IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Chore: Move team models to models pkg (#61262)

Browse Source 
* Chore: Move team models to models pkg

* Fix ACL tests

* More ACL tests

* Change Id to ID in conflict user command test

* Remove team from models

* Fix ac test lint
This commit is contained in:
idafurjes 2023-01-11 14:20:09 +01:00 committed by GitHub
parent 672b1711b0
commit f2ffce4351
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 385 additions and 359 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/api/common_test.go
View File

@ -564,7 +564,7 @@ func setUp(confs ...setUpConf) *HTTPServer {
aclMockResp = c.aclMockResp
}
}
store.ExpectedTeamsByUser = []*models.TeamDTO{}
store.ExpectedTeamsByUser = []*team.TeamDTO{}
teamSvc := &teamtest.FakeService{}
dashSvc := &dashboards.FakeDashboardService{}
dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) {

7
pkg/api/dashboard_snapshot_test.go
View File

@ -20,6 +20,7 @@ import (
"github.com/grafana/grafana/pkg/services/guardian"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/sqlstore/mockstore"
"github.com/grafana/grafana/pkg/services/team"
"github.com/grafana/grafana/pkg/services/team/teamtest"
)
@ -33,7 +34,7 @@ func TestDashboardSnapshotAPIEndpoint_singleSnapshot(t *testing.T) {
}
sqlmock := mockstore.NewSQLStoreMock()
sqlmock.ExpectedTeamsByUser = []*models.TeamDTO{}
sqlmock.ExpectedTeamsByUser = []*team.TeamDTO{}
jsonModel, err := simplejson.NewJson([]byte(`{"id":100}`))
require.NoError(t, err)
@ -257,7 +258,7 @@ func TestDashboardSnapshotAPIEndpoint_singleSnapshot(t *testing.T) {
func TestGetDashboardSnapshotNotFound(t *testing.T) {
sqlmock := mockstore.NewSQLStoreMock()
sqlmock.ExpectedTeamsByUser = []*models.TeamDTO{}
sqlmock.ExpectedTeamsByUser = []*team.TeamDTO{}
setUpSnapshotTest := func(t *testing.T) dashboardsnapshots.Service {
t.Helper()
@ -307,7 +308,7 @@ func TestGetDashboardSnapshotNotFound(t *testing.T) {
func TestGetDashboardSnapshotFailure(t *testing.T) {
sqlmock := mockstore.NewSQLStoreMock()
sqlmock.ExpectedTeamsByUser = []*models.TeamDTO{}
sqlmock.ExpectedTeamsByUser = []*team.TeamDTO{}
setUpSnapshotTest := func(t *testing.T) dashboardsnapshots.Service {
t.Helper()

2
pkg/api/org_users_test.go
View File

@ -244,7 +244,7 @@ func TestOrgUsersAPIEndpoint_LegacyAccessControl_TeamAdmin(t *testing.T) {
// Setup store teams
team1, err := sc.teamService.CreateTeam("testteam1", "testteam1@example.org", testOrgID)
require.NoError(t, err)
err = sc.teamService.AddTeamMember(testUserID, testOrgID, team1.Id, false, models.PERMISSION_ADMIN)
err = sc.teamService.AddTeamMember(testUserID, testOrgID, team1.ID, false, models.PERMISSION_ADMIN)
require.NoError(t, err)
response := callAPI(sc.server, http.MethodGet, "/api/org/users/lookup", nil, t)

89
pkg/api/team.go
View File

@ -9,6 +9,7 @@ import (
"github.com/grafana/grafana/pkg/api/response"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/team"
"github.com/grafana/grafana/pkg/util"
"github.com/grafana/grafana/pkg/web"
)
@ -24,7 +25,7 @@ import (
// 409: conflictError
// 500: internalServerError
func (hs *HTTPServer) CreateTeam(c *models.ReqContext) response.Response {
cmd := models.CreateTeamCommand{}
cmd := team.CreateTeamCommand{}
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
@ -33,9 +34,9 @@ func (hs *HTTPServer) CreateTeam(c *models.ReqContext) response.Response {
return response.Error(403, "Not allowed to create team.", nil)
}
team, err := hs.teamService.CreateTeam(cmd.Name, cmd.Email, c.OrgID)
t, err := hs.teamService.CreateTeam(cmd.Name, cmd.Email, c.OrgID)
if err != nil {
if errors.Is(err, models.ErrTeamNameTaken) {
if errors.Is(err, team.ErrTeamNameTaken) {
return response.Error(409, "Team name taken", err)
}
return response.Error(500, "Failed to create Team", err)
@ -52,7 +53,7 @@ func (hs *HTTPServer) CreateTeam(c *models.ReqContext) response.Response {
// the SignedInUser is an empty struct therefore
// an additional check whether it is an actual user is required
if c.SignedInUser.IsRealUser() {
if err := addOrUpdateTeamMember(c.Req.Context(), hs.teamPermissionsService, c.SignedInUser.UserID, c.OrgID, team.Id, models.PERMISSION_ADMIN.String()); err != nil {
if err := addOrUpdateTeamMember(c.Req.Context(), hs.teamPermissionsService, c.SignedInUser.UserID, c.OrgID, t.ID, models.PERMISSION_ADMIN.String()); err != nil {
c.Logger.Error("Could not add creator to team", "error", err)
}
} else {
@ -60,7 +61,7 @@ func (hs *HTTPServer) CreateTeam(c *models.ReqContext) response.Response {
}
}
return response.JSON(http.StatusOK, &util.DynMap{
"teamId": team.Id,
"teamId": t.ID,
"message": "Team created",
})
}
@ -77,25 +78,25 @@ func (hs *HTTPServer) CreateTeam(c *models.ReqContext) response.Response {
// 409: conflictError
// 500: internalServerError
func (hs *HTTPServer) UpdateTeam(c *models.ReqContext) response.Response {
cmd := models.UpdateTeamCommand{}
cmd := team.UpdateTeamCommand{}
var err error
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
cmd.OrgId = c.OrgID
cmd.Id, err = strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64)
cmd.OrgID = c.OrgID
cmd.ID, err = strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "teamId is invalid", err)
}
if hs.AccessControl.IsDisabled() {
if err := hs.teamGuardian.CanAdmin(c.Req.Context(), cmd.OrgId, cmd.Id, c.SignedInUser); err != nil {
if err := hs.teamGuardian.CanAdmin(c.Req.Context(), cmd.OrgID, cmd.ID, c.SignedInUser); err != nil {
return response.Error(403, "Not allowed to update team", err)
}
}
if err := hs.teamService.UpdateTeam(c.Req.Context(), &cmd); err != nil {
if errors.Is(err, models.ErrTeamNameTaken) {
if errors.Is(err, team.ErrTeamNameTaken) {
return response.Error(400, "Team name taken", err)
}
return response.Error(500, "Failed to update Team", err)
@ -115,21 +116,21 @@ func (hs *HTTPServer) UpdateTeam(c *models.ReqContext) response.Response {
// 404: notFoundError
// 500: internalServerError
func (hs *HTTPServer) DeleteTeamByID(c *models.ReqContext) response.Response {
orgId := c.OrgID
teamId, err := strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64)
orgID := c.OrgID
teamID, err := strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "teamId is invalid", err)
}
user := c.SignedInUser
if hs.AccessControl.IsDisabled() {
if err := hs.teamGuardian.CanAdmin(c.Req.Context(), orgId, teamId, user); err != nil {
if err := hs.teamGuardian.CanAdmin(c.Req.Context(), orgID, teamID, user); err != nil {
return response.Error(403, "Not allowed to delete team", err)
}
}
if err := hs.teamService.DeleteTeam(c.Req.Context(), &models.DeleteTeamCommand{OrgId: orgId, Id: teamId}); err != nil {
if errors.Is(err, models.ErrTeamNotFound) {
if err := hs.teamService.DeleteTeam(c.Req.Context(), &team.DeleteTeamCommand{OrgID: orgID, ID: teamID}); err != nil {
if errors.Is(err, team.ErrTeamNotFound) {
return response.Error(404, "Failed to delete Team. ID not found", nil)
}
return response.Error(500, "Failed to delete Team", err)
@ -157,43 +158,44 @@ func (hs *HTTPServer) SearchTeams(c *models.ReqContext) response.Response {
}
// Using accesscontrol the filtering is done based on user permissions
userIdFilter := models.FilterIgnoreUser
userIDFilter := team.FilterIgnoreUser
if hs.AccessControl.IsDisabled() {
userIdFilter = userFilter(c)
userIDFilter = userFilter(c)
}
query := models.SearchTeamsQuery{
OrgId: c.OrgID,
query := team.SearchTeamsQuery{
OrgID: c.OrgID,
Query: c.Query("query"),
Name: c.Query("name"),
UserIdFilter: userIdFilter,
UserIDFilter: userIDFilter,
Page: page,
Limit: perPage,
SignedInUser: c.SignedInUser,
HiddenUsers: hs.Cfg.HiddenUsers,
}
if err := hs.teamService.SearchTeams(c.Req.Context(), &query); err != nil {
queryResult, err := hs.teamService.SearchTeams(c.Req.Context(), &query)
if err != nil {
return response.Error(500, "Failed to search Teams", err)
}
teamIDs := map[string]bool{}
for _, team := range query.Result.Teams {
team.AvatarUrl = dtos.GetGravatarUrlWithDefault(team.Email, team.Name)
teamIDs[strconv.FormatInt(team.Id, 10)] = true
for _, team := range queryResult.Teams {
team.AvatarURL = dtos.GetGravatarUrlWithDefault(team.Email, team.Name)
teamIDs[strconv.FormatInt(team.ID, 10)] = true
}
metadata := hs.getMultiAccessControlMetadata(c, c.OrgID, "teams:id:", teamIDs)
if len(metadata) > 0 {
for _, team := range query.Result.Teams {
team.AccessControl = metadata[strconv.FormatInt(team.Id, 10)]
for _, team := range queryResult.Teams {
team.AccessControl = metadata[strconv.FormatInt(team.ID, 10)]
}
}
query.Result.Page = page
query.Result.PerPage = perPage
queryResult.Page = page
queryResult.PerPage = perPage
return response.JSON(http.StatusOK, query.Result)
return response.JSON(http.StatusOK, queryResult)
}
// UserFilter returns the user ID used in a filter when querying a team
@ -202,7 +204,7 @@ func (hs *HTTPServer) SearchTeams(c *models.ReqContext) response.Response {
func userFilter(c *models.ReqContext) int64 {
userIdFilter := c.SignedInUser.UserID
if c.OrgRole == org.RoleAdmin {
userIdFilter = models.FilterIgnoreUser
userIdFilter = team.FilterIgnoreUser
}
return userIdFilter
}
@ -224,21 +226,22 @@ func (hs *HTTPServer) GetTeamByID(c *models.ReqContext) response.Response {
}
// Using accesscontrol the filtering has already been performed at middleware layer
userIdFilter := models.FilterIgnoreUser
userIdFilter := team.FilterIgnoreUser
if hs.AccessControl.IsDisabled() {
userIdFilter = userFilter(c)
}
query := models.GetTeamByIdQuery{
OrgId: c.OrgID,
Id: teamId,
query := team.GetTeamByIDQuery{
OrgID: c.OrgID,
ID: teamId,
SignedInUser: c.SignedInUser,
HiddenUsers: hs.Cfg.HiddenUsers,
UserIdFilter: userIdFilter,
}
if err := hs.teamService.GetTeamById(c.Req.Context(), &query); err != nil {
if errors.Is(err, models.ErrTeamNotFound) {
queryResult, err := hs.teamService.GetTeamByID(c.Req.Context(), &query)
if err != nil {
if errors.Is(err, team.ErrTeamNotFound) {
return response.Error(404, "Team not found", err)
}
@ -246,10 +249,10 @@ func (hs *HTTPServer) GetTeamByID(c *models.ReqContext) response.Response {
}
// Add accesscontrol metadata
query.Result.AccessControl = hs.getAccessControlMetadata(c, c.OrgID, "teams:id:", strconv.FormatInt(query.Result.Id, 10))
queryResult.AccessControl = hs.getAccessControlMetadata(c, c.OrgID, "teams:id:", strconv.FormatInt(queryResult.ID, 10))
query.Result.AvatarUrl = dtos.GetGravatarUrlWithDefault(query.Result.Email, query.Result.Name)
return response.JSON(http.StatusOK, &query.Result)
queryResult.AvatarURL = dtos.GetGravatarUrlWithDefault(queryResult.Email, queryResult.Name)
return response.JSON(http.StatusOK, &queryResult)
}
// swagger:route GET /teams/{team_id}/preferences teams getTeamPreferences
@ -361,14 +364,14 @@ type SearchTeamsParams struct {
type CreateTeamParams struct {
// in:body
// required:true
Body models.CreateTeamCommand `json:"body"`
Body team.CreateTeamCommand `json:"body"`
}
// swagger:parameters updateTeam
type UpdateTeamParams struct {
// in:body
// required:true
Body models.UpdateTeamCommand `json:"body"`
Body team.UpdateTeamCommand `json:"body"`
// in:path
// required:true
TeamID string `json:"team_id"`
@ -378,14 +381,14 @@ type UpdateTeamParams struct {
type SearchTeamsResponse struct {
// The response message
// in: body
Body models.SearchTeamQueryResult `json:"body"`
Body team.SearchTeamQueryResult `json:"body"`
}
// swagger:response getTeamByIDResponse
type GetTeamByIDResponse struct {
// The response message
// in: body
Body *models.TeamDTO `json:"body"`
Body *team.TeamDTO `json:"body"`
}
// swagger:response createTeamResponse

