IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Rename Acl to ACL (#52342)

Browse Source 
* Rename Acl to ACL

* Fix yaml files

* Add xorm tags and fix test
This commit is contained in:
idafurjes 2022-07-18 15:14:58 +02:00 committed by GitHub
parent 8ff152f98f
commit f5cace8bbd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
48 changed files with 397 additions and 395 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/api/alerting_test.go
View File

@ -26,7 +26,7 @@ var (
)
type setUpConf struct {
aclMockResp []*models.DashboardAclInfoDTO
aclMockResp []*models.DashboardACLInfoDTO
}
type mockSearchService struct{ ExpectedResult models.HitList }
@ -43,7 +43,7 @@ func setUp(confs ...setUpConf) *HTTPServer {
hs := &HTTPServer{SQLStore: store, SearchService: &mockSearchService{}}
store.ExpectedAlert = singleAlert
aclMockResp := []*models.DashboardAclInfoDTO{}
aclMockResp := []*models.DashboardACLInfoDTO{}
for _, c := range confs {
if c.aclMockResp != nil {
aclMockResp = c.aclMockResp
@ -51,8 +51,8 @@ func setUp(confs ...setUpConf) *HTTPServer {
}
store.ExpectedTeamsByUser = []*models.TeamDTO{}
dashSvc := &dashboards.FakeDashboardService{}
dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardAclInfoListQuery)
dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardACLInfoListQuery)
q.Result = aclMockResp
}).Return(nil)
guardian.InitLegacyGuardian(store, dashSvc)
@ -84,7 +84,7 @@ func TestAlertingAPIEndpoint(t *testing.T) {
postAlertScenario(t, hs, "When calling POST on", "/api/alerts/1/pause", "/api/alerts/:alertId/pause",
models.ROLE_EDITOR, cmd, func(sc *scenarioContext) {
setUp(setUpConf{
aclMockResp: []*models.DashboardAclInfoDTO{
aclMockResp: []*models.DashboardACLInfoDTO{
{Role: &viewerRole, Permission: models.PERMISSION_VIEW},
{Role: &editorRole, Permission: models.PERMISSION_EDIT},
},

6
pkg/api/annotations_test.go
View File

@ -1003,9 +1003,9 @@ func setUpACL() {
store := mockstore.NewSQLStoreMock()
store.ExpectedTeamsByUser = []*models.TeamDTO{}
dashSvc := &dashboards.FakeDashboardService{}
dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardAclInfoListQuery)
q.Result = []*models.DashboardAclInfoDTO{
dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardACLInfoListQuery)
q.Result = []*models.DashboardACLInfoDTO{
{Role: &viewerRole, Permission: models.PERMISSION_VIEW},
{Role: &editorRole, Permission: models.PERMISSION_EDIT},
}

2
pkg/api/dashboard.go
View File

@ -133,7 +133,7 @@ func (hs *HTTPServer) GetDashboard(c *models.ReqContext) response.Response {
UpdatedBy: updater,
CreatedBy: creator,
Version: dash.Version,
HasAcl: dash.HasAcl,
HasACL: dash.HasACL,
IsFolder: dash.IsFolder,
FolderId: dash.FolderId,
Url: dash.GetUrl(),

20
pkg/api/dashboard_permission.go
View File

@ -46,7 +46,7 @@ func (hs *HTTPServer) GetDashboardPermissionList(c *models.ReqContext) response.
return response.Error(500, "Failed to get dashboard permissions", err)
}
filteredAcls := make([]*models.DashboardAclInfoDTO, 0, len(acl))
filteredACLs := make([]*models.DashboardACLInfoDTO, 0, len(acl))
for _, perm := range acl {
if perm.UserId > 0 && dtos.IsHiddenUser(perm.UserLogin, c.SignedInUser, hs.Cfg) {
continue
@ -61,16 +61,16 @@ func (hs *HTTPServer) GetDashboardPermissionList(c *models.ReqContext) response.
perm.Url = models.GetDashboardFolderUrl(perm.IsFolder, perm.Uid, perm.Slug)
}
filteredAcls = append(filteredAcls, perm)
filteredACLs = append(filteredACLs, perm)
}
return response.JSON(http.StatusOK, filteredAcls)
return response.JSON(http.StatusOK, filteredACLs)
}
func (hs *HTTPServer) UpdateDashboardPermissions(c *models.ReqContext) response.Response {
var dashID int64
var err error
apiCmd := dtos.UpdateDashboardAclCommand{}
apiCmd := dtos.UpdateDashboardACLCommand{}
if err := web.Bind(c.Req, &apiCmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
@ -100,9 +100,9 @@ func (hs *HTTPServer) UpdateDashboardPermissions(c *models.ReqContext) response.
return dashboardGuardianResponse(err)
}
var items []*models.DashboardAcl
var items []*models.DashboardACL
for _, item := range apiCmd.Items {
items = append(items, &models.DashboardAcl{
items = append(items, &models.DashboardACL{
OrgID: c.OrgId,
DashboardID: dashID,
UserID: item.UserID,
@ -133,7 +133,7 @@ func (hs *HTTPServer) UpdateDashboardPermissions(c *models.ReqContext) response.
}
if !hs.AccessControl.IsDisabled() {
old, err := g.GetAcl()
old, err := g.GetACL()
if err != nil {
return response.Error(500, "Error while checking dashboard permissions", err)
}
@ -144,7 +144,7 @@ func (hs *HTTPServer) UpdateDashboardPermissions(c *models.ReqContext) response.
}
if err := hs.DashboardService.UpdateDashboardACL(c.Req.Context(), dashID, items); err != nil {
if errors.Is(err, models.ErrDashboardAclInfoMissing) ||
if errors.Is(err, models.ErrDashboardACLInfoMissing) ||
errors.Is(err, models.ErrDashboardPermissionDashboardEmpty) {
return response.Error(409, err.Error(), err)
}
@ -155,7 +155,7 @@ func (hs *HTTPServer) UpdateDashboardPermissions(c *models.ReqContext) response.
}
// updateDashboardAccessControl is used for api backward compatibility
func (hs *HTTPServer) updateDashboardAccessControl(ctx context.Context, orgID int64, uid string, isFolder bool, items []*models.DashboardAcl, old []*models.DashboardAclInfoDTO) error {
func (hs *HTTPServer) updateDashboardAccessControl(ctx context.Context, orgID int64, uid string, isFolder bool, items []*models.DashboardACL, old []*models.DashboardACLInfoDTO) error {
commands := []accesscontrol.SetResourcePermissionCommand{}
for _, item := range items {
permissions := item.Permission.String()
@ -216,7 +216,7 @@ func (hs *HTTPServer) updateDashboardAccessControl(ctx context.Context, orgID in
return nil
}
func validatePermissionsUpdate(apiCmd dtos.UpdateDashboardAclCommand) error {
func validatePermissionsUpdate(apiCmd dtos.UpdateDashboardACLCommand) error {
for _, item := range apiCmd.Items {
if item.UserID > 0 && item.TeamID > 0 {
return models.ErrPermissionsWithUserAndTeamNotAllowed

