual, 403) // So(sc.resp.Code, ShouldEqual, 403)
Convey("Should lookup folder by uid", func() { // Convey("Should lookup folder by uid", func() {
So(getDashboardQueries[0].Uid, ShouldEqual, "uid") // So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
}) // })
}) // })
}) // })
Convey("When user is an Org Editor", func() { // Convey("When user is an Org Editor", func() {
role := m.ROLE_EDITOR // role := m.ROLE_EDITOR
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) { // loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
folder := getFolderShouldReturn200(sc) // folder := getFolderShouldReturn200(sc)
Convey("Should lookup folder by uid", func() { // Convey("Should lookup folder by uid", func() {
So(getDashboardQueries[0].Uid, ShouldEqual, "uid") // So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
}) // })
Convey("Should be able to edit or save folder", func() { // Convey("Should be able to edit or save folder", func() {
So(folder.CanEdit, ShouldBeTrue) // So(folder.CanEdit, ShouldBeTrue)
So(folder.CanSave, ShouldBeTrue) // So(folder.CanSave, ShouldBeTrue)
So(folder.CanAdmin, ShouldBeFalse) // So(folder.CanAdmin, ShouldBeFalse)
}) // })
}) // })
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) { // loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) {
folder := getFolderShouldReturn200(sc) // folder := getFolderShouldReturn200(sc)
Convey("Should lookup folder by id", func() { // Convey("Should lookup folder by id", func() {
So(getDashboardQueries[0].Id, ShouldEqual, 1) // So(getDashboardQueries[0].Id, ShouldEqual, 1)
}) // })
Convey("Should be able to edit or save folder", func() { // Convey("Should be able to edit or save folder", func() {
So(folder.CanEdit, ShouldBeTrue) // So(folder.CanEdit, ShouldBeTrue)
So(folder.CanSave, ShouldBeTrue) // So(folder.CanSave, ShouldBeTrue)
So(folder.CanAdmin, ShouldBeFalse) // So(folder.CanAdmin, ShouldBeFalse)
}) // })
}) // })
loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) { // loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
callDeleteFolder(sc) // callDeleteFolder(sc)
So(sc.resp.Code, ShouldEqual, 200) // So(sc.resp.Code, ShouldEqual, 200)
Convey("Should lookup folder by uid", func() { // Convey("Should lookup folder by uid", func() {
So(getDashboardQueries[0].Uid, ShouldEqual, "uid") // So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
}) // })
}) // })
createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) { // createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) {
callCreateFolder(sc) // callCreateFolder(sc)
So(sc.resp.Code, ShouldEqual, 200) // So(sc.resp.Code, ShouldEqual, 200)
}) // })
updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) { // updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) {
callUpdateFolder(sc) // callUpdateFolder(sc)
So(sc.resp.Code, ShouldEqual, 200) // So(sc.resp.Code, ShouldEqual, 200)
Convey("Should lookup folder by uid", func() { // Convey("Should lookup folder by uid", func() {
So(getDashboardQueries[0].Uid, ShouldEqual, "uid") // So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
}) // })
}) // })
}) // })
}) // })
Convey("Given a folder which have an acl", t, func() { // Convey("Given a folder which have an acl", t, func() {
fakeFolder := m.NewDashboardFolder("Folder") // fakeFolder := m.NewDashboardFolder("Folder")
fakeFolder.Id = 1 // fakeFolder.Id = 1
fakeFolder.HasAcl = true // fakeFolder.HasAcl = true
var getDashboardQueries []*m.GetDashboardQuery // var getDashboardQueries []*m.GetDashboardQuery
bus.AddHandler("test", func(query *m.GetDashboardQuery) error { // bus.AddHandler("test", func(query *m.GetDashboardQuery) error {
query.Result = fakeFolder // query.Result = fakeFolder
getDashboardQueries = append(getDashboardQueries, query) // getDashboardQueries = append(getDashboardQueries, query)
return nil // return nil
}) // })
aclMockResp := []*m.DashboardAclInfoDTO{ // aclMockResp := []*m.DashboardAclInfoDTO{
{ // {