5
pkg/api/team_members.go
View File

@ -12,6 +12,7 @@ import (
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/login"
"github.com/grafana/grafana/pkg/services/team"
"github.com/grafana/grafana/pkg/util"
"github.com/grafana/grafana/pkg/web"
)
@ -197,11 +198,11 @@ func (hs *HTTPServer) RemoveTeamMember(c *models.ReqContext) response.Response {
teamIDString := strconv.FormatInt(teamId, 10)
if _, err := hs.teamPermissionsService.SetUserPermission(c.Req.Context(), orgId, accesscontrol.User{ID: userId}, teamIDString, ""); err != nil {
if errors.Is(err, models.ErrTeamNotFound) {
if errors.Is(err, team.ErrTeamNotFound) {
return response.Error(404, "Team not found", nil)
}
if errors.Is(err, models.ErrTeamMemberNotFound) {
if errors.Is(err, team.ErrTeamMemberNotFound) {
return response.Error(404, "Team member not found", nil)
}

2
pkg/api/team_members_test.go
View File

@ -65,7 +65,7 @@ func setUpGetTeamMembersHandler(t *testing.T, sqlStore *sqlstore.SQLStore) {
// user
user, err := usrSvc.CreateUserForTests(context.Background(), &userCmd)
require.NoError(t, err)
err = teamSvc.AddTeamMember(user.ID, testOrgID, team.Id, false, 1)
err = teamSvc.AddTeamMember(user.ID, testOrgID, team.ID, false, 1)
require.NoError(t, err)
}
}

23
pkg/api/team_test.go
View File

@ -21,6 +21,7 @@ import (
pref "github.com/grafana/grafana/pkg/services/preference"
"github.com/grafana/grafana/pkg/services/preference/preftest"
"github.com/grafana/grafana/pkg/services/sqlstore/mockstore"
"github.com/grafana/grafana/pkg/services/team"
"github.com/grafana/grafana/pkg/services/team/teamimpl"
"github.com/grafana/grafana/pkg/services/team/teamtest"
"github.com/grafana/grafana/pkg/services/user"
@ -49,7 +50,7 @@ func TestTeamAPIEndpoint(t *testing.T) {
sc.handlerFunc = hs.SearchTeams
sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()
require.Equal(t, http.StatusOK, sc.resp.Code)
var resp models.SearchTeamQueryResult
var resp team.SearchTeamQueryResult
err = json.Unmarshal(sc.resp.Body.Bytes(), &resp)
require.NoError(t, err)
@ -65,13 +66,13 @@ func TestTeamAPIEndpoint(t *testing.T) {
require.NoError(t, err)
// Adding the test user to the teams in order for him to list them
err = hs.teamService.AddTeamMember(testUserID, testOrgID, team1.Id, false, 0)
err = hs.teamService.AddTeamMember(testUserID, testOrgID, team1.ID, false, 0)
require.NoError(t, err)
sc.handlerFunc = hs.SearchTeams
sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()
require.Equal(t, http.StatusOK, sc.resp.Code)
var resp models.SearchTeamQueryResult
var resp team.SearchTeamQueryResult
err = json.Unmarshal(sc.resp.Body.Bytes(), &resp)
require.NoError(t, err)
@ -87,15 +88,15 @@ func TestTeamAPIEndpoint(t *testing.T) {
require.NoError(t, err)
// Adding the test user to the teams in order for him to list them
err = hs.teamService.AddTeamMember(testUserID, testOrgID, team1.Id, false, 0)
err = hs.teamService.AddTeamMember(testUserID, testOrgID, team1.ID, false, 0)
require.NoError(t, err)
err = hs.teamService.AddTeamMember(testUserID, testOrgID, team2.Id, false, 0)
err = hs.teamService.AddTeamMember(testUserID, testOrgID, team2.ID, false, 0)
require.NoError(t, err)
sc.handlerFunc = hs.SearchTeams
sc.fakeReqWithParams("GET", sc.url, map[string]string{"perpage": "10", "page": "2"}).exec()
require.Equal(t, http.StatusOK, sc.resp.Code)
var resp models.SearchTeamQueryResult
var resp team.SearchTeamQueryResult
err = json.Unmarshal(sc.resp.Body.Bytes(), &resp)
require.NoError(t, err)
@ -129,7 +130,7 @@ func TestTeamAPIEndpoint(t *testing.T) {
Logger: logger,
}
c.OrgRole = org.RoleEditor
c.Req.Body = mockRequestBody(models.CreateTeamCommand{Name: teamName})
c.Req.Body = mockRequestBody(team.CreateTeamCommand{Name: teamName})
c.Req.Header.Add("Content-Type", "application/json")
r := hs.CreateTeam(c)
@ -146,7 +147,7 @@ func TestTeamAPIEndpoint(t *testing.T) {
Logger: logger,
}
c.OrgRole = org.RoleEditor
c.Req.Body = mockRequestBody(models.CreateTeamCommand{Name: teamName})
c.Req.Body = mockRequestBody(team.CreateTeamCommand{Name: teamName})
c.Req.Header.Add("Content-Type", "application/json")
r := hs.CreateTeam(c)
assert.Equal(t, 200, r.Status())
@ -270,7 +271,7 @@ func TestTeamAPIEndpoint_SearchTeams_RBAC(t *testing.T) {
func TestTeamAPIEndpoint_GetTeamByID_RBAC(t *testing.T) {
server := SetupAPITestServer(t, func(hs *HTTPServer) {
hs.Cfg = setting.NewCfg()
hs.teamService = &teamtest.FakeService{ExpectedTeamDTO: &models.TeamDTO{}}
hs.teamService = &teamtest.FakeService{ExpectedTeamDTO: &team.TeamDTO{}}
})
url := fmt.Sprintf(detailTeamURL, 1)
@ -313,7 +314,7 @@ func TestTeamAPIEndpoint_GetTeamByID_RBAC(t *testing.T) {
func TestTeamAPIEndpoint_UpdateTeam_RBAC(t *testing.T) {
server := SetupAPITestServer(t, func(hs *HTTPServer) {
hs.Cfg = setting.NewCfg()
hs.teamService = &teamtest.FakeService{ExpectedTeamDTO: &models.TeamDTO{}}
hs.teamService = &teamtest.FakeService{ExpectedTeamDTO: &team.TeamDTO{}}
})
request := func(teamID int64, user *user.SignedInUser) (*http.Response, error) {
@ -356,7 +357,7 @@ func TestTeamAPIEndpoint_UpdateTeam_RBAC(t *testing.T) {
func TestTeamAPIEndpoint_DeleteTeam_RBAC(t *testing.T) {
server := SetupAPITestServer(t, func(hs *HTTPServer) {
hs.Cfg = setting.NewCfg()
hs.teamService = &teamtest.FakeService{ExpectedTeamDTO: &models.TeamDTO{}}
hs.teamService = &teamtest.FakeService{ExpectedTeamDTO: &team.TeamDTO{}}
})
request := func(teamID int64, user *user.SignedInUser) (*http.Response, error) {

16
pkg/api/user.go
View File

@ -12,6 +12,7 @@ import (
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/login"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/team"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util"
@ -289,16 +290,17 @@ func (hs *HTTPServer) GetUserTeams(c *models.ReqContext) response.Response {
}
func (hs *HTTPServer) getUserTeamList(c *models.ReqContext, orgID int64, userID int64) response.Response {
query := models.GetTeamsByUserQuery{OrgId: orgID, UserId: userID, SignedInUser: c.SignedInUser}
query := team.GetTeamsByUserQuery{OrgID: orgID, UserID: userID, SignedInUser: c.SignedInUser}
if err := hs.teamService.GetTeamsByUser(c.Req.Context(), &query); err != nil {
queryResult, err := hs.teamService.GetTeamsByUser(c.Req.Context(), &query)
if err != nil {
return response.Error(500, "Failed to get user teams", err)
}
for _, team := range query.Result {
team.AvatarUrl = dtos.GetGravatarUrlWithDefault(team.Email, team.Name)
for _, team := range queryResult {
team.AvatarURL = dtos.GetGravatarUrlWithDefault(team.Email, team.Name)
}
return response.JSON(http.StatusOK, query.Result)
return response.JSON(http.StatusOK, queryResult)
}
// swagger:route GET /users/{user_id}/orgs users getUserOrgList
@ -657,14 +659,14 @@ type GetSignedInUserOrgListResponse struct {
type GetUserTeamsResponse struct {
// The response message
// in: body
Body []*models.TeamDTO `json:"body"`
Body []*team.TeamDTO `json:"body"`
}
// swagger:response getSignedInUserTeamListResponse
type GetSignedInUserTeamListResponse struct {
// The response message
// in: body
Body []*models.TeamDTO `json:"body"`
Body []*team.TeamDTO `json:"body"`
}
// swagger:response helpFlagResponse

2
pkg/cmd/grafana-cli/commands/conflict_user_command_test.go
View File

@ -621,7 +621,7 @@ func TestIntegrationMergeUser(t *testing.T) {
userWithUpperCase, err := usrSvc.Create(context.Background(), &dupUserEmailcmd)
require.NoError(t, err)
// this is the user we want to update to another team
err = teamSvc.AddTeamMember(userWithUpperCase.ID, testOrgID, team1.Id, false, 0)
err = teamSvc.AddTeamMember(userWithUpperCase.ID, testOrgID, team1.ID, false, 0)
require.NoError(t, err)
// get users