48
pkg/api/dashboard_permission_test.go
View File

@ -58,8 +58,8 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) {
assert.Equal(t, 403, sc.resp.Code)
}, mockSQLStore)
cmd := dtos.UpdateDashboardAclCommand{
Items: []dtos.DashboardAclUpdateItem{
cmd := dtos.UpdateDashboardACLCommand{
Items: []dtos.DashboardACLUpdateItem{
{UserID: 1000, Permission: models.PERMISSION_ADMIN},
},
}
@ -86,7 +86,7 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) {
guardian.MockDashboardGuardian(&guardian.FakeDashboardGuardian{
CanAdminValue: true,
CheckPermissionBeforeUpdateValue: true,
GetAclValue: []*models.DashboardAclInfoDTO{
GetACLValue: []*models.DashboardACLInfoDTO{
{OrgId: 1, DashboardId: 1, UserId: 2, Permission: models.PERMISSION_VIEW},
{OrgId: 1, DashboardId: 1, UserId: 3, Permission: models.PERMISSION_EDIT},
{OrgId: 1, DashboardId: 1, UserId: 4, Permission: models.PERMISSION_ADMIN},
@ -100,7 +100,7 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) {
callGetDashboardPermissions(sc, hs)
assert.Equal(t, 200, sc.resp.Code)
var resp []*models.DashboardAclInfoDTO
var resp []*models.DashboardACLInfoDTO
err := json.Unmarshal(sc.resp.Body.Bytes(), &resp)
require.NoError(t, err)
@ -109,8 +109,8 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) {
assert.Equal(t, models.PERMISSION_VIEW, resp[0].Permission)
}, mockSQLStore)
cmd := dtos.UpdateDashboardAclCommand{
Items: []dtos.DashboardAclUpdateItem{
cmd := dtos.UpdateDashboardACLCommand{
Items: []dtos.DashboardACLUpdateItem{
{UserID: 1000, Permission: models.PERMISSION_ADMIN},
},
}
@ -138,8 +138,8 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) {
CheckPermissionBeforeUpdateValue: true,
})
cmd := dtos.UpdateDashboardAclCommand{
Items: []dtos.DashboardAclUpdateItem{
cmd := dtos.UpdateDashboardACLCommand{
Items: []dtos.DashboardACLUpdateItem{
{UserID: 1000, TeamID: 1, Permission: models.PERMISSION_ADMIN},
},
}
@ -170,8 +170,8 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) {
CheckPermissionBeforeUpdateError: guardian.ErrGuardianPermissionExists,
})
cmd := dtos.UpdateDashboardAclCommand{
Items: []dtos.DashboardAclUpdateItem{
cmd := dtos.UpdateDashboardACLCommand{
Items: []dtos.DashboardACLUpdateItem{
{UserID: 1000, Permission: models.PERMISSION_ADMIN},
},
}
@ -190,14 +190,14 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) {
t.Run("When trying to update team or user permissions with a role", func(t *testing.T) {
role := models.ROLE_EDITOR
cmds := []dtos.UpdateDashboardAclCommand{
cmds := []dtos.UpdateDashboardACLCommand{
{
Items: []dtos.DashboardAclUpdateItem{
Items: []dtos.DashboardACLUpdateItem{
{UserID: 1000, Permission: models.PERMISSION_ADMIN, Role: &role},
},
},
{
Items: []dtos.DashboardAclUpdateItem{
Items: []dtos.DashboardACLUpdateItem{
{TeamID: 1000, Permission: models.PERMISSION_ADMIN, Role: &role},
},
},
@ -232,8 +232,8 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) {
CheckPermissionBeforeUpdateError: guardian.ErrGuardianOverride},
)
cmd := dtos.UpdateDashboardAclCommand{
Items: []dtos.DashboardAclUpdateItem{
cmd := dtos.UpdateDashboardACLCommand{
Items: []dtos.DashboardACLUpdateItem{
{UserID: 1000, Permission: models.PERMISSION_ADMIN},
},
}
@ -262,19 +262,19 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) {
})
mockSQLStore := mockstore.NewSQLStoreMock()
var resp []*models.DashboardAclInfoDTO
var resp []*models.DashboardACLInfoDTO
loggedInUserScenarioWithRole(t, "When calling GET on", "GET", "/api/dashboards/id/1/permissions",
"/api/dashboards/id/:dashboardId/permissions", models.ROLE_ADMIN, func(sc *scenarioContext) {
setUp()
guardian.MockDashboardGuardian(&guardian.FakeDashboardGuardian{
CanAdminValue: true,
CheckPermissionBeforeUpdateValue: true,
GetAclValue: []*models.DashboardAclInfoDTO{
GetACLValue: []*models.DashboardACLInfoDTO{
{OrgId: 1, DashboardId: 1, UserId: 2, UserLogin: "hiddenUser", Permission: models.PERMISSION_VIEW},
{OrgId: 1, DashboardId: 1, UserId: 3, UserLogin: testUserLogin, Permission: models.PERMISSION_EDIT},
{OrgId: 1, DashboardId: 1, UserId: 4, UserLogin: "user_1", Permission: models.PERMISSION_ADMIN},
},
GetHiddenAclValue: []*models.DashboardAcl{
GetHiddenACLValue: []*models.DashboardACL{
{OrgID: 1, DashboardID: 1, UserID: 2, Permission: models.PERMISSION_VIEW},
},
})
@ -292,22 +292,22 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) {
assert.Equal(t, models.PERMISSION_ADMIN, resp[1].Permission)
}, mockSQLStore)
cmd := dtos.UpdateDashboardAclCommand{
Items: []dtos.DashboardAclUpdateItem{
cmd := dtos.UpdateDashboardACLCommand{
Items: []dtos.DashboardACLUpdateItem{
{UserID: 1000, Permission: models.PERMISSION_ADMIN},
},
}
for _, acl := range resp {
cmd.Items = append(cmd.Items, dtos.DashboardAclUpdateItem{
cmd.Items = append(cmd.Items, dtos.DashboardACLUpdateItem{
UserID: acl.UserId,
Permission: acl.Permission,
})
}
assert.Len(t, cmd.Items, 3)
var numOfItems []*models.DashboardAcl
var numOfItems []*models.DashboardACL
dashboardStore.On("UpdateDashboardACL", mock.Anything, mock.Anything, mock.Anything).Run(func(args mock.Arguments) {
items := args.Get(2).([]*models.DashboardAcl)
items := args.Get(2).([]*models.DashboardACL)
numOfItems = items
}).Return(nil).Once()
updateDashboardPermissionScenario(t, updatePermissionContext{
@ -339,7 +339,7 @@ type updatePermissionContext struct {
desc string
url string
routePattern string
cmd dtos.UpdateDashboardAclCommand
cmd dtos.UpdateDashboardACLCommand
fn scenarioFunc
}