DashboardId: 1, // DashboardId: 1,
Permission: m.PERMISSION_EDIT, // Permission: m.PERMISSION_EDIT,
UserId: 200, // UserId: 200,
}, // },
} // }
bus.AddHandler("test", func(query *m.GetDashboardAclInfoListQuery) error { // bus.AddHandler("test", func(query *m.GetDashboardAclInfoListQuery) error {
query.Result = aclMockResp // query.Result = aclMockResp
return nil // return nil
}) // })
bus.AddHandler("test", func(query *m.GetTeamsByUserQuery) error { // bus.AddHandler("test", func(query *m.GetTeamsByUserQuery) error {
query.Result = []*m.Team{} // query.Result = []*m.Team{}
return nil // return nil
}) // })
cmd := m.CreateFolderCommand{ // cmd := m.CreateFolderCommand{
Title: fakeFolder.Title, // Title: fakeFolder.Title,
} // }
updateFolderCmd := m.UpdateFolderCommand{ // updateFolderCmd := m.UpdateFolderCommand{
Title: fakeFolder.Title, // Title: fakeFolder.Title,
} // }
Convey("When user is an Org Viewer and has no permissions for this folder", func() { // Convey("When user is an Org Viewer and has no permissions for this folder", func() {
role := m.ROLE_VIEWER // role := m.ROLE_VIEWER
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) { // loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
callGetFolder(sc) // callGetFolder(sc)
Convey("Should lookup folder by uid", func() { // Convey("Should lookup folder by uid", func() {
So(getDashboardQueries[0].Uid, ShouldEqual, "uid") // So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
}) // })
Convey("Should be denied access", func() { // Convey("Should be denied access", func() {
So(sc.resp.Code, ShouldEqual, 403) // So(sc.resp.Code, ShouldEqual, 403)
}) // })
}) // })
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) { // loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) {
callGetFolder(sc) // callGetFolder(sc)
Convey("Should lookup folder by id", func() { // Convey("Should lookup folder by id", func() {
So(getDashboardQueries[0].Id, ShouldEqual, 1) // So(getDashboardQueries[0].Id, ShouldEqual, 1)
}) // })
Convey("Should be denied access", func() { // Convey("Should be denied access", func() {
So(sc.resp.Code, ShouldEqual, 403) // So(sc.resp.Code, ShouldEqual, 403)
}) // })
}) // })
loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) { // loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
callDeleteFolder(sc) // callDeleteFolder(sc)
So(sc.resp.Code, ShouldEqual, 403) // So(sc.resp.Code, ShouldEqual, 403)
Convey("Should lookup folder by uid", func() { // Convey("Should lookup folder by uid", func() {
So(getDashboardQueries[0].Uid, ShouldEqual, "uid") // So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
}) // })
}) // })
createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) { // createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) {
callCreateFolder(sc) // callCreateFolder(sc)
So(sc.resp.Code, ShouldEqual, 403) // So(sc.resp.Code, ShouldEqual, 403)
}) // })
updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) { // updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) {
callUpdateFolder(sc) // callUpdateFolder(sc)
So(sc.resp.Code, ShouldEqual, 403) // So(sc.resp.Code, ShouldEqual, 403)
Convey("Should lookup folder by uid", func() { // Convey("Should lookup folder by uid", func() {
So(getDashboardQueries[0].Uid, ShouldEqual, "uid") // So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
}) // })
}) // })
}) // })
Convey("When user is an Org Editor and has no permissions for this folder", func() { // Convey("When user is an Org Editor and has no permissions for this folder", func() {
role := m.ROLE_EDITOR // role := m.ROLE_EDITOR
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) { // loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
callGetFolder(sc) // callGetFolder(sc)
Convey("Should lookup folder by uid", func() { // Convey("Should lookup folder by uid", func() {
So(getDashboardQueries[0].Uid, ShouldEqual, "uid") // So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
}) // })