7
pkg/middleware/auth.go
View File

@ -223,12 +223,13 @@ func OrgAdminDashOrFolderAdminOrTeamAdmin(ss db.DB, ds dashboards.DashboardServi
return
}
isAdminOfTeamsQuery := models.IsAdminOfTeamsQuery{SignedInUser: c.SignedInUser}
if err := ts.IsAdminOfTeams(c.Req.Context(), &isAdminOfTeamsQuery); err != nil {
isAdminOfTeamsQuery := team.IsAdminOfTeamsQuery{SignedInUser: c.SignedInUser}
isAdminOfTeamsQueryResult, err := ts.IsAdminOfTeams(c.Req.Context(), &isAdminOfTeamsQuery)
if err != nil {
c.JsonApiErr(500, "Failed to check if user is a team admin", err)
}
if isAdminOfTeamsQuery.Result {
if isAdminOfTeamsQueryResult {
return
}

12
pkg/services/accesscontrol/database/database_test.go
View File

@ -89,7 +89,7 @@ func TestAccessControlStore_GetUserPermissions(t *testing.T) {
}
for _, id := range tt.teamPermissions {
_, err := permissionStore.SetTeamResourcePermission(context.Background(), tt.orgID, team.Id, rs.SetResourcePermissionCommand{
_, err := permissionStore.SetTeamResourcePermission(context.Background(), tt.orgID, team.ID, rs.SetResourcePermissionCommand{
Actions: []string{"dashboards:read"},
Resource: "dashboards",
ResourceID: id,
@ -117,7 +117,7 @@ func TestAccessControlStore_GetUserPermissions(t *testing.T) {
}
userID := user.ID
teamIDs := []int64{team.Id}
teamIDs := []int64{team.ID}
if tt.anonymousUser {
userID = 0
teamIDs = []int64{}
@ -217,7 +217,7 @@ func TestAccessControlStore_DeleteUserPermissions(t *testing.T) {
})
}
func createUserAndTeam(t *testing.T, userSrv user.Service, teamSvc team.Service, orgID int64) (*user.User, models.Team) {
func createUserAndTeam(t *testing.T, userSrv user.Service, teamSvc team.Service, orgID int64) (*user.User, team.Team) {
t.Helper()
user, err := userSrv.Create(context.Background(), &user.CreateUserCommand{
@ -229,7 +229,7 @@ func createUserAndTeam(t *testing.T, userSrv user.Service, teamSvc team.Service,
team, err := teamSvc.CreateTeam("team", "", orgID)
require.NoError(t, err)
err = teamSvc.AddTeamMember(user.ID, orgID, team.Id, false, models.PERMISSION_VIEW)
err = teamSvc.AddTeamMember(user.ID, orgID, team.ID, false, models.PERMISSION_VIEW)
require.NoError(t, err)
return user, team
@ -276,14 +276,14 @@ func createUsersAndTeams(t *testing.T, svcs helperServices, orgID int64, users [
team, err := svcs.teamSvc.CreateTeam(fmt.Sprintf("team%v", i+1), "", orgID)
require.NoError(t, err)
err = svcs.teamSvc.AddTeamMember(user.ID, orgID, team.Id, false, models.PERMISSION_VIEW)
err = svcs.teamSvc.AddTeamMember(user.ID, orgID, team.ID, false, models.PERMISSION_VIEW)
require.NoError(t, err)
err = svcs.orgSvc.UpdateOrgUser(context.Background(),
&org.UpdateOrgUserCommand{Role: users[i].orgRole, OrgID: orgID, UserID: user.ID})
require.NoError(t, err)
res = append(res, dbUser{userID: user.ID, teamID: team.Id})
res = append(res, dbUser{userID: user.ID, teamID: team.ID})
}
return res

6
pkg/services/accesscontrol/ossaccesscontrol/permissions_services.go
View File

@ -53,9 +53,9 @@ func ProvideTeamPermissions(
return err
}
err = teamService.GetTeamById(context.Background(), &models.GetTeamByIdQuery{
OrgId: orgID,
Id: id,
_, err = teamService.GetTeamByID(context.Background(), &team.GetTeamByIDQuery{
OrgID: orgID,
ID: id,
})
if err != nil {
return err

2
pkg/services/accesscontrol/resourcepermissions/api_test.go
View File

@ -512,7 +512,7 @@ func seedPermissions(t *testing.T, resourceID string, sql *sqlstore.SQLStore, se
teamSvc := teamimpl.ProvideService(sql, sql.Cfg)
team, err := teamSvc.CreateTeam("test", "test@test.com", 1)
require.NoError(t, err)
_, err = service.SetTeamPermission(context.Background(), team.OrgId, team.Id, resourceID, "Edit")
_, err = service.SetTeamPermission(context.Background(), team.OrgID, team.ID, resourceID, "Edit")
require.NoError(t, err)
// seed user 1 with "View" permission on dashboard 1
orgSvc, err := orgimpl.ProvideService(sql, sql.Cfg, quotatest.New(false, nil))

2
pkg/services/accesscontrol/resourcepermissions/service.go
View File

@ -298,7 +298,7 @@ func (s *Service) validateTeam(ctx context.Context, orgID, teamID int64) error {
return ErrInvalidAssignment
}
if err := s.teamService.GetTeamById(ctx, &models.GetTeamByIdQuery{OrgId: orgID, Id: teamID}); err != nil {
if _, err := s.teamService.GetTeamByID(ctx, &team.GetTeamByIDQuery{OrgID: orgID, ID: teamID}); err != nil {
return err
}
return nil

2
pkg/services/accesscontrol/resourcepermissions/service_test.go
View File

@ -107,7 +107,7 @@ func TestService_SetTeamPermission(t *testing.T) {
}
}
_, err = service.SetTeamPermission(context.Background(), team.OrgId, team.Id, "1", "")
_, err = service.SetTeamPermission(context.Background(), team.OrgID, team.ID, "1", "")
require.NoError(t, err)
assert.Equal(t, tt.callHook, hookCalled)
})

4
pkg/services/accesscontrol/resourcepermissions/store.go
View File

@ -7,9 +7,9 @@ import (
"time"
"github.com/grafana/grafana/pkg/infra/db"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/team"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/util"
)
@ -89,7 +89,7 @@ func (s *store) SetTeamResourcePermission(
hook TeamResourceHookFunc,
) (*accesscontrol.ResourcePermission, error) {
if teamID == 0 {
return nil, models.ErrTeamNotFound
return nil, team.ErrTeamNotFound
}
var err error

2
pkg/services/accesscontrol/resourcepermissions/store_bench_test.go
View File

@ -153,7 +153,7 @@ func generateTeamsAndUsers(b *testing.B, db *sqlstore.SQLStore, users int) ([]in
teamEmail := fmt.Sprintf("%s@example.org", teamName)
team, err := teamSvc.CreateTeam(teamName, teamEmail, 1)
require.NoError(b, err)
teamId := team.Id
teamId := team.ID
teamIds = append(teamIds, teamId)
// Create team users

8
pkg/services/dashboards/database/acl_test.go
View File

@ -205,7 +205,7 @@ func TestIntegrationDashboardACLDataAccess(t *testing.T) {
err = updateDashboardACL(t, dashboardStore, savedFolder.Id, models.DashboardACL{
OrgID: 1,
TeamID: team1.Id,
TeamID: team1.ID,
DashboardID: savedFolder.Id,
Permission: models.PERMISSION_EDIT,
})
@ -216,7 +216,7 @@ func TestIntegrationDashboardACLDataAccess(t *testing.T) {
require.Nil(t, err)
require.Equal(t, savedFolder.Id, q1.Result[0].DashboardId)
require.Equal(t, models.PERMISSION_EDIT, q1.Result[0].Permission)
require.Equal(t, team1.Id, q1.Result[0].TeamId)
require.Equal(t, team1.ID, q1.Result[0].TeamId)
})
t.Run("Should be able to update an existing permission for a team", func(t *testing.T) {
@ -226,7 +226,7 @@ func TestIntegrationDashboardACLDataAccess(t *testing.T) {
require.Nil(t, err)
err = updateDashboardACL(t, dashboardStore, savedFolder.Id, models.DashboardACL{
OrgID: 1,
TeamID: team1.Id,
TeamID: team1.ID,
DashboardID: savedFolder.Id,
Permission: models.PERMISSION_ADMIN,
})
@ -238,7 +238,7 @@ func TestIntegrationDashboardACLDataAccess(t *testing.T) {
require.Equal(t, 1, len(q3.Result))
require.Equal(t, savedFolder.Id, q3.Result[0].DashboardId)
require.Equal(t, models.PERMISSION_ADMIN, q3.Result[0].Permission)
require.Equal(t, team1.Id, q3.Result[0].TeamId)
require.Equal(t, team1.ID, q3.Result[0].TeamId)
})
})

14
pkg/services/guardian/guardian.go
View File

@ -47,7 +47,7 @@ type dashboardGuardianImpl struct {
dashId int64
orgId int64
acl []*models.DashboardACLInfoDTO
teams []*models.TeamDTO
teams []*team.TeamDTO
log log.Logger
ctx context.Context
store db.DB
@ -244,7 +244,7 @@ func (g *dashboardGuardianImpl) checkACL(permission models.PermissionType, acl [
// evaluate team rules
for _, p := range acl {
for _, ug := range teams {
if ug.Id == p.TeamId && p.Permission >= permission {
if ug.ID == p.TeamId && p.Permission >= permission {
return true, nil
}
}
@ -349,16 +349,16 @@ func (g *dashboardGuardianImpl) GetACLWithoutDuplicates() ([]*models.DashboardAC
return result, nil
}
func (g *dashboardGuardianImpl) getTeams() ([]*models.TeamDTO, error) {
func (g *dashboardGuardianImpl) getTeams() ([]*team.TeamDTO, error) {
if g.teams != nil {
return g.teams, nil
}
query := models.GetTeamsByUserQuery{OrgId: g.orgId, UserId: g.user.UserID, SignedInUser: g.user}
err := g.teamService.GetTeamsByUser(g.ctx, &query)
query := team.GetTeamsByUserQuery{OrgID: g.orgId, UserID: g.user.UserID, SignedInUser: g.user}
queryResult, err := g.teamService.GetTeamsByUser(g.ctx, &query)
g.teams = query.Result
return query.Result, err
g.teams = queryResult
return queryResult, err
}
func (g *dashboardGuardianImpl) GetHiddenACL(cfg *setting.Cfg) ([]*models.DashboardACL, error) {

9
pkg/services/guardian/guardian_util_test.go
View File

@ -15,6 +15,7 @@ import (
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/team"
"github.com/grafana/grafana/pkg/services/team/teamtest"
"github.com/grafana/grafana/pkg/services/user"
)
@ -27,7 +28,7 @@ type scenarioContext struct {
givenUser *user.SignedInUser
givenDashboardID int64
givenPermissions []*models.DashboardACLInfoDTO
givenTeams []*models.TeamDTO
givenTeams []*team.TeamDTO
updatePermissions []*models.DashboardACL
expectedFlags permissionFlags
callerFile string
@ -103,11 +104,11 @@ func permissionScenario(desc string, dashboardID int64, sc *scenarioContext,
permissions []*models.DashboardACLInfoDTO, fn scenarioFunc) {
sc.t.Run(desc, func(t *testing.T) {
store := dbtest.NewFakeDB()
teams := []*models.TeamDTO{}
teams := []*team.TeamDTO{}
for _, p := range permissions {
if p.TeamId > 0 {
teams = append(teams, &models.TeamDTO{Id: p.TeamId})
teams = append(teams, &team.TeamDTO{ID: p.TeamId})
}
}
teamSvc := &teamtest.FakeService{ExpectedTeamsByUser: teams}
@ -246,7 +247,7 @@ func (sc *scenarioContext) reportFailure(desc string, expected interface{}, actu
}
for i, t := range sc.givenTeams {
buf.WriteString(fmt.Sprintf("\n Given team (%d): id=%d", i, t.Id))
buf.WriteString(fmt.Sprintf("\n Given team (%d): id=%d", i, t.ID))
}
for i, p := range sc.updatePermissions {