8
pkg/api/dashboard_snapshot_test.go
View File

@ -69,7 +69,7 @@ func TestDashboardSnapshotAPIEndpoint_singleSnapshot(t *testing.T) {
sc.handlerFunc = hs.DeleteDashboardSnapshot
dashSvc := dashboards.NewFakeDashboardService(t)
dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Return(nil).Maybe()
dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Return(nil).Maybe()
guardian.InitLegacyGuardian(sc.sqlStore, dashSvc)
sc.fakeReqWithParams("DELETE", sc.url, map[string]string{"key": "12345"}).exec()
@ -106,9 +106,9 @@ func TestDashboardSnapshotAPIEndpoint_singleSnapshot(t *testing.T) {
t.Run("When user is editor and dashboard has default ACL", func(t *testing.T) {
dashSvc := &dashboards.FakeDashboardService{}
dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardAclInfoListQuery)
q.Result = []*models.DashboardAclInfoDTO{
dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardACLInfoListQuery)
q.Result = []*models.DashboardACLInfoDTO{
{Role: &viewerRole, Permission: models.PERMISSION_VIEW},
{Role: &editorRole, Permission: models.PERMISSION_EDIT},
}

58
pkg/api/dashboard_test.go
View File

@ -123,7 +123,7 @@ func TestDashboardAPIEndpoint(t *testing.T) {
fakeDash := models.NewDashboard("Child dash")
fakeDash.Id = 1
fakeDash.FolderId = 1
fakeDash.HasAcl = false
fakeDash.HasACL = false
fakeDashboardVersionService := dashvertest.NewDashboardVersionServiceFake()
fakeDashboardVersionService.ExpectedDashboardVersion = &dashver.DashboardVersion{}
dashboardService := dashboards.NewFakeDashboardService(t)
@ -147,9 +147,9 @@ func TestDashboardAPIEndpoint(t *testing.T) {
setUp := func() {
viewerRole := models.ROLE_VIEWER
editorRole := models.ROLE_EDITOR
dashboardService.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardAclInfoListQuery)
q.Result = []*models.DashboardAclInfoDTO{
dashboardService.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardACLInfoListQuery)
q.Result = []*models.DashboardACLInfoDTO{
{Role: &viewerRole, Permission: models.PERMISSION_VIEW},
{Role: &editorRole, Permission: models.PERMISSION_EDIT},
}
@ -229,7 +229,7 @@ func TestDashboardAPIEndpoint(t *testing.T) {
fakeDash := models.NewDashboard("Child dash")
fakeDash.Id = 1
fakeDash.FolderId = 1
fakeDash.HasAcl = true
fakeDash.HasACL = true
fakeDashboardVersionService := dashvertest.NewDashboardVersionServiceFake()
fakeDashboardVersionService.ExpectedDashboardVersion = &dashver.DashboardVersion{}
dashboardService := dashboards.NewFakeDashboardService(t)
@ -237,9 +237,9 @@ func TestDashboardAPIEndpoint(t *testing.T) {
q := args.Get(1).(*models.GetDashboardQuery)
q.Result = fakeDash
}).Return(nil)
dashboardService.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardAclInfoListQuery)
q.Result = []*models.DashboardAclInfoDTO{
dashboardService.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardACLInfoListQuery)
q.Result = []*models.DashboardACLInfoDTO{
{
DashboardId: 1,
Permission: models.PERMISSION_EDIT,
@ -368,9 +368,9 @@ func TestDashboardAPIEndpoint(t *testing.T) {
setting.ViewersCanEdit = false
dashboardService := dashboards.NewFakeDashboardService(t)
dashboardService.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardAclInfoListQuery)
q.Result = []*models.DashboardAclInfoDTO{
dashboardService.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardACLInfoListQuery)
q.Result = []*models.DashboardACLInfoDTO{
{OrgId: 1, DashboardId: 2, UserId: 1, Permission: models.PERMISSION_EDIT},
}
}).Return(nil)
@ -430,9 +430,9 @@ func TestDashboardAPIEndpoint(t *testing.T) {
setting.ViewersCanEdit = true
dashboardService := dashboards.NewFakeDashboardService(t)
dashboardService.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardAclInfoListQuery)
q.Result = []*models.DashboardAclInfoDTO{
dashboardService.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardACLInfoListQuery)
q.Result = []*models.DashboardACLInfoDTO{
{OrgId: 1, DashboardId: 2, UserId: 1, Permission: models.PERMISSION_VIEW},
}
}).Return(nil)
@ -470,9 +470,9 @@ func TestDashboardAPIEndpoint(t *testing.T) {
setting.ViewersCanEdit = true
dashboardService := dashboards.NewFakeDashboardService(t)
dashboardService.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardAclInfoListQuery)
q.Result = []*models.DashboardAclInfoDTO{
dashboardService.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardACLInfoListQuery)
q.Result = []*models.DashboardACLInfoDTO{
{OrgId: 1, DashboardId: 2, UserId: 1, Permission: models.PERMISSION_ADMIN},
}
}).Return(nil)
@ -523,9 +523,9 @@ func TestDashboardAPIEndpoint(t *testing.T) {
setUpInner := func() {
dashboardService := dashboards.NewFakeDashboardService(t)
dashboardService.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardAclInfoListQuery)
q.Result = []*models.DashboardAclInfoDTO{
dashboardService.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardACLInfoListQuery)
q.Result = []*models.DashboardACLInfoDTO{
{OrgId: 1, DashboardId: 2, UserId: 1, Permission: models.PERMISSION_VIEW},
}
}).Return(nil)
@ -568,12 +568,12 @@ func TestDashboardAPIEndpoint(t *testing.T) {
dashOne := models.NewDashboard("dash")
dashOne.Id = 2
dashOne.FolderId = 1
dashOne.HasAcl = false
dashOne.HasACL = false
dashTwo := models.NewDashboard("dash")
dashTwo.Id = 4
dashTwo.FolderId = 3
dashTwo.HasAcl = false
dashTwo.HasACL = false
})
t.Run("Post dashboard response tests", func(t *testing.T) {
@ -740,7 +740,7 @@ func TestDashboardAPIEndpoint(t *testing.T) {
sqlmock := mockstore.SQLStoreMock{}
setUp := func() {
dashSvc := dashboards.NewFakeDashboardService(t)
dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Return(nil)
dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Return(nil)
guardian.InitLegacyGuardian(&sqlmock, dashSvc)
}
@ -769,7 +769,7 @@ func TestDashboardAPIEndpoint(t *testing.T) {
t.Run("when user does have permission", func(t *testing.T) {
role := models.ROLE_ADMIN
postDiffScenario(t, "When calling POST on", "/api/dashboards/calculate-diff", "/api/dashboards/calculate-diff", cmd, role, func(sc *scenarioContext) {
// This test shouldn't hit GetDashboardAclInfoList, so no setup needed
// This test shouldn't hit GetDashboardACLInfoList, so no setup needed
sc.dashboardVersionService = fakeDashboardVersionService
callPostDashboard(sc)
assert.Equal(t, 200, sc.resp.Code)
@ -782,7 +782,7 @@ func TestDashboardAPIEndpoint(t *testing.T) {
fakeDash := models.NewDashboard("Child dash")
fakeDash.Id = 2
fakeDash.FolderId = folderID
fakeDash.HasAcl = false
fakeDash.HasACL = false
dashboardService := dashboards.NewFakeDashboardService(t)
dashboardService.On("GetDashboard", mock.Anything, mock.AnythingOfType("*models.GetDashboardQuery")).Run(func(args mock.Arguments) {
@ -819,7 +819,7 @@ func TestDashboardAPIEndpoint(t *testing.T) {
t.Run("Given dashboard in general folder being restored should restore to general folder", func(t *testing.T) {
fakeDash := models.NewDashboard("Child dash")
fakeDash.Id = 2
fakeDash.HasAcl = false
fakeDash.HasACL = false
dashboardService := dashboards.NewFakeDashboardService(t)
dashboardService.On("GetDashboard", mock.Anything, mock.AnythingOfType("*models.GetDashboardQuery")).Run(func(args mock.Arguments) {
@ -865,9 +865,9 @@ func TestDashboardAPIEndpoint(t *testing.T) {
q := args.Get(1).(*models.GetDashboardQuery)
q.Result = &models.Dashboard{Id: 1, Data: dataValue}
}).Return(nil)
dashboardService.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardAclInfoListQuery)
q.Result = []*models.DashboardAclInfoDTO{{OrgId: testOrgID, DashboardId: 1, UserId: testUserID, Permission: models.PERMISSION_EDIT}}
dashboardService.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardACLInfoListQuery)
q.Result = []*models.DashboardACLInfoDTO{{OrgId: testOrgID, DashboardId: 1, UserId: testUserID, Permission: models.PERMISSION_EDIT}}
}).Return(nil)
guardian.InitLegacyGuardian(mockSQLStore, dashboardService)