Convey("Should be denied access", func() { // Convey("Should be denied access", func() {
So(sc.resp.Code, ShouldEqual, 403) // So(sc.resp.Code, ShouldEqual, 403)
}) // })
}) // })
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) { // loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/folders/1", "/api/folders/:id", role, func(sc *scenarioContext) {
callGetFolder(sc) // callGetFolder(sc)
Convey("Should lookup folder by id", func() { // Convey("Should lookup folder by id", func() {
So(getDashboardQueries[0].Id, ShouldEqual, 1) // So(getDashboardQueries[0].Id, ShouldEqual, 1)
}) // })
Convey("Should be denied access", func() { // Convey("Should be denied access", func() {
So(sc.resp.Code, ShouldEqual, 403) // So(sc.resp.Code, ShouldEqual, 403)
}) // })
}) // })
loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) { // loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/folders/uid", "/api/folders/:uid", role, func(sc *scenarioContext) {
callDeleteFolder(sc) // callDeleteFolder(sc)
So(sc.resp.Code, ShouldEqual, 403) // So(sc.resp.Code, ShouldEqual, 403)
Convey("Should lookup folder by uid", func() { // Convey("Should lookup folder by uid", func() {
So(getDashboardQueries[0].Uid, ShouldEqual, "uid") // So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
}) // })
}) // })
createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) { // createFolderScenario("When calling POST on", "/api/folders", "/api/folders", role, cmd, func(sc *scenarioContext) {
callCreateFolder(sc) // callCreateFolder(sc)
So(sc.resp.Code, ShouldEqual, 403) // So(sc.resp.Code, ShouldEqual, 403)
}) // })
updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) { // updateFolderScenario("When calling PUT on", "/api/folders/uid", "/api/folders/:uid", role, updateFolderCmd, func(sc *scenarioContext) {
callUpdateFolder(sc) // callUpdateFolder(sc)
So(sc.resp.Code, ShouldEqual, 403) // So(sc.resp.Code, ShouldEqual, 403)
Convey("Should lookup folder by uid", func() { // Convey("Should lookup folder by uid", func() {
So(getDashboardQueries[0].Uid, ShouldEqual, "uid") // So(getDashboardQueries[0].Uid, ShouldEqual, "uid")
}) // })
}) // })
}) // })
}) // })
} // }
func getFolderShouldReturn200(sc *scenarioContext) dtos.Folder { // func getFolderShouldReturn200(sc *scenarioContext) dtos.Folder {
callGetFolder(sc) // callGetFolder(sc)
So(sc.resp.Code, ShouldEqual, 200) // So(sc.resp.Code, ShouldEqual, 200)
folder := dtos.Folder{} // folder := dtos.Folder{}
err := json.NewDecoder(sc.resp.Body).Decode(&folder) // err := json.NewDecoder(sc.resp.Body).Decode(&folder)
So(err, ShouldBeNil) // So(err, ShouldBeNil)
return folder // return folder
} // }
func callGetFolder(sc *scenarioContext) { // func callGetFolder(sc *scenarioContext) {
sc.handlerFunc = GetFolder // sc.handlerFunc = GetFolder
sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec() // sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()
} // }
func callDeleteFolder(sc *scenarioContext) { // func callDeleteFolder(sc *scenarioContext) {
bus.AddHandler("test", func(cmd *m.DeleteDashboardCommand) error { // bus.AddHandler("test", func(cmd *m.DeleteDashboardCommand) error {
return nil // return nil
}) // })
sc.handlerFunc = DeleteFolder // sc.handlerFunc = DeleteFolder
sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec() // sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()
} // }
func callCreateFolder(sc *scenarioContext) { // func callCreateFolder(sc *scenarioContext) {
bus.AddHandler("test", func(cmd *m.SaveDashboardCommand) error { // bus.AddHandler("test", func(cmd *m.SaveDashboardCommand) error {
cmd.Result = &m.Dashboard{Id: 1, Slug: "folder", Version: 2} // cmd.Result = &m.Dashboard{Id: 1, Slug: "folder", Version: 2}
return nil // return nil
}) // })
sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec() // sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
} // }
func callUpdateFolder(sc *scenarioContext) { // func callUpdateFolder(sc *scenarioContext) {