7
pkg/services/sqlstore/migrations/accesscontrol/test/ac_test.go
View File

@ -16,6 +16,7 @@ import (
acmig "github.com/grafana/grafana/pkg/services/sqlstore/migrations/accesscontrol"
"github.com/grafana/grafana/pkg/services/sqlstore/migrator"
"github.com/grafana/grafana/pkg/services/sqlstore/sqlutil"
"github.com/grafana/grafana/pkg/services/team"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/setting"
@ -315,16 +316,16 @@ func setupTeams(t *testing.T, x *xorm.Engine) {
require.Equal(t, int64(5), orgUsersCount, "needed 5 users for this test to run")
// Setup teams (and members)
teams := []models.Team{
teams := []team.Team{
{
OrgId: 1,
OrgID: 1,
Name: "teamOrg1",
Email: "teamorg1@example.org",
Created: now,
Updated: now,
},
{
OrgId: 2,
OrgID: 2,
Name: "teamOrg2",
Email: "teamorg2@example.org",
Created: now,

9
pkg/services/sqlstore/mockstore/mockstore.go
View File

@ -9,6 +9,7 @@ import (
"github.com/grafana/grafana/pkg/services/sqlstore"
"github.com/grafana/grafana/pkg/services/sqlstore/migrator"
"github.com/grafana/grafana/pkg/services/sqlstore/session"
"github.com/grafana/grafana/pkg/services/team"
"github.com/grafana/grafana/pkg/services/user"
)
@ -20,7 +21,7 @@ type SQLStoreMock struct {
LastGetAlertsQuery *models.GetAlertsQuery
ExpectedUser *user.User
ExpectedTeamsByUser []*models.TeamDTO
ExpectedTeamsByUser []*team.TeamDTO
ExpectedAlert *models.Alert
ExpectedSystemStats *models.SystemStats
ExpectedDataSourceStats []*models.DataSourceStats
@ -75,11 +76,11 @@ func (m *SQLStoreMock) GetUserProfile(ctx context.Context, query *user.GetUserPr
return m.ExpectedError
}
func (m *SQLStoreMock) CreateTeam(name string, email string, orgID int64) (models.Team, error) {
return models.Team{
func (m *SQLStoreMock) CreateTeam(name string, email string, orgID int64) (team.Team, error) {
return team.Team{
Name: name,
Email: email,
OrgId: orgID,
OrgID: orgID,
}, nil
}

54
pkg/models/team.go → pkg/services/team/model.go
View File

@ -1,9 +1,10 @@
package models
package team
import (
"errors"
"time"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/user"
)
@ -19,8 +20,8 @@ var (
// Team model
type Team struct {
Id int64 `json:"id"`
OrgId int64 `json:"orgId"`
ID int64 `json:"id" xorm:"pk autoincr 'id'"`
OrgID int64 `json:"orgId" xorm:"org_id"`
Name string `json:"name"`
Email string `json:"email"`
@ -34,29 +35,26 @@ type Team struct {
type CreateTeamCommand struct {
Name string `json:"name" binding:"Required"`
Email string `json:"email"`
OrgId int64 `json:"-"`
Result Team `json:"-"`
OrgID int64 `json:"-"`
}
type UpdateTeamCommand struct {
Id int64
ID int64
Name string
Email string
OrgId int64 `json:"-"`
OrgID int64 `json:"-"`
}
type DeleteTeamCommand struct {
OrgId int64
Id int64
OrgID int64
ID int64
}
type GetTeamByIdQuery struct {
OrgId int64
Id int64
type GetTeamByIDQuery struct {
OrgID int64
ID int64
SignedInUser *user.SignedInUser
HiddenUsers map[string]struct{}
Result *TeamDTO
UserIdFilter int64
}
@ -64,9 +62,8 @@ type GetTeamByIdQuery struct {
const FilterIgnoreUser int64 = 0
type GetTeamsByUserQuery struct {
OrgId int64
UserId int64 `json:"userId"`
Result []*TeamDTO `json:"teams"`
OrgID int64
UserID int64 `json:"userId"`
SignedInUser *user.SignedInUser
}
@ -75,23 +72,21 @@ type SearchTeamsQuery struct {
Name string
Limit int
Page int
OrgId int64
UserIdFilter int64
OrgID int64 `xorm:"org_id"`
UserIDFilter int64 `xorm:"user_id_filter"`
SignedInUser *user.SignedInUser
HiddenUsers map[string]struct{}
Result SearchTeamQueryResult
}
type TeamDTO struct {
Id int64 `json:"id"`
OrgId int64 `json:"orgId"`
Name string `json:"name"`
Email string `json:"email"`
AvatarUrl string `json:"avatarUrl"`
MemberCount int64 `json:"memberCount"`
Permission PermissionType `json:"permission"`
AccessControl map[string]bool `json:"accessControl"`
ID int64 `json:"id" xorm:"id"`
OrgID int64 `json:"orgId" xorm:"org_id"`
Name string `json:"name"`
Email string `json:"email"`
AvatarURL string `json:"avatarUrl"`
MemberCount int64 `json:"memberCount"`
Permission models.PermissionType `json:"permission"`
AccessControl map[string]bool `json:"accessControl"`
}
type SearchTeamQueryResult struct {
@ -103,5 +98,4 @@ type SearchTeamQueryResult struct {
type IsAdminOfTeamsQuery struct {
SignedInUser *user.SignedInUser
Result bool
}

14
pkg/services/team/team.go
View File

@ -7,17 +7,17 @@ import (
)
type Service interface {
CreateTeam(name, email string, orgID int64) (models.Team, error)
UpdateTeam(ctx context.Context, cmd *models.UpdateTeamCommand) error
DeleteTeam(ctx context.Context, cmd *models.DeleteTeamCommand) error
SearchTeams(ctx context.Context, query *models.SearchTeamsQuery) error
GetTeamById(ctx context.Context, query *models.GetTeamByIdQuery) error
GetTeamsByUser(ctx context.Context, query *models.GetTeamsByUserQuery) error
CreateTeam(name, email string, orgID int64) (Team, error)
UpdateTeam(ctx context.Context, cmd *UpdateTeamCommand) error
DeleteTeam(ctx context.Context, cmd *DeleteTeamCommand) error
SearchTeams(ctx context.Context, query *SearchTeamsQuery) (SearchTeamQueryResult, error)
GetTeamByID(ctx context.Context, query *GetTeamByIDQuery) (*TeamDTO, error)
GetTeamsByUser(ctx context.Context, query *GetTeamsByUserQuery) ([]*TeamDTO, error)
AddTeamMember(userID, orgID, teamID int64, isExternal bool, permission models.PermissionType) error
UpdateTeamMember(ctx context.Context, cmd *models.UpdateTeamMemberCommand) error
IsTeamMember(orgId int64, teamId int64, userId int64) (bool, error)
RemoveTeamMember(ctx context.Context, cmd *models.RemoveTeamMemberCommand) error
GetUserTeamMemberships(ctx context.Context, orgID, userID int64, external bool) ([]*models.TeamMemberDTO, error)
GetTeamMembers(ctx context.Context, query *models.GetTeamMembersQuery) error
IsAdminOfTeams(ctx context.Context, query *models.IsAdminOfTeamsQuery) error
IsAdminOfTeams(ctx context.Context, query *IsAdminOfTeamsQuery) (bool, error)
}