6
pkg/api/docs/definitions/dashboard_permissions.go
View File

@ -73,7 +73,7 @@ type GetDashboardPermissionsParams struct {
type PostDashboardPermissionsParams struct {
// in:body
// required:true
Body dtos.UpdateDashboardAclCommand
Body dtos.UpdateDashboardACLCommand
// in:path
DashboardID int64
}
@ -82,7 +82,7 @@ type PostDashboardPermissionsParams struct {
type PostDashboardPermissionsWithUIDParams struct {
// in:body
// required:true
Body dtos.UpdateDashboardAclCommand
Body dtos.UpdateDashboardACLCommand
// in:path
// required:true
// description: The dashboard UID
@ -92,5 +92,5 @@ type PostDashboardPermissionsWithUIDParams struct {
// swagger:response getDashboardPermissionsResponse
type GetDashboardPermissionsResponse struct {
// in: body
Body []*models.DashboardAclInfoDTO `json:"body"`
Body []*models.DashboardACLInfoDTO `json:"body"`
}

2
pkg/api/docs/definitions/folder.go
View File

@ -109,7 +109,7 @@ type PostDashboardPermissionsParam struct {
FolderUID string `json:"folder_uid"`
// in:body
// required:true
Body dtos.UpdateDashboardAclCommand
Body dtos.UpdateDashboardACLCommand
}
// swagger:parameters getFolderByID

6
pkg/api/dtos/acl.go
View File

@ -3,12 +3,12 @@ package dtos
import "github.com/grafana/grafana/pkg/models"
// swagger:model
type UpdateDashboardAclCommand struct {
Items []DashboardAclUpdateItem `json:"items"`
type UpdateDashboardACLCommand struct {
Items []DashboardACLUpdateItem `json:"items"`
}
// swagger:model
type DashboardAclUpdateItem struct {
type DashboardACLUpdateItem struct {
UserID int64 `json:"userId"`
TeamID int64 `json:"teamId"`
Role *models.RoleType `json:"role,omitempty"`

2
pkg/api/dtos/dashboard.go
View File

@ -24,7 +24,7 @@ type DashboardMeta struct {
UpdatedBy string `json:"updatedBy"`
CreatedBy string `json:"createdBy"`
Version int `json:"version"`
HasAcl bool `json:"hasAcl"`
HasACL bool `json:"hasAcl" xorm:"has_acl"`
IsFolder bool `json:"isFolder"`
FolderId int64 `json:"folderId"`
FolderUid string `json:"folderUid"`

2
pkg/api/dtos/folder.go
View File

@ -11,7 +11,7 @@ type Folder struct {
Uid string `json:"uid"`
Title string `json:"title"`
Url string `json:"url"`
HasAcl bool `json:"hasAcl"`
HasACL bool `json:"hasAcl" xorm:"has_acl"`
CanSave bool `json:"canSave"`
CanEdit bool `json:"canEdit"`
CanAdmin bool `json:"canAdmin"`

2
pkg/api/folder.go
View File

@ -164,7 +164,7 @@ func (hs *HTTPServer) toFolderDto(c *models.ReqContext, g guardian.DashboardGuar
Uid: folder.Uid,
Title: folder.Title,
Url: folder.Url,
HasAcl: folder.HasAcl,
HasACL: folder.HasACL,
CanSave: canSave,
CanEdit: canEdit,
CanAdmin: canAdmin,