bus.AddHandler("test", func(cmd *m.SaveDashboardCommand) error { // bus.AddHandler("test", func(cmd *m.SaveDashboardCommand) error {
cmd.Result = &m.Dashboard{Id: 1, Slug: "folder", Version: 2} // cmd.Result = &m.Dashboard{Id: 1, Slug: "folder", Version: 2}
return nil // return nil
}) // })
sc.fakeReqWithParams("PUT", sc.url, map[string]string{}).exec() // sc.fakeReqWithParams("PUT", sc.url, map[string]string{}).exec()
} // }
func createFolderScenario(desc string, url string, routePattern string, role m.RoleType, cmd m.CreateFolderCommand, fn scenarioFunc) { // func createFolderScenario(desc string, url string, routePattern string, role m.RoleType, cmd m.CreateFolderCommand, fn scenarioFunc) {
Convey(desc+" "+url, func() { // Convey(desc+" "+url, func() {
defer bus.ClearBusHandlers() // defer bus.ClearBusHandlers()
sc := &scenarioContext{ // sc := &scenarioContext{
url: url, // url: url,
} // }
viewsPath, _ := filepath.Abs("../../public/views") // viewsPath, _ := filepath.Abs("../../public/views")
sc.m = macaron.New() // sc.m = macaron.New()
sc.m.Use(macaron.Renderer(macaron.RenderOptions{ // sc.m.Use(macaron.Renderer(macaron.RenderOptions{
Directory: viewsPath, // Directory: viewsPath,
Delims: macaron.Delims{Left: "[[", Right: "]]"}, // Delims: macaron.Delims{Left: "[[", Right: "]]"},
})) // }))
sc.m.Use(middleware.GetContextHandler()) // sc.m.Use(middleware.GetContextHandler())
sc.m.Use(middleware.Sessioner(&session.Options{})) // sc.m.Use(middleware.Sessioner(&session.Options{}))
sc.defaultHandler = wrap(func(c *middleware.Context) Response { // sc.defaultHandler = wrap(func(c *middleware.Context) Response {
sc.context = c // sc.context = c
sc.context.UserId = TestUserID // sc.context.UserId = TestUserID
sc.context.OrgId = TestOrgID // sc.context.OrgId = TestOrgID
sc.context.OrgRole = role // sc.context.OrgRole = role
return CreateFolder(c, cmd) // return CreateFolder(c, cmd)
}) // })
fakeRepo = &fakeDashboardRepo{} // fakeRepo = &fakeDashboardRepo{}
dashboards.SetRepository(fakeRepo) // dashboards.SetRepository(fakeRepo)
sc.m.Post(routePattern, sc.defaultHandler) // sc.m.Post(routePattern, sc.defaultHandler)
fn(sc) // fn(sc)
}) // })
} // }
func updateFolderScenario(desc string, url string, routePattern string, role m.RoleType, cmd m.UpdateFolderCommand, fn scenarioFunc) { // func updateFolderScenario(desc string, url string, routePattern string, role m.RoleType, cmd m.UpdateFolderCommand, fn scenarioFunc) {
Convey(desc+" "+url, func() { // Convey(desc+" "+url, func() {
defer bus.ClearBusHandlers() // defer bus.ClearBusHandlers()
sc := &scenarioContext{ // sc := &scenarioContext{
url: url, // url: url,
} // }
viewsPath, _ := filepath.Abs("../../public/views") // viewsPath, _ := filepath.Abs("../../public/views")
sc.m = macaron.New() // sc.m = macaron.New()
sc.m.Use(macaron.Renderer(macaron.RenderOptions{ // sc.m.Use(macaron.Renderer(macaron.RenderOptions{
Directory: viewsPath, // Directory: viewsPath,
Delims: macaron.Delims{Left: "[[", Right: "]]"}, // Delims: macaron.Delims{Left: "[[", Right: "]]"},
})) // }))
sc.m.Use(middleware.GetContextHandler()) // sc.m.Use(middleware.GetContextHandler())
sc.m.Use(middleware.Sessioner(&session.Options{})) // sc.m.Use(middleware.Sessioner(&session.Options{}))
sc.defaultHandler = wrap(func(c *middleware.Context) Response { // sc.defaultHandler = wrap(func(c *middleware.Context) Response {
sc.context = c // sc.context = c
sc.context.UserId = TestUserID // sc.context.UserId = TestUserID
sc.context.OrgId = TestOrgID // sc.context.OrgId = TestOrgID
sc.context.OrgRole = role // sc.context.OrgRole = role
return UpdateFolder(c, cmd) // return UpdateFolder(c, cmd)
}) // })
fakeRepo = &fakeDashboardRepo{} // fakeRepo = &fakeDashboardRepo{}
dashboards.SetRepository(fakeRepo) // dashboards.SetRepository(fakeRepo)
sc.m.Put(routePattern, sc.defaultHandler) // sc.m.Put(routePattern, sc.defaultHandler)
fn(sc) // fn(sc)
}) // })
} // }