138
pkg/services/team/teamimpl/store.go
View File

@ -10,24 +10,25 @@ import (
"github.com/grafana/grafana/pkg/infra/db"
"github.com/grafana/grafana/pkg/models"
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/team"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/setting"
)
type store interface {
Create(name, email string, orgID int64) (models.Team, error)
Update(ctx context.Context, cmd *models.UpdateTeamCommand) error
Delete(ctx context.Context, cmd *models.DeleteTeamCommand) error
Search(ctx context.Context, query *models.SearchTeamsQuery) error
GetById(ctx context.Context, query *models.GetTeamByIdQuery) error
GetByUser(ctx context.Context, query *models.GetTeamsByUserQuery) error
Create(name, email string, orgID int64) (team.Team, error)
Update(ctx context.Context, cmd *team.UpdateTeamCommand) error
Delete(ctx context.Context, cmd *team.DeleteTeamCommand) error
Search(ctx context.Context, query *team.SearchTeamsQuery) (team.SearchTeamQueryResult, error)
GetByID(ctx context.Context, query *team.GetTeamByIDQuery) (*team.TeamDTO, error)
GetByUser(ctx context.Context, query *team.GetTeamsByUserQuery) ([]*team.TeamDTO, error)
AddMember(userID, orgID, teamID int64, isExternal bool, permission models.PermissionType) error
UpdateMember(ctx context.Context, cmd *models.UpdateTeamMemberCommand) error
IsMember(orgId int64, teamId int64, userId int64) (bool, error)
RemoveMember(ctx context.Context, cmd *models.RemoveTeamMemberCommand) error
GetMemberships(ctx context.Context, orgID, userID int64, external bool) ([]*models.TeamMemberDTO, error)
GetMembers(ctx context.Context, query *models.GetTeamMembersQuery) error
IsAdmin(ctx context.Context, query *models.IsAdminOfTeamsQuery) error
IsAdmin(ctx context.Context, query *team.IsAdminOfTeamsQuery) (bool, error)
}
type xormStore struct {
@ -85,11 +86,11 @@ func getTeamSelectWithPermissionsSQLBase(db db.DB, filteredUsers []string) strin
INNER JOIN team_member ON team.id = team_member.team_id AND team_member.user_id = ? `
}
func (ss *xormStore) Create(name, email string, orgID int64) (models.Team, error) {
team := models.Team{
func (ss *xormStore) Create(name, email string, orgID int64) (team.Team, error) {
t := team.Team{
Name: name,
Email: email,
OrgId: orgID,
OrgID: orgID,
Created: time.Now(),
Updated: time.Now(),
}
@ -97,24 +98,24 @@ func (ss *xormStore) Create(name, email string, orgID int64) (models.Team, error
if isNameTaken, err := isTeamNameTaken(orgID, name, 0, sess); err != nil {
return err
} else if isNameTaken {
return models.ErrTeamNameTaken
return team.ErrTeamNameTaken
}
_, err := sess.Insert(&team)
_, err := sess.Insert(&t)
return err
})
return team, err
return t, err
}
func (ss *xormStore) Update(ctx context.Context, cmd *models.UpdateTeamCommand) error {
func (ss *xormStore) Update(ctx context.Context, cmd *team.UpdateTeamCommand) error {
return ss.db.WithTransactionalDbSession(ctx, func(sess *db.Session) error {
if isNameTaken, err := isTeamNameTaken(cmd.OrgId, cmd.Name, cmd.Id, sess); err != nil {
if isNameTaken, err := isTeamNameTaken(cmd.OrgID, cmd.Name, cmd.ID, sess); err != nil {
return err
} else if isNameTaken {
return models.ErrTeamNameTaken
return team.ErrTeamNameTaken
}
team := models.Team{
t := team.Team{
Name: cmd.Name,
Email: cmd.Email,
Updated: time.Now(),
@ -122,14 +123,14 @@ func (ss *xormStore) Update(ctx context.Context, cmd *models.UpdateTeamCommand)
sess.MustCols("email")
affectedRows, err := sess.ID(cmd.Id).Update(&team)
affectedRows, err := sess.ID(cmd.ID).Update(&t)
if err != nil {
return err
}
if affectedRows == 0 {
return models.ErrTeamNotFound
return team.ErrTeamNotFound
}
return nil
@ -137,9 +138,9 @@ func (ss *xormStore) Update(ctx context.Context, cmd *models.UpdateTeamCommand)
}
// DeleteTeam will delete a team, its member and any permissions connected to the team
func (ss *xormStore) Delete(ctx context.Context, cmd *models.DeleteTeamCommand) error {
func (ss *xormStore) Delete(ctx context.Context, cmd *team.DeleteTeamCommand) error {
return ss.db.WithTransactionalDbSession(ctx, func(sess *db.Session) error {
if _, err := teamExists(cmd.OrgId, cmd.Id, sess); err != nil {
if _, err := teamExists(cmd.OrgID, cmd.ID, sess); err != nil {
return err
}
@ -151,13 +152,13 @@ func (ss *xormStore) Delete(ctx context.Context, cmd *models.DeleteTeamCommand)
}
for _, sql := range deletes {
_, err := sess.Exec(sql, cmd.OrgId, cmd.Id)
_, err := sess.Exec(sql, cmd.OrgID, cmd.ID)
if err != nil {
return err
}
}
_, err := sess.Exec("DELETE FROM permission WHERE scope=?", ac.Scope("teams", "id", fmt.Sprint(cmd.Id)))
_, err := sess.Exec("DELETE FROM permission WHERE scope=?", ac.Scope("teams", "id", fmt.Sprint(cmd.ID)))
return err
})
@ -167,31 +168,31 @@ func teamExists(orgID int64, teamID int64, sess *db.Session) (bool, error) {
if res, err := sess.Query("SELECT 1 from team WHERE org_id=? and id=?", orgID, teamID); err != nil {
return false, err
} else if len(res) != 1 {
return false, models.ErrTeamNotFound
return false, team.ErrTeamNotFound
}
return true, nil
}
func isTeamNameTaken(orgId int64, name string, existingId int64, sess *db.Session) (bool, error) {
var team models.Team
var team team.Team
exists, err := sess.Where("org_id=? and name=?", orgId, name).Get(&team)
if err != nil {
return false, nil
}
if exists && existingId != team.Id {
if exists && existingId != team.ID {
return true, nil
}
return false, nil
}
func (ss *xormStore) Search(ctx context.Context, query *models.SearchTeamsQuery) error {
return ss.db.WithDbSession(ctx, func(sess *db.Session) error {
query.Result = models.SearchTeamQueryResult{
Teams: make([]*models.TeamDTO, 0),
}
func (ss *xormStore) Search(ctx context.Context, query *team.SearchTeamsQuery) (team.SearchTeamQueryResult, error) {
queryResult := team.SearchTeamQueryResult{
Teams: make([]*team.TeamDTO, 0),
}
err := ss.db.WithDbSession(ctx, func(sess *db.Session) error {
queryWithWildcards := "%" + query.Query + "%"
var sql bytes.Buffer
@ -202,15 +203,15 @@ func (ss *xormStore) Search(ctx context.Context, query *models.SearchTeamsQuery)
params = append(params, user)
}
if query.UserIdFilter == models.FilterIgnoreUser {
if query.UserIDFilter == team.FilterIgnoreUser {
sql.WriteString(getTeamSelectSQLBase(ss.db, filteredUsers))
} else {
sql.WriteString(getTeamSelectWithPermissionsSQLBase(ss.db, filteredUsers))
params = append(params, query.UserIdFilter)
params = append(params, query.UserIDFilter)
}
sql.WriteString(` WHERE team.org_id = ?`)
params = append(params, query.OrgId)
params = append(params, query.OrgID)
if query.Query != "" {
sql.WriteString(` and team.name ` + ss.db.GetDialect().LikeStr() + ` ?`)
@ -242,13 +243,13 @@ func (ss *xormStore) Search(ctx context.Context, query *models.SearchTeamsQuery)
sql.WriteString(ss.db.GetDialect().LimitOffset(int64(query.Limit), int64(offset)))
}
if err := sess.SQL(sql.String(), params...).Find(&query.Result.Teams); err != nil {
if err := sess.SQL(sql.String(), params...).Find(&queryResult.Teams); err != nil {
return err
}
team := models.Team{}
t := team.Team{}
countSess := sess.Table("team")
countSess.Where("team.org_id=?", query.OrgId)
countSess.Where("team.org_id=?", query.OrgID)
if query.Query != "" {
countSess.Where(`name `+ss.db.GetDialect().LikeStr()+` ?`, queryWithWildcards)
@ -259,7 +260,7 @@ func (ss *xormStore) Search(ctx context.Context, query *models.SearchTeamsQuery)
}
// If we're not retrieving all results, then only search for teams that this user has access to
if query.UserIdFilter != models.FilterIgnoreUser {
if query.UserIDFilter != team.FilterIgnoreUser {
countSess.
Where(`
team.id IN (
@ -267,7 +268,7 @@ func (ss *xormStore) Search(ctx context.Context, query *models.SearchTeamsQuery)
team_id
FROM team_member
WHERE team_member.user_id = ?
)`, query.UserIdFilter)
)`, query.UserIDFilter)
}
// Only count teams user can see
@ -275,15 +276,20 @@ func (ss *xormStore) Search(ctx context.Context, query *models.SearchTeamsQuery)
countSess.Where(acFilter.Where, acFilter.Args...)
}
count, err := countSess.Count(&team)
query.Result.TotalCount = count
count, err := countSess.Count(&t)
queryResult.TotalCount = count
return err
})
if err != nil {
return team.SearchTeamQueryResult{}, err
}
return queryResult, nil
}
func (ss *xormStore) GetById(ctx context.Context, query *models.GetTeamByIdQuery) error {
return ss.db.WithDbSession(ctx, func(sess *db.Session) error {
func (ss *xormStore) GetByID(ctx context.Context, query *team.GetTeamByIDQuery) (*team.TeamDTO, error) {
var queryResult *team.TeamDTO
err := ss.db.WithDbSession(ctx, func(sess *db.Session) error {
var sql bytes.Buffer
params := make([]interface{}, 0)
@ -293,38 +299,41 @@ func (ss *xormStore) GetById(ctx context.Context, query *models.GetTeamByIdQuery
params = append(params, user)
}
if query.UserIdFilter != models.FilterIgnoreUser {
if query.UserIdFilter != team.FilterIgnoreUser {
sql.WriteString(` INNER JOIN team_member ON team.id = team_member.team_id AND team_member.user_id = ?`)
params = append(params, query.UserIdFilter)
}
sql.WriteString(` WHERE team.org_id = ? and team.id = ?`)
params = append(params, query.OrgId, query.Id)
params = append(params, query.OrgID, query.ID)
var team models.TeamDTO
exists, err := sess.SQL(sql.String(), params...).Get(&team)
var t team.TeamDTO
exists, err := sess.SQL(sql.String(), params...).Get(&t)
if err != nil {
return err
}
if !exists {
return models.ErrTeamNotFound
return team.ErrTeamNotFound
}
query.Result = &team
queryResult = &t
return nil
})
if err != nil {
return nil, err
}
return queryResult, nil
}
// GetTeamsByUser is used by the Guardian when checking a users' permissions
func (ss *xormStore) GetByUser(ctx context.Context, query *models.GetTeamsByUserQuery) error {
return ss.db.WithDbSession(ctx, func(sess *db.Session) error {
query.Result = make([]*models.TeamDTO, 0)
func (ss *xormStore) GetByUser(ctx context.Context, query *team.GetTeamsByUserQuery) ([]*team.TeamDTO, error) {
queryResult := make([]*team.TeamDTO, 0)
err := ss.db.WithDbSession(ctx, func(sess *db.Session) error {
var sql bytes.Buffer
var params []interface{}
params = append(params, query.OrgId, query.UserId)
params = append(params, query.OrgID, query.UserID)
sql.WriteString(getTeamSelectSQLBase(ss.db, []string{}))
sql.WriteString(` INNER JOIN team_member on team.id = team_member.team_id`)
@ -339,9 +348,13 @@ func (ss *xormStore) GetByUser(ctx context.Context, query *models.GetTeamsByUser
params = append(params, acFilter.Args...)
}
err := sess.SQL(sql.String(), params...).Find(&query.Result)
err := sess.SQL(sql.String(), params...).Find(&queryResult)
return err
})
if err != nil {
return nil, err
}
return queryResult, nil
}
// AddTeamMember adds a user to a team
@ -366,7 +379,7 @@ func getTeamMember(sess *db.Session, orgId int64, teamId int64, userId int64) (m
return member, err
}
if !exists {
return member, models.ErrTeamMemberNotFound
return member, team.ErrTeamMemberNotFound
}
return member, nil
@ -477,7 +490,7 @@ func removeTeamMember(sess *db.Session, cmd *models.RemoveTeamMemberCommand) err
}
rows, err := res.RowsAffected()
if rows == 0 {
return models.ErrTeamMemberNotFound
return team.ErrTeamMemberNotFound
}
return err
@ -570,8 +583,9 @@ func (ss *xormStore) getTeamMembers(ctx context.Context, query *models.GetTeamMe
})
}
func (ss *xormStore) IsAdmin(ctx context.Context, query *models.IsAdminOfTeamsQuery) error {
return ss.db.WithDbSession(ctx, func(sess *db.Session) error {
func (ss *xormStore) IsAdmin(ctx context.Context, query *team.IsAdminOfTeamsQuery) (bool, error) {
var queryResult bool
err := ss.db.WithDbSession(ctx, func(sess *db.Session) error {
sql := "SELECT COUNT(team.id) AS count FROM team INNER JOIN team_member ON team_member.team_id = team.id WHERE team.org_id = ? AND team_member.user_id = ? AND team_member.permission = ?"
params := []interface{}{query.SignedInUser.OrgID, query.SignedInUser.UserID, models.PERMISSION_ADMIN}
@ -584,8 +598,12 @@ func (ss *xormStore) IsAdmin(ctx context.Context, query *models.IsAdminOfTeamsQu
return err
}
query.Result = len(resp) > 0 && resp[0].Count > 0
queryResult = len(resp) > 0 && resp[0].Count > 0
return nil
})
if err != nil {
return false, err
}
return queryResult, nil
}