22
pkg/api/folder_permission.go
View File

@ -28,12 +28,12 @@ func (hs *HTTPServer) GetFolderPermissionList(c *models.ReqContext) response.Res
return apierrors.ToFolderErrorResponse(dashboards.ErrFolderAccessDenied)
}
acl, err := g.GetAcl()
acl, err := g.GetACL()
if err != nil {
return response.Error(500, "Failed to get folder permissions", err)
}
filteredAcls := make([]*models.DashboardAclInfoDTO, 0, len(acl))
filteredACLs := make([]*models.DashboardACLInfoDTO, 0, len(acl))
for _, perm := range acl {
if perm.UserId > 0 && dtos.IsHiddenUser(perm.UserLogin, c.SignedInUser, hs.Cfg) {
continue
@ -52,14 +52,14 @@ func (hs *HTTPServer) GetFolderPermissionList(c *models.ReqContext) response.Res
perm.Url = models.GetDashboardFolderUrl(perm.IsFolder, perm.Uid, perm.Slug)
}
filteredAcls = append(filteredAcls, perm)
filteredACLs = append(filteredACLs, perm)
}
return response.JSON(http.StatusOK, filteredAcls)
return response.JSON(http.StatusOK, filteredACLs)
}
func (hs *HTTPServer) UpdateFolderPermissions(c *models.ReqContext) response.Response {
apiCmd := dtos.UpdateDashboardAclCommand{}
apiCmd := dtos.UpdateDashboardACLCommand{}
if err := web.Bind(c.Req, &apiCmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
@ -82,9 +82,9 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *models.ReqContext) response.Res
return apierrors.ToFolderErrorResponse(dashboards.ErrFolderAccessDenied)
}
var items []*models.DashboardAcl
var items []*models.DashboardACL
for _, item := range apiCmd.Items {
items = append(items, &models.DashboardAcl{
items = append(items, &models.DashboardACL{
OrgID: c.OrgId,
DashboardID: folder.Id,
UserID: item.UserID,
@ -116,7 +116,7 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *models.ReqContext) response.Res
}
if !hs.AccessControl.IsDisabled() {
old, err := g.GetAcl()
old, err := g.GetACL()
if err != nil {
return response.Error(500, "Error while checking dashboard permissions", err)
}
@ -127,14 +127,14 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *models.ReqContext) response.Res
}
if err := hs.DashboardService.UpdateDashboardACL(c.Req.Context(), folder.Id, items); err != nil {
if errors.Is(err, models.ErrDashboardAclInfoMissing) {
err = models.ErrFolderAclInfoMissing
if errors.Is(err, models.ErrDashboardACLInfoMissing) {
err = models.ErrFolderACLInfoMissing
}
if errors.Is(err, models.ErrDashboardPermissionDashboardEmpty) {
err = models.ErrFolderPermissionFolderEmpty
}
if errors.Is(err, models.ErrFolderAclInfoMissing) || errors.Is(err, models.ErrFolderPermissionFolderEmpty) {
if errors.Is(err, models.ErrFolderACLInfoMissing) || errors.Is(err, models.ErrFolderPermissionFolderEmpty) {
return response.Error(409, err.Error(), err)
}