206
pkg/services/team/teamimpl/store_test.go
View File

@ -17,6 +17,7 @@ import (
"github.com/grafana/grafana/pkg/services/quota/quotaimpl"
"github.com/grafana/grafana/pkg/services/serviceaccounts"
"github.com/grafana/grafana/pkg/services/sqlstore"
"github.com/grafana/grafana/pkg/services/team"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/services/user/userimpl"
)
@ -47,7 +48,7 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
t.Run("Given saved users and two teams", func(t *testing.T) {
var userIds []int64
const testOrgID int64 = 1
var team1, team2 models.Team
var team1, team2 team.Team
var usr *user.User
var userCmd user.CreateUserCommand
var err error
@ -71,55 +72,55 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
setup()
t.Run("Should be able to create teams and add users", func(t *testing.T) {
query := &models.SearchTeamsQuery{OrgId: testOrgID, Name: "group1 name", Page: 1, Limit: 10, SignedInUser: testUser}
err = teamSvc.SearchTeams(context.Background(), query)
query := &team.SearchTeamsQuery{OrgID: testOrgID, Name: "group1 name", Page: 1, Limit: 10, SignedInUser: testUser}
queryResult, err := teamSvc.SearchTeams(context.Background(), query)
require.NoError(t, err)
require.Equal(t, query.Page, 1)
team1 := query.Result.Teams[0]
team1 := queryResult.Teams[0]
require.Equal(t, team1.Name, "group1 name")
require.Equal(t, team1.Email, "test1@test.com")
require.Equal(t, team1.OrgId, testOrgID)
require.Equal(t, team1.OrgID, testOrgID)
require.EqualValues(t, team1.MemberCount, 0)
err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.Id, false, 0)
err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.ID, false, 0)
require.NoError(t, err)
err = teamSvc.AddTeamMember(userIds[1], testOrgID, team1.Id, true, 0)
err = teamSvc.AddTeamMember(userIds[1], testOrgID, team1.ID, true, 0)
require.NoError(t, err)
q1 := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team1.Id, SignedInUser: testUser}
q1 := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team1.ID, SignedInUser: testUser}
err = teamSvc.GetTeamMembers(context.Background(), q1)
require.NoError(t, err)
require.Equal(t, 2, len(q1.Result))
require.Equal(t, q1.Result[0].TeamId, team1.Id)
require.Equal(t, q1.Result[0].TeamId, team1.ID)
require.Equal(t, q1.Result[0].Login, "loginuser0")
require.Equal(t, q1.Result[0].OrgId, testOrgID)
require.Equal(t, q1.Result[1].TeamId, team1.Id)
require.Equal(t, q1.Result[1].TeamId, team1.ID)
require.Equal(t, q1.Result[1].Login, "loginuser1")
require.Equal(t, q1.Result[1].OrgId, testOrgID)
require.Equal(t, q1.Result[1].External, true)
q2 := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team1.Id, External: true, SignedInUser: testUser}
q2 := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team1.ID, External: true, SignedInUser: testUser}
err = teamSvc.GetTeamMembers(context.Background(), q2)
require.NoError(t, err)
require.Equal(t, len(q2.Result), 1)
require.Equal(t, q2.Result[0].TeamId, team1.Id)
require.Equal(t, q2.Result[0].TeamId, team1.ID)
require.Equal(t, q2.Result[0].Login, "loginuser1")
require.Equal(t, q2.Result[0].OrgId, testOrgID)
require.Equal(t, q2.Result[0].External, true)
err = teamSvc.SearchTeams(context.Background(), query)
queryResult, err = teamSvc.SearchTeams(context.Background(), query)
require.NoError(t, err)
team1 = query.Result.Teams[0]
team1 = queryResult.Teams[0]
require.EqualValues(t, team1.MemberCount, 2)
getTeamQuery := &models.GetTeamByIdQuery{OrgId: testOrgID, Id: team1.Id, SignedInUser: testUser}
err = teamSvc.GetTeamById(context.Background(), getTeamQuery)
getTeamQuery := &team.GetTeamByIDQuery{OrgID: testOrgID, ID: team1.ID, SignedInUser: testUser}
getTeamQueryResult, err := teamSvc.GetTeamByID(context.Background(), getTeamQuery)
require.NoError(t, err)
team1 = getTeamQuery.Result
team1 = getTeamQueryResult
require.Equal(t, team1.Name, "group1 name")
require.Equal(t, team1.Email, "test1@test.com")
require.Equal(t, team1.OrgId, testOrgID)
require.Equal(t, team1.OrgID, testOrgID)
require.EqualValues(t, team1.MemberCount, 2)
})
@ -128,21 +129,21 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
setup()
userId := userIds[1]
teamQuery := &models.SearchTeamsQuery{OrgId: testOrgID, Name: "group1 name", Page: 1, Limit: 10, SignedInUser: testUser}
err = teamSvc.SearchTeams(context.Background(), teamQuery)
teamQuery := &team.SearchTeamsQuery{OrgID: testOrgID, Name: "group1 name", Page: 1, Limit: 10, SignedInUser: testUser}
teamQueryResult, err := teamSvc.SearchTeams(context.Background(), teamQuery)
require.NoError(t, err)
require.Equal(t, teamQuery.Page, 1)
team1 := teamQuery.Result.Teams[0]
team1 := teamQueryResult.Teams[0]
err = teamSvc.AddTeamMember(userId, testOrgID, team1.Id, true, 0)
err = teamSvc.AddTeamMember(userId, testOrgID, team1.ID, true, 0)
require.NoError(t, err)
memberQuery := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team1.Id, External: true, SignedInUser: testUser}
memberQuery := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team1.ID, External: true, SignedInUser: testUser}
err = teamSvc.GetTeamMembers(context.Background(), memberQuery)
require.NoError(t, err)
require.Equal(t, len(memberQuery.Result), 1)
require.Equal(t, memberQuery.Result[0].TeamId, team1.Id)
require.Equal(t, memberQuery.Result[0].TeamId, team1.ID)
require.Equal(t, memberQuery.Result[0].Login, "loginuser1")
require.Equal(t, memberQuery.Result[0].OrgId, testOrgID)
require.Equal(t, memberQuery.Result[0].External, true)
@ -151,10 +152,10 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
t.Run("Should be able to update users in a team", func(t *testing.T) {
userId := userIds[0]
team := team1
err = teamSvc.AddTeamMember(userId, testOrgID, team.Id, false, 0)
err = teamSvc.AddTeamMember(userId, testOrgID, team.ID, false, 0)
require.NoError(t, err)
qBeforeUpdate := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team.Id, SignedInUser: testUser}
qBeforeUpdate := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team.ID, SignedInUser: testUser}
err = teamSvc.GetTeamMembers(context.Background(), qBeforeUpdate)
require.NoError(t, err)
require.EqualValues(t, qBeforeUpdate.Result[0].Permission, 0)
@ -162,13 +163,13 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
err = teamSvc.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{
UserId: userId,
OrgId: testOrgID,
TeamId: team.Id,
TeamId: team.ID,
Permission: models.PERMISSION_ADMIN,
})
require.NoError(t, err)
qAfterUpdate := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team.Id, SignedInUser: testUser}
qAfterUpdate := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team.ID, SignedInUser: testUser}
err = teamSvc.GetTeamMembers(context.Background(), qAfterUpdate)
require.NoError(t, err)
require.Equal(t, qAfterUpdate.Result[0].Permission, models.PERMISSION_ADMIN)
@ -179,10 +180,10 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
setup()
userID := userIds[0]
team := team1
err = teamSvc.AddTeamMember(userID, testOrgID, team.Id, false, 0)
err = teamSvc.AddTeamMember(userID, testOrgID, team.ID, false, 0)
require.NoError(t, err)
qBeforeUpdate := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team.Id, SignedInUser: testUser}
qBeforeUpdate := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team.ID, SignedInUser: testUser}
err = teamSvc.GetTeamMembers(context.Background(), qBeforeUpdate)
require.NoError(t, err)
require.EqualValues(t, qBeforeUpdate.Result[0].Permission, 0)
@ -191,13 +192,13 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
err = teamSvc.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{
UserId: userID,
OrgId: testOrgID,
TeamId: team.Id,
TeamId: team.ID,
Permission: invalidPermissionLevel,
})
require.NoError(t, err)
qAfterUpdate := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team.Id, SignedInUser: testUser}
qAfterUpdate := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team.ID, SignedInUser: testUser}
err = teamSvc.GetTeamMembers(context.Background(), qAfterUpdate)
require.NoError(t, err)
require.EqualValues(t, qAfterUpdate.Result[0].Permission, 0)
@ -209,72 +210,73 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
err = teamSvc.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{
UserId: 1,
OrgId: testOrgID,
TeamId: team1.Id,
TeamId: team1.ID,
Permission: models.PERMISSION_ADMIN,
})
require.Error(t, err, models.ErrTeamMemberNotFound)
require.Error(t, err, team.ErrTeamMemberNotFound)
})
t.Run("Should be able to search for teams", func(t *testing.T) {
query := &models.SearchTeamsQuery{OrgId: testOrgID, Query: "group", Page: 1, SignedInUser: testUser}
err = teamSvc.SearchTeams(context.Background(), query)
query := &team.SearchTeamsQuery{OrgID: testOrgID, Query: "group", Page: 1, SignedInUser: testUser}
queryResult, err := teamSvc.SearchTeams(context.Background(), query)
require.NoError(t, err)
require.Equal(t, len(query.Result.Teams), 2)
require.EqualValues(t, query.Result.TotalCount, 2)
require.Equal(t, len(queryResult.Teams), 2)
require.EqualValues(t, queryResult.TotalCount, 2)
query2 := &models.SearchTeamsQuery{OrgId: testOrgID, Query: "", SignedInUser: testUser}
err = teamSvc.SearchTeams(context.Background(), query2)
query2 := &team.SearchTeamsQuery{OrgID: testOrgID, Query: "", SignedInUser: testUser}
require.Equal(t, len(queryResult.Teams), 2)
query2Result, err := teamSvc.SearchTeams(context.Background(), query2)
require.NoError(t, err)
require.Equal(t, len(query2.Result.Teams), 2)
require.Equal(t, len(query2Result.Teams), 2)
})
t.Run("Should be able to return all teams a user is member of", func(t *testing.T) {
sqlStore = db.InitTestDB(t)
setup()
groupId := team2.Id
groupId := team2.ID
err := teamSvc.AddTeamMember(userIds[0], testOrgID, groupId, false, 0)
require.NoError(t, err)
query := &models.GetTeamsByUserQuery{
OrgId: testOrgID,
UserId: userIds[0],
query := &team.GetTeamsByUserQuery{
OrgID: testOrgID,
UserID: userIds[0],
SignedInUser: &user.SignedInUser{
OrgID: testOrgID,
Permissions: map[int64]map[string][]string{testOrgID: {ac.ActionOrgUsersRead: {ac.ScopeUsersAll}, ac.ActionTeamsRead: {ac.ScopeTeamsAll}}},
},
}
err = teamSvc.GetTeamsByUser(context.Background(), query)
queryResult, err := teamSvc.GetTeamsByUser(context.Background(), query)
require.NoError(t, err)
require.Equal(t, len(query.Result), 1)
require.Equal(t, query.Result[0].Name, "group2 name")
require.Equal(t, query.Result[0].Email, "test2@test.com")
require.Equal(t, len(queryResult), 1)
require.Equal(t, queryResult[0].Name, "group2 name")
require.Equal(t, queryResult[0].Email, "test2@test.com")
})
t.Run("Should be able to remove users from a group", func(t *testing.T) {
err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.Id, false, 0)
err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.ID, false, 0)
require.NoError(t, err)
err = teamSvc.RemoveTeamMember(context.Background(), &models.RemoveTeamMemberCommand{OrgId: testOrgID, TeamId: team1.Id, UserId: userIds[0]})
err = teamSvc.RemoveTeamMember(context.Background(), &models.RemoveTeamMemberCommand{OrgId: testOrgID, TeamId: team1.ID, UserId: userIds[0]})
require.NoError(t, err)
q2 := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team1.Id, SignedInUser: testUser}
q2 := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team1.ID, SignedInUser: testUser}
err = teamSvc.GetTeamMembers(context.Background(), q2)
require.NoError(t, err)
require.Equal(t, len(q2.Result), 0)
})
t.Run("Should have empty teams", func(t *testing.T) {
err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.Id, false, models.PERMISSION_ADMIN)
err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.ID, false, models.PERMISSION_ADMIN)
require.NoError(t, err)
t.Run("A user should be able to remove the admin permission for the last admin", func(t *testing.T) {
err = teamSvc.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{OrgId: testOrgID, TeamId: team1.Id, UserId: userIds[0], Permission: 0})
err = teamSvc.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{OrgId: testOrgID, TeamId: team1.ID, UserId: userIds[0], Permission: 0})
require.NoError(t, err)
})
t.Run("A user should be able to remove the last member", func(t *testing.T) {
err = teamSvc.RemoveTeamMember(context.Background(), &models.RemoveTeamMemberCommand{OrgId: testOrgID, TeamId: team1.Id, UserId: userIds[0]})
err = teamSvc.RemoveTeamMember(context.Background(), &models.RemoveTeamMemberCommand{OrgId: testOrgID, TeamId: team1.ID, UserId: userIds[0]})
require.NoError(t, err)
})
@ -282,32 +284,32 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
sqlStore = db.InitTestDB(t)
setup()
err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.Id, false, models.PERMISSION_ADMIN)
err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.ID, false, models.PERMISSION_ADMIN)
require.NoError(t, err)
err = teamSvc.AddTeamMember(userIds[1], testOrgID, team1.Id, false, models.PERMISSION_ADMIN)
err = teamSvc.AddTeamMember(userIds[1], testOrgID, team1.ID, false, models.PERMISSION_ADMIN)
require.NoError(t, err)
err = teamSvc.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{OrgId: testOrgID, TeamId: team1.Id, UserId: userIds[0], Permission: 0})
err = teamSvc.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{OrgId: testOrgID, TeamId: team1.ID, UserId: userIds[0], Permission: 0})
require.NoError(t, err)
})
})
t.Run("Should be able to remove a group with users and permissions", func(t *testing.T) {
groupId := team2.Id
err := teamSvc.AddTeamMember(userIds[1], testOrgID, groupId, false, 0)
groupID := team2.ID
err := teamSvc.AddTeamMember(userIds[1], testOrgID, groupID, false, 0)
require.NoError(t, err)
err = teamSvc.AddTeamMember(userIds[2], testOrgID, groupId, false, 0)
err = teamSvc.AddTeamMember(userIds[2], testOrgID, groupID, false, 0)
require.NoError(t, err)
err = updateDashboardACL(t, sqlStore, 1, &models.DashboardACL{
DashboardID: 1, OrgID: testOrgID, Permission: models.PERMISSION_EDIT, TeamID: groupId,
DashboardID: 1, OrgID: testOrgID, Permission: models.PERMISSION_EDIT, TeamID: groupID,
})
require.NoError(t, err)
err = teamSvc.DeleteTeam(context.Background(), &models.DeleteTeamCommand{OrgId: testOrgID, Id: groupId})
err = teamSvc.DeleteTeam(context.Background(), &team.DeleteTeamCommand{OrgID: testOrgID, ID: groupID})
require.NoError(t, err)
query := &models.GetTeamByIdQuery{OrgId: testOrgID, Id: groupId}
err = teamSvc.GetTeamById(context.Background(), query)
require.Equal(t, err, models.ErrTeamNotFound)
query := &team.GetTeamByIDQuery{OrgID: testOrgID, ID: groupID}
_, err = teamSvc.GetTeamByID(context.Background(), query)
require.Equal(t, err, team.ErrTeamNotFound)
permQuery := &models.GetDashboardACLInfoListQuery{DashboardID: 1, OrgID: testOrgID}
err = getDashboardACLInfoList(sqlStore, permQuery)
@ -319,21 +321,21 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
t.Run("Should be able to return if user is admin of teams or not", func(t *testing.T) {
sqlStore = db.InitTestDB(t)
setup()
groupId := team2.Id
groupId := team2.ID
err := teamSvc.AddTeamMember(userIds[0], testOrgID, groupId, false, 0)
require.NoError(t, err)
err = teamSvc.AddTeamMember(userIds[1], testOrgID, groupId, false, models.PERMISSION_ADMIN)
require.NoError(t, err)
query := &models.IsAdminOfTeamsQuery{SignedInUser: &user.SignedInUser{OrgID: testOrgID, UserID: userIds[0]}}
err = teamSvc.IsAdminOfTeams(context.Background(), query)
query := &team.IsAdminOfTeamsQuery{SignedInUser: &user.SignedInUser{OrgID: testOrgID, UserID: userIds[0]}}
queryResult, err := teamSvc.IsAdminOfTeams(context.Background(), query)
require.NoError(t, err)
require.False(t, query.Result)
require.False(t, queryResult)
query = &models.IsAdminOfTeamsQuery{SignedInUser: &user.SignedInUser{OrgID: testOrgID, UserID: userIds[1]}}
err = teamSvc.IsAdminOfTeams(context.Background(), query)
query = &team.IsAdminOfTeamsQuery{SignedInUser: &user.SignedInUser{OrgID: testOrgID, UserID: userIds[1]}}
queryResult, err = teamSvc.IsAdminOfTeams(context.Background(), query)
require.NoError(t, err)
require.True(t, query.Result)
require.True(t, queryResult)
})
t.Run("Should not return hidden users in team member count", func(t *testing.T) {
@ -351,7 +353,7 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
}
hiddenUsers := map[string]struct{}{"loginuser0": {}, "loginuser1": {}}
teamId := team1.Id
teamId := team1.ID
err = teamSvc.AddTeamMember(userIds[0], testOrgID, teamId, false, 0)
require.NoError(t, err)
err = teamSvc.AddTeamMember(userIds[1], testOrgID, teamId, false, 0)
@ -359,24 +361,24 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
err = teamSvc.AddTeamMember(userIds[2], testOrgID, teamId, false, 0)
require.NoError(t, err)
searchQuery := &models.SearchTeamsQuery{OrgId: testOrgID, Page: 1, Limit: 10, SignedInUser: signedInUser, HiddenUsers: hiddenUsers}
err = teamSvc.SearchTeams(context.Background(), searchQuery)
searchQuery := &team.SearchTeamsQuery{OrgID: testOrgID, Page: 1, Limit: 10, SignedInUser: signedInUser, HiddenUsers: hiddenUsers}
searchQueryResult, err := teamSvc.SearchTeams(context.Background(), searchQuery)
require.NoError(t, err)
require.Equal(t, len(searchQuery.Result.Teams), 2)
team1 := searchQuery.Result.Teams[0]
require.Equal(t, len(searchQueryResult.Teams), 2)
team1 := searchQueryResult.Teams[0]
require.EqualValues(t, team1.MemberCount, 2)
searchQueryFilteredByUser := &models.SearchTeamsQuery{OrgId: testOrgID, Page: 1, Limit: 10, UserIdFilter: userIds[0], SignedInUser: signedInUser, HiddenUsers: hiddenUsers}
err = teamSvc.SearchTeams(context.Background(), searchQueryFilteredByUser)
searchQueryFilteredByUser := &team.SearchTeamsQuery{OrgID: testOrgID, Page: 1, Limit: 10, UserIDFilter: userIds[0], SignedInUser: signedInUser, HiddenUsers: hiddenUsers}
searchQueryFilteredByUserResult, err := teamSvc.SearchTeams(context.Background(), searchQueryFilteredByUser)
require.NoError(t, err)
require.Equal(t, len(searchQueryFilteredByUser.Result.Teams), 1)
team1 = searchQuery.Result.Teams[0]
require.Equal(t, len(searchQueryFilteredByUserResult.Teams), 1)
team1 = searchQueryResult.Teams[0]
require.EqualValues(t, team1.MemberCount, 2)
getTeamQuery := &models.GetTeamByIdQuery{OrgId: testOrgID, Id: teamId, SignedInUser: signedInUser, HiddenUsers: hiddenUsers}
err = teamSvc.GetTeamById(context.Background(), getTeamQuery)
getTeamQuery := &team.GetTeamByIDQuery{OrgID: testOrgID, ID: teamId, SignedInUser: signedInUser, HiddenUsers: hiddenUsers}
getTeamQueryResult, err := teamSvc.GetTeamByID(context.Background(), getTeamQuery)
require.NoError(t, err)
require.EqualValues(t, getTeamQuery.Result.MemberCount, 2)
require.EqualValues(t, getTeamQueryResult.MemberCount, 2)
})
t.Run("Should be able to exclude service accounts from teamembers", func(t *testing.T) {
@ -396,7 +398,7 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
serviceAccount, err := userSvc.CreateUserForTests(context.Background(), &userCmd)
require.NoError(t, err)
groupId := team2.Id
groupId := team2.ID
// add service account to team
err = teamSvc.AddTeamMember(serviceAccount.ID, testOrgID, groupId, false, 0)
require.NoError(t, err)
@ -425,15 +427,15 @@ func TestIntegrationSQLStore_SearchTeams(t *testing.T) {
}
type searchTeamsTestCase struct {
desc string
query *models.SearchTeamsQuery
query *team.SearchTeamsQuery
expectedNumUsers int
}
tests := []searchTeamsTestCase{
{
desc: "should return all teams",
query: &models.SearchTeamsQuery{
OrgId: 1,
query: &team.SearchTeamsQuery{
OrgID: 1,
SignedInUser: &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{1: {ac.ActionTeamsRead: {ac.ScopeTeamsAll}}},
@ -443,8 +445,8 @@ func TestIntegrationSQLStore_SearchTeams(t *testing.T) {
},
{
desc: "should return no teams",
query: &models.SearchTeamsQuery{
OrgId: 1,
query: &team.SearchTeamsQuery{
OrgID: 1,
SignedInUser: &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{1: {ac.ActionTeamsRead: {""}}},
@ -454,8 +456,8 @@ func TestIntegrationSQLStore_SearchTeams(t *testing.T) {
},
{
desc: "should return some teams",
query: &models.SearchTeamsQuery{
OrgId: 1,
query: &team.SearchTeamsQuery{
OrgID: 1,
SignedInUser: &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{1: {ac.ActionTeamsRead: {
@ -480,14 +482,14 @@ func TestIntegrationSQLStore_SearchTeams(t *testing.T) {
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
err := teamSvc.SearchTeams(context.Background(), tt.query)
queryResult, err := teamSvc.SearchTeams(context.Background(), tt.query)
require.NoError(t, err)
assert.Len(t, tt.query.Result.Teams, tt.expectedNumUsers)
assert.Equal(t, tt.query.Result.TotalCount, int64(tt.expectedNumUsers))
assert.Len(t, queryResult.Teams, tt.expectedNumUsers)
assert.Equal(t, queryResult.TotalCount, int64(tt.expectedNumUsers))
if !hasWildcardScope(tt.query.SignedInUser, ac.ActionTeamsRead) {
for _, team := range tt.query.Result.Teams {
assert.Contains(t, tt.query.SignedInUser.Permissions[tt.query.SignedInUser.OrgID][ac.ActionTeamsRead], fmt.Sprintf("teams:id:%d", team.Id))
for _, team := range queryResult.Teams {
assert.Contains(t, tt.query.SignedInUser.Permissions[tt.query.SignedInUser.OrgID][ac.ActionTeamsRead], fmt.Sprintf("teams:id:%d", team.ID))
}
}
})
@ -527,13 +529,13 @@ func TestIntegrationSQLStore_GetTeamMembers_ACFilter(t *testing.T) {
userIds[i] = user.ID
}
errAddMember := teamSvc.AddTeamMember(userIds[0], testOrgID, team1.Id, false, 0)
errAddMember := teamSvc.AddTeamMember(userIds[0], testOrgID, team1.ID, false, 0)
require.NoError(t, errAddMember)
errAddMember = teamSvc.AddTeamMember(userIds[1], testOrgID, team1.Id, false, 0)
errAddMember = teamSvc.AddTeamMember(userIds[1], testOrgID, team1.ID, false, 0)
require.NoError(t, errAddMember)
errAddMember = teamSvc.AddTeamMember(userIds[2], testOrgID, team2.Id, false, 0)
errAddMember = teamSvc.AddTeamMember(userIds[2], testOrgID, team2.ID, false, 0)
require.NoError(t, errAddMember)
errAddMember = teamSvc.AddTeamMember(userIds[3], testOrgID, team2.Id, false, 0)
errAddMember = teamSvc.AddTeamMember(userIds[3], testOrgID, team2.ID, false, 0)
require.NoError(t, errAddMember)
}