46
pkg/api/folder_permission_test.go
View File

@ -56,8 +56,8 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) {
assert.Equal(t, 404, sc.resp.Code)
}, mockSQLStore)
cmd := dtos.UpdateDashboardAclCommand{
Items: []dtos.DashboardAclUpdateItem{
cmd := dtos.UpdateDashboardACLCommand{
Items: []dtos.DashboardACLUpdateItem{
{UserID: 1000, Permission: models.PERMISSION_ADMIN},
},
}
@ -89,8 +89,8 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) {
assert.Equal(t, 403, sc.resp.Code)
}, mockSQLStore)
cmd := dtos.UpdateDashboardAclCommand{
Items: []dtos.DashboardAclUpdateItem{
cmd := dtos.UpdateDashboardACLCommand{
Items: []dtos.DashboardACLUpdateItem{
{UserID: 1000, Permission: models.PERMISSION_ADMIN},
},
}
@ -116,7 +116,7 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) {
guardian.MockDashboardGuardian(&guardian.FakeDashboardGuardian{
CanAdminValue: true,
CheckPermissionBeforeUpdateValue: true,
GetAclValue: []*models.DashboardAclInfoDTO{
GetACLValue: []*models.DashboardACLInfoDTO{
{OrgId: 1, DashboardId: 1, UserId: 2, Permission: models.PERMISSION_VIEW},
{OrgId: 1, DashboardId: 1, UserId: 3, Permission: models.PERMISSION_EDIT},
{OrgId: 1, DashboardId: 1, UserId: 4, Permission: models.PERMISSION_ADMIN},
@ -134,7 +134,7 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) {
callGetFolderPermissions(sc, hs)
assert.Equal(t, 200, sc.resp.Code)
var resp []*models.DashboardAclInfoDTO
var resp []*models.DashboardACLInfoDTO
err := json.Unmarshal(sc.resp.Body.Bytes(), &resp)
require.NoError(t, err)
@ -143,8 +143,8 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) {
assert.Equal(t, models.PERMISSION_VIEW, resp[0].Permission)
}, mockSQLStore)
cmd := dtos.UpdateDashboardAclCommand{
Items: []dtos.DashboardAclUpdateItem{
cmd := dtos.UpdateDashboardACLCommand{
Items: []dtos.DashboardACLUpdateItem{
{UserID: 1000, Permission: models.PERMISSION_ADMIN},
},
}
@ -186,8 +186,8 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) {
folderResponse := &models.Folder{Id: 1, Uid: "uid", Title: "Folder"}
folderService.On("GetFolderByUID", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(folderResponse, nil).Once()
cmd := dtos.UpdateDashboardAclCommand{
Items: []dtos.DashboardAclUpdateItem{
cmd := dtos.UpdateDashboardACLCommand{
Items: []dtos.DashboardACLUpdateItem{
{UserID: 1000, Permission: models.PERMISSION_ADMIN},
},
}
@ -206,14 +206,14 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) {
t.Run("When trying to update team or user permissions with a role", func(t *testing.T) {
role := models.ROLE_ADMIN
cmds := []dtos.UpdateDashboardAclCommand{
cmds := []dtos.UpdateDashboardACLCommand{
{
Items: []dtos.DashboardAclUpdateItem{
Items: []dtos.DashboardACLUpdateItem{
{UserID: 1000, Permission: models.PERMISSION_ADMIN, Role: &role},
},
},
{
Items: []dtos.DashboardAclUpdateItem{
Items: []dtos.DashboardACLUpdateItem{
{TeamID: 1000, Permission: models.PERMISSION_ADMIN, Role: &role},
},
},
@ -251,8 +251,8 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) {
folderResponse := &models.Folder{Id: 1, Uid: "uid", Title: "Folder"}
folderService.On("GetFolderByUID", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(folderResponse, nil).Once()
cmd := dtos.UpdateDashboardAclCommand{
Items: []dtos.DashboardAclUpdateItem{
cmd := dtos.UpdateDashboardACLCommand{
Items: []dtos.DashboardACLUpdateItem{
{UserID: 1000, Permission: models.PERMISSION_ADMIN},
},
}
@ -283,25 +283,25 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) {
guardian.MockDashboardGuardian(&guardian.FakeDashboardGuardian{
CanAdminValue: true,
CheckPermissionBeforeUpdateValue: true,
GetAclValue: []*models.DashboardAclInfoDTO{
GetACLValue: []*models.DashboardACLInfoDTO{
{OrgId: 1, DashboardId: 1, UserId: 2, UserLogin: "hiddenUser", Permission: models.PERMISSION_VIEW},
{OrgId: 1, DashboardId: 1, UserId: 3, UserLogin: testUserLogin, Permission: models.PERMISSION_EDIT},
{OrgId: 1, DashboardId: 1, UserId: 4, UserLogin: "user_1", Permission: models.PERMISSION_ADMIN},
},
GetHiddenAclValue: []*models.DashboardAcl{
GetHiddenACLValue: []*models.DashboardACL{
{OrgID: 1, DashboardID: 1, UserID: 2, Permission: models.PERMISSION_VIEW},
},
})
var gotItems []*models.DashboardAcl
var gotItems []*models.DashboardACL
folderResponse := &models.Folder{Id: 1, Uid: "uid", Title: "Folder"}
folderService.On("GetFolderByUID", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(folderResponse, nil).Twice()
dashboardStore.On("UpdateDashboardACL", mock.Anything, mock.Anything, mock.Anything).Run(func(args mock.Arguments) {
gotItems = args.Get(2).([]*models.DashboardAcl)
gotItems = args.Get(2).([]*models.DashboardACL)
}).Return(nil).Once()
var resp []*models.DashboardAclInfoDTO
var resp []*models.DashboardACLInfoDTO
mockSQLStore := mockstore.NewSQLStoreMock()
loggedInUserScenarioWithRole(t, "When calling GET on", "GET", "/api/folders/uid/permissions", "/api/folders/:uid/permissions", models.ROLE_ADMIN, func(sc *scenarioContext) {
callGetFolderPermissions(sc, hs)
@ -317,13 +317,13 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) {
assert.Equal(t, models.PERMISSION_ADMIN, resp[1].Permission)
}, mockSQLStore)
cmd := dtos.UpdateDashboardAclCommand{
Items: []dtos.DashboardAclUpdateItem{
cmd := dtos.UpdateDashboardACLCommand{
Items: []dtos.DashboardACLUpdateItem{
{UserID: 1000, Permission: models.PERMISSION_ADMIN},
},
}
for _, acl := range resp {
cmd.Items = append(cmd.Items, dtos.DashboardAclUpdateItem{
cmd.Items = append(cmd.Items, dtos.DashboardACLUpdateItem{
UserID: acl.UserId,
Permission: acl.Permission,
})

6
pkg/api/folder_test.go
View File

@ -235,10 +235,10 @@ func createFolderScenario(t *testing.T, desc string, url string, routePattern st
cmd models.CreateFolderCommand, fn scenarioFunc) {
setUpRBACGuardian(t)
t.Run(fmt.Sprintf("%s %s", desc, url), func(t *testing.T) {
aclMockResp := []*models.DashboardAclInfoDTO{}
aclMockResp := []*models.DashboardACLInfoDTO{}
dashSvc := &dashboards.FakeDashboardService{}
dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardAclInfoListQuery)
dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardACLInfoListQuery)
q.Result = aclMockResp
}).Return(nil)
store := mockstore.NewSQLStoreMock()

2
pkg/api/org_users_test.go
View File

@ -155,7 +155,7 @@ func TestOrgUsersAPIEndpoint_LegacyAccessControl_FolderAdmin(t *testing.T) {
require.NotNil(t, folder)
// Grant our test Viewer with permission to admin the folder
acls := []*models.DashboardAcl{
acls := []*models.DashboardACL{
{
DashboardID: folder.Id,
OrgID: testOrgID,

22
pkg/models/dashboard_acl.go
View File

@ -24,16 +24,16 @@ func (p PermissionType) String() string {
// Typed errors
var (
ErrDashboardAclInfoMissing = errors.New("user id and team id cannot both be empty for a dashboard permission")
ErrDashboardACLInfoMissing = errors.New("user id and team id cannot both be empty for a dashboard permission")
ErrDashboardPermissionDashboardEmpty = errors.New("dashboard id must be greater than zero for a dashboard permission")
ErrFolderAclInfoMissing = errors.New("user id and team id cannot both be empty for a folder permission")
ErrFolderACLInfoMissing = errors.New("user id and team id cannot both be empty for a folder permission")
ErrFolderPermissionFolderEmpty = errors.New("folder id must be greater than zero for a folder permission")
ErrPermissionsWithRoleNotAllowed = errors.New("permissions cannot have both a user and team")
ErrPermissionsWithUserAndTeamNotAllowed = errors.New("team and user permissions cannot have an associated role")
)
// Dashboard ACL model
type DashboardAcl struct {
type DashboardACL struct {
// nolint:stylecheck
Id int64
OrgID int64 `xorm:"org_id"`
@ -48,7 +48,7 @@ type DashboardAcl struct {
Updated time.Time
}
type DashboardAclInfoDTO struct {
type DashboardACLInfoDTO struct {
OrgId int64 `json:"-"`
DashboardId int64 `json:"dashboardId,omitempty"`
FolderId int64 `json:"folderId,omitempty"`
@ -75,7 +75,7 @@ type DashboardAclInfoDTO struct {
Inherited bool `json:"inherited"`
}
func (dto *DashboardAclInfoDTO) hasSameRoleAs(other *DashboardAclInfoDTO) bool {
func (dto *DashboardACLInfoDTO) hasSameRoleAs(other *DashboardACLInfoDTO) bool {
if dto.Role == nil || other.Role == nil {
return false
}
@ -83,24 +83,26 @@ func (dto *DashboardAclInfoDTO) hasSameRoleAs(other *DashboardAclInfoDTO) bool {
return dto.UserId <= 0 && dto.TeamId <= 0 && dto.UserId == other.UserId && dto.TeamId == other.TeamId && *dto.Role == *other.Role
}
func (dto *DashboardAclInfoDTO) hasSameUserAs(other *DashboardAclInfoDTO) bool {
func (dto *DashboardACLInfoDTO) hasSameUserAs(other *DashboardACLInfoDTO) bool {
return dto.UserId > 0 && dto.UserId == other.UserId
}
func (dto *DashboardAclInfoDTO) hasSameTeamAs(other *DashboardAclInfoDTO) bool {
func (dto *DashboardACLInfoDTO) hasSameTeamAs(other *DashboardACLInfoDTO) bool {
return dto.TeamId > 0 && dto.TeamId == other.TeamId
}
// IsDuplicateOf returns true if other item has same role, same user or same team
func (dto *DashboardAclInfoDTO) IsDuplicateOf(other *DashboardAclInfoDTO) bool {
func (dto *DashboardACLInfoDTO) IsDuplicateOf(other *DashboardACLInfoDTO) bool {
return dto.hasSameRoleAs(other) || dto.hasSameUserAs(other) || dto.hasSameTeamAs(other)
}
//
// QUERIES
//
type GetDashboardAclInfoListQuery struct {
type GetDashboardACLInfoListQuery struct {
DashboardID int64
OrgID int64
Result []*DashboardAclInfoDTO
Result []*DashboardACLInfoDTO
}
func (p DashboardACL) TableName() string { return "dashboard_acl" }

2
pkg/models/dashboards.go
View File

@ -36,7 +36,7 @@ type Dashboard struct {
CreatedBy int64
FolderId int64
IsFolder bool
HasAcl bool
HasACL bool `xorm:"has_acl"`
Title string
Data *simplejson.Json

4
pkg/models/folders.go
View File

@ -17,7 +17,7 @@ type Folder struct {
UpdatedBy int64
CreatedBy int64
HasAcl bool
HasACL bool
}
// NewFolder creates a new Folder
@ -35,7 +35,7 @@ func DashboardToFolder(dash *Dashboard) *Folder {
Id: dash.Id,
Uid: dash.Uid,
Title: dash.Title,
HasAcl: dash.HasAcl,
HasACL: dash.HasACL,
Url: dash.GetUrl(),
Version: dash.Version,
Created: dash.Created,

8
pkg/services/dashboards/dashboard.go
View File

@ -13,7 +13,7 @@ type DashboardService interface {
DeleteDashboard(ctx context.Context, dashboardId int64, orgId int64) error
FindDashboards(ctx context.Context, query *models.FindPersistedDashboardsQuery) ([]DashboardSearchProjection, error)
GetDashboard(ctx context.Context, query *models.GetDashboardQuery) error
GetDashboardAclInfoList(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error
GetDashboardACLInfoList(ctx context.Context, query *models.GetDashboardACLInfoListQuery) error
GetDashboards(ctx context.Context, query *models.GetDashboardsQuery) error
GetDashboardTags(ctx context.Context, query *models.GetDashboardTagsQuery) error
GetDashboardUIDById(ctx context.Context, query *models.GetDashboardRefByIdQuery) error
@ -23,7 +23,7 @@ type DashboardService interface {
MakeUserAdmin(ctx context.Context, orgID int64, userID, dashboardID int64, setViewAndEditPermissions bool) error
SaveDashboard(ctx context.Context, dto *SaveDashboardDTO, allowUiUpdate bool) (*models.Dashboard, error)
SearchDashboards(ctx context.Context, query *models.FindPersistedDashboardsQuery) error
UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardAcl) error
UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardACL) error
}
// PluginService is a service for operating on plugin dashboards.
@ -51,7 +51,7 @@ type Store interface {
DeleteOrphanedProvisionedDashboards(ctx context.Context, cmd *models.DeleteOrphanedProvisionedDashboardsCommand) error
FindDashboards(ctx context.Context, query *models.FindPersistedDashboardsQuery) ([]DashboardSearchProjection, error)
GetDashboard(ctx context.Context, query *models.GetDashboardQuery) (*models.Dashboard, error)
GetDashboardAclInfoList(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error
GetDashboardACLInfoList(ctx context.Context, query *models.GetDashboardACLInfoListQuery) error
GetDashboardUIDById(ctx context.Context, query *models.GetDashboardRefByIdQuery) error
GetDashboards(ctx context.Context, query *models.GetDashboardsQuery) error
// GetDashboardsByPluginID retrieves dashboards identified by plugin.
@ -67,7 +67,7 @@ type Store interface {
SaveDashboard(cmd models.SaveDashboardCommand) (*models.Dashboard, error)
SaveProvisionedDashboard(cmd models.SaveDashboardCommand, provisioning *models.DashboardProvisioning) (*models.Dashboard, error)
UnprovisionDashboard(ctx context.Context, id int64) error
UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardAcl) error
UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardACL) error
// ValidateDashboardBeforeSave validates a dashboard before save.
ValidateDashboardBeforeSave(dashboard *models.Dashboard, overwrite bool) (bool, error)
DeleteACLByUser(context.Context, int64) error

10
pkg/services/dashboards/dashboard_service_mock.go
View File

@ -90,12 +90,12 @@ func (_m *FakeDashboardService) GetDashboard(ctx context.Context, query *models.
return r0
}
// GetDashboardAclInfoList provides a mock function with given fields: ctx, query
func (_m *FakeDashboardService) GetDashboardAclInfoList(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error {
// GetDashboardACLInfoList provides a mock function with given fields: ctx, query
func (_m *FakeDashboardService) GetDashboardACLInfoList(ctx context.Context, query *models.GetDashboardACLInfoListQuery) error {
ret := _m.Called(ctx, query)
var r0 error
if rf, ok := ret.Get(0).(func(context.Context, *models.GetDashboardAclInfoListQuery) error); ok {
if rf, ok := ret.Get(0).(func(context.Context, *models.GetDashboardACLInfoListQuery) error); ok {
r0 = rf(ctx, query)
} else {
r0 = ret.Error(0)
@ -249,11 +249,11 @@ func (_m *FakeDashboardService) SearchDashboards(ctx context.Context, query *mod
}
// UpdateDashboardACL provides a mock function with given fields: ctx, uid, items
func (_m *FakeDashboardService) UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardAcl) error {
func (_m *FakeDashboardService) UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardACL) error {
ret := _m.Called(ctx, uid, items)
var r0 error
if rf, ok := ret.Get(0).(func(context.Context, int64, []*models.DashboardAcl) error); ok {
if rf, ok := ret.Get(0).(func(context.Context, int64, []*models.DashboardACL) error); ok {
r0 = rf(ctx, uid, items)
} else {
r0 = ret.Error(0)

6
pkg/services/dashboards/database/acl.go
View File

@ -7,14 +7,14 @@ import (
"github.com/grafana/grafana/pkg/services/sqlstore"
)
// GetDashboardAclInfoList returns a list of permissions for a dashboard. They can be fetched from three
// GetDashboardACLInfoList returns a list of permissions for a dashboard. They can be fetched from three
// different places.
// 1) Permissions for the dashboard
// 2) permissions for its parent folder
// 3) if no specific permissions have been set for the dashboard or its parent folder then get the default permissions
func (d *DashboardStore) GetDashboardAclInfoList(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error {
func (d *DashboardStore) GetDashboardACLInfoList(ctx context.Context, query *models.GetDashboardACLInfoListQuery) error {
outerErr := d.sqlStore.WithDbSession(ctx, func(dbSession *sqlstore.DBSession) error {
query.Result = make([]*models.DashboardAclInfoDTO, 0)
query.Result = make([]*models.DashboardACLInfoDTO, 0)
falseStr := d.dialect.BooleanStr(false)
if query.DashboardID == 0 {

64
pkg/services/dashboards/database/acl_test.go
View File

@ -10,7 +10,7 @@ import (
"github.com/stretchr/testify/require"
)
func TestIntegrationDashboardAclDataAccess(t *testing.T) {
func TestIntegrationDashboardACLDataAccess(t *testing.T) {
if testing.Short() {
t.Skip("skipping integration test")
}
@ -29,19 +29,19 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
t.Run("Dashboard permission with userId and teamId set to 0", func(t *testing.T) {
setup(t)
err := updateDashboardAcl(t, dashboardStore, savedFolder.Id, models.DashboardAcl{
err := updateDashboardACL(t, dashboardStore, savedFolder.Id, models.DashboardACL{
OrgID: 1,
DashboardID: savedFolder.Id,
Permission: models.PERMISSION_EDIT,
})
require.Equal(t, models.ErrDashboardAclInfoMissing, err)
require.Equal(t, models.ErrDashboardACLInfoMissing, err)
})
t.Run("Folder acl should include default acl", func(t *testing.T) {
setup(t)
query := models.GetDashboardAclInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1}
query := models.GetDashboardACLInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1}
err := dashboardStore.GetDashboardAclInfoList(context.Background(), &query)
err := dashboardStore.GetDashboardACLInfoList(context.Background(), &query)
require.Nil(t, err)
require.Equal(t, 2, len(query.Result))
@ -56,9 +56,9 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
t.Run("Dashboard acl should include acl for parent folder", func(t *testing.T) {
setup(t)
query := models.GetDashboardAclInfoListQuery{DashboardID: childDash.Id, OrgID: 1}
query := models.GetDashboardACLInfoListQuery{DashboardID: childDash.Id, OrgID: 1}
err := dashboardStore.GetDashboardAclInfoList(context.Background(), &query)
err := dashboardStore.GetDashboardACLInfoList(context.Background(), &query)
require.Nil(t, err)
require.Equal(t, 2, len(query.Result))
@ -76,8 +76,8 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
err := dashboardStore.UpdateDashboardACL(context.Background(), savedFolder.Id, nil)
require.Nil(t, err)
query := models.GetDashboardAclInfoListQuery{DashboardID: childDash.Id, OrgID: 1}
err = dashboardStore.GetDashboardAclInfoList(context.Background(), &query)
query := models.GetDashboardACLInfoListQuery{DashboardID: childDash.Id, OrgID: 1}
err = dashboardStore.GetDashboardACLInfoList(context.Background(), &query)
require.Nil(t, err)
require.Equal(t, 0, len(query.Result))
@ -86,7 +86,7 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
t.Run("Given a dashboard folder and a user", func(t *testing.T) {
t.Run("Given dashboard folder permission", func(t *testing.T) {
setup(t)
err := updateDashboardAcl(t, dashboardStore, savedFolder.Id, models.DashboardAcl{
err := updateDashboardACL(t, dashboardStore, savedFolder.Id, models.DashboardACL{
OrgID: 1,
UserID: currentUser.ID,
DashboardID: savedFolder.Id,
@ -95,9 +95,9 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
require.Nil(t, err)
t.Run("When reading dashboard acl should include acl for parent folder", func(t *testing.T) {
query := models.GetDashboardAclInfoListQuery{DashboardID: childDash.Id, OrgID: 1}
query := models.GetDashboardACLInfoListQuery{DashboardID: childDash.Id, OrgID: 1}
err := dashboardStore.GetDashboardAclInfoList(context.Background(), &query)
err := dashboardStore.GetDashboardACLInfoList(context.Background(), &query)
require.Nil(t, err)
require.Equal(t, 1, len(query.Result))
@ -105,7 +105,7 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
})
t.Run("Given child dashboard permission", func(t *testing.T) {
err := updateDashboardAcl(t, dashboardStore, childDash.Id, models.DashboardAcl{
err := updateDashboardACL(t, dashboardStore, childDash.Id, models.DashboardACL{
OrgID: 1,
UserID: currentUser.ID,
DashboardID: childDash.Id,
@ -114,9 +114,9 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
require.Nil(t, err)
t.Run("When reading dashboard acl should include acl for parent folder and child", func(t *testing.T) {
query := models.GetDashboardAclInfoListQuery{OrgID: 1, DashboardID: childDash.Id}
query := models.GetDashboardACLInfoListQuery{OrgID: 1, DashboardID: childDash.Id}
err := dashboardStore.GetDashboardAclInfoList(context.Background(), &query)
err := dashboardStore.GetDashboardACLInfoList(context.Background(), &query)
require.Nil(t, err)
require.Equal(t, 2, len(query.Result))
@ -130,7 +130,7 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
t.Run("Reading dashboard acl should include default acl for parent folder and the child acl", func(t *testing.T) {
setup(t)
err := updateDashboardAcl(t, dashboardStore, childDash.Id, models.DashboardAcl{
err := updateDashboardACL(t, dashboardStore, childDash.Id, models.DashboardACL{
OrgID: 1,
UserID: currentUser.ID,
DashboardID: childDash.Id,