16
pkg/services/team/teamimpl/team.go
View File

@ -17,27 +17,27 @@ func ProvideService(db db.DB, cfg *setting.Cfg) team.Service {
return &Service{store: &xormStore{db: db, cfg: cfg}}
}
func (s *Service) CreateTeam(name, email string, orgID int64) (models.Team, error) {
func (s *Service) CreateTeam(name, email string, orgID int64) (team.Team, error) {
return s.store.Create(name, email, orgID)
}
func (s *Service) UpdateTeam(ctx context.Context, cmd *models.UpdateTeamCommand) error {
func (s *Service) UpdateTeam(ctx context.Context, cmd *team.UpdateTeamCommand) error {
return s.store.Update(ctx, cmd)
}
func (s *Service) DeleteTeam(ctx context.Context, cmd *models.DeleteTeamCommand) error {
func (s *Service) DeleteTeam(ctx context.Context, cmd *team.DeleteTeamCommand) error {
return s.store.Delete(ctx, cmd)
}
func (s *Service) SearchTeams(ctx context.Context, query *models.SearchTeamsQuery) error {
func (s *Service) SearchTeams(ctx context.Context, query *team.SearchTeamsQuery) (team.SearchTeamQueryResult, error) {
return s.store.Search(ctx, query)
}
func (s *Service) GetTeamById(ctx context.Context, query *models.GetTeamByIdQuery) error {
return s.store.GetById(ctx, query)
func (s *Service) GetTeamByID(ctx context.Context, query *team.GetTeamByIDQuery) (*team.TeamDTO, error) {
return s.store.GetByID(ctx, query)
}
func (s *Service) GetTeamsByUser(ctx context.Context, query *models.GetTeamsByUserQuery) error {
func (s *Service) GetTeamsByUser(ctx context.Context, query *team.GetTeamsByUserQuery) ([]*team.TeamDTO, error) {
return s.store.GetByUser(ctx, query)
}
@ -65,6 +65,6 @@ func (s *Service) GetTeamMembers(ctx context.Context, query *models.GetTeamMembe
return s.store.GetMembers(ctx, query)
}
func (s *Service) IsAdminOfTeams(ctx context.Context, query *models.IsAdminOfTeamsQuery) error {
func (s *Service) IsAdminOfTeams(ctx context.Context, query *team.IsAdminOfTeamsQuery) (bool, error) {
return s.store.IsAdmin(ctx, query)
}

31
pkg/services/team/teamtest/team.go
View File

@ -4,13 +4,14 @@ import (
"context"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/team"
)
type FakeService struct {
ExpectedTeam models.Team
ExpectedTeam team.Team
ExpectedIsMember bool
ExpectedTeamDTO *models.TeamDTO
ExpectedTeamsByUser []*models.TeamDTO
ExpectedTeamDTO *team.TeamDTO
ExpectedTeamsByUser []*team.TeamDTO
ExpectedMembers []*models.TeamMemberDTO
ExpectedError error
}
@ -19,30 +20,28 @@ func NewFakeService() *FakeService {
return &FakeService{}
}
func (s *FakeService) CreateTeam(name, email string, orgID int64) (models.Team, error) {
func (s *FakeService) CreateTeam(name, email string, orgID int64) (team.Team, error) {
return s.ExpectedTeam, s.ExpectedError
}
func (s *FakeService) UpdateTeam(ctx context.Context, cmd *models.UpdateTeamCommand) error {
func (s *FakeService) UpdateTeam(ctx context.Context, cmd *team.UpdateTeamCommand) error {
return s.ExpectedError
}
func (s *FakeService) DeleteTeam(ctx context.Context, cmd *models.DeleteTeamCommand) error {
func (s *FakeService) DeleteTeam(ctx context.Context, cmd *team.DeleteTeamCommand) error {
return s.ExpectedError
}
func (s *FakeService) SearchTeams(ctx context.Context, query *models.SearchTeamsQuery) error {
return s.ExpectedError
func (s *FakeService) SearchTeams(ctx context.Context, query *team.SearchTeamsQuery) (team.SearchTeamQueryResult, error) {
return team.SearchTeamQueryResult{}, s.ExpectedError
}
func (s *FakeService) GetTeamById(ctx context.Context, query *models.GetTeamByIdQuery) error {
query.Result = s.ExpectedTeamDTO
return s.ExpectedError
func (s *FakeService) GetTeamByID(ctx context.Context, query *team.GetTeamByIDQuery) (*team.TeamDTO, error) {
return s.ExpectedTeamDTO, s.ExpectedError
}
func (s *FakeService) GetTeamsByUser(ctx context.Context, query *models.GetTeamsByUserQuery) error {
query.Result = s.ExpectedTeamsByUser
return s.ExpectedError
func (s *FakeService) GetTeamsByUser(ctx context.Context, query *team.GetTeamsByUserQuery) ([]*team.TeamDTO, error) {
return s.ExpectedTeamsByUser, s.ExpectedError
}
func (s *FakeService) AddTeamMember(userID, orgID, teamID int64, isExternal bool, permission models.PermissionType) error {
@ -69,6 +68,6 @@ func (s *FakeService) GetTeamMembers(ctx context.Context, query *models.GetTeamM
return s.ExpectedError
}
func (s *FakeService) IsAdminOfTeams(ctx context.Context, query *models.IsAdminOfTeamsQuery) error {
return s.ExpectedError
func (s *FakeService) IsAdminOfTeams(ctx context.Context, query *team.IsAdminOfTeamsQuery) (bool, error) {
return false, s.ExpectedError
}

5
pkg/services/teamguardian/manager/service.go
View File

@ -5,6 +5,7 @@ import (
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/team"
"github.com/grafana/grafana/pkg/services/teamguardian"
"github.com/grafana/grafana/pkg/services/user"
)
@ -23,7 +24,7 @@ func (s *Service) CanAdmin(ctx context.Context, orgId int64, teamId int64, user
}
if user.OrgID != orgId {
return models.ErrNotAllowedToUpdateTeamInDifferentOrg
return team.ErrNotAllowedToUpdateTeamInDifferentOrg
}
cmd := models.GetTeamMembersQuery{
@ -44,7 +45,7 @@ func (s *Service) CanAdmin(ctx context.Context, orgId int64, teamId int64, user
}
}
return models.ErrNotAllowedToUpdateTeam
return team.ErrNotAllowedToUpdateTeam
}
func (s *Service) DeleteByUser(ctx context.Context, userID int64) error {

33
pkg/services/teamguardian/manager/service_test.go
View File

@ -6,6 +6,7 @@ import (
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/team"
"github.com/grafana/grafana/pkg/services/teamguardian/database"
"github.com/grafana/grafana/pkg/services/user"
"github.com/stretchr/testify/mock"
@ -27,17 +28,17 @@ func TestUpdateTeam(t *testing.T) {
OrgID: 1,
OrgRole: org.RoleEditor,
}
testTeam := models.Team{
Id: 1,
OrgId: 1,
testTeam := team.Team{
ID: 1,
OrgID: 1,
}
t.Run("Given an editor and a team he isn't a member of", func(t *testing.T) {
t.Run("Should not be able to update the team", func(t *testing.T) {
ctx := context.Background()
store.On("GetTeamMembers", ctx, mock.Anything).Return([]*models.TeamMemberDTO{}, nil).Once()
err := teamGuardianService.CanAdmin(ctx, testTeam.OrgId, testTeam.Id, &editor)
require.Equal(t, models.ErrNotAllowedToUpdateTeam, err)
err := teamGuardianService.CanAdmin(ctx, testTeam.OrgID, testTeam.ID, &editor)
require.Equal(t, team.ErrNotAllowedToUpdateTeam, err)
})
})
@ -46,14 +47,14 @@ func TestUpdateTeam(t *testing.T) {
ctx := context.Background()
result := []*models.TeamMemberDTO{{
OrgId: testTeam.OrgId,
TeamId: testTeam.Id,
OrgId: testTeam.OrgID,
TeamId: testTeam.ID,
UserId: editor.UserID,
Permission: models.PERMISSION_ADMIN,
}}
store.On("GetTeamMembers", ctx, mock.Anything).Return(result, nil).Once()
err := teamGuardianService.CanAdmin(ctx, testTeam.OrgId, testTeam.Id, &editor)
err := teamGuardianService.CanAdmin(ctx, testTeam.OrgID, testTeam.ID, &editor)
require.NoError(t, err)
})
})
@ -61,28 +62,28 @@ func TestUpdateTeam(t *testing.T) {
t.Run("Given an editor and a team in another org", func(t *testing.T) {
ctx := context.Background()
testTeamOtherOrg := models.Team{
Id: 1,
OrgId: 2,
testTeamOtherOrg := team.Team{
ID: 1,
OrgID: 2,
}
t.Run("Shouldn't be able to update the team", func(t *testing.T) {
result := []*models.TeamMemberDTO{{
OrgId: testTeamOtherOrg.OrgId,
TeamId: testTeamOtherOrg.Id,
OrgId: testTeamOtherOrg.OrgID,
TeamId: testTeamOtherOrg.ID,
UserId: editor.UserID,
Permission: models.PERMISSION_ADMIN,
}}
store.On("GetTeamMembers", ctx, mock.Anything).Return(result, nil).Once()
err := teamGuardianService.CanAdmin(ctx, testTeamOtherOrg.OrgId, testTeamOtherOrg.Id, &editor)
require.Equal(t, models.ErrNotAllowedToUpdateTeamInDifferentOrg, err)
err := teamGuardianService.CanAdmin(ctx, testTeamOtherOrg.OrgID, testTeamOtherOrg.ID, &editor)
require.Equal(t, team.ErrNotAllowedToUpdateTeamInDifferentOrg, err)
})
})
t.Run("Given an org admin and a team", func(t *testing.T) {
t.Run("Should be able to update the team", func(t *testing.T) {
err := teamGuardianService.CanAdmin(context.Background(), testTeam.OrgId, testTeam.Id, &admin)
err := teamGuardianService.CanAdmin(context.Background(), testTeam.OrgID, testTeam.ID, &admin)
require.NoError(t, err)
})
})

15
pkg/services/user/userimpl/user.go
View File

@ -9,7 +9,6 @@ import (
"github.com/grafana/grafana/pkg/infra/db"
"github.com/grafana/grafana/pkg/infra/localcache"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/models/roletype"
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/org"
@ -271,19 +270,19 @@ func (s *Service) GetSignedInUser(ctx context.Context, query *user.GetSignedInUs
},
},
}
getTeamsByUserQuery := &models.GetTeamsByUserQuery{
OrgId: signedInUser.OrgID,
UserId: signedInUser.UserID,
getTeamsByUserQuery := &team.GetTeamsByUserQuery{
OrgID: signedInUser.OrgID,
UserID: signedInUser.UserID,
SignedInUser: tempUser,
}
err = s.teamService.GetTeamsByUser(ctx, getTeamsByUserQuery)
getTeamsByUserQueryResult, err := s.teamService.GetTeamsByUser(ctx, getTeamsByUserQuery)
if err != nil {
return nil, err
}
signedInUser.Teams = make([]int64, len(getTeamsByUserQuery.Result))
for i, t := range getTeamsByUserQuery.Result {
signedInUser.Teams[i] = t.Id
signedInUser.Teams = make([]int64, len(getTeamsByUserQueryResult))
for i, t := range getTeamsByUserQueryResult {
signedInUser.Teams[i] = t.ID
}
return signedInUser, err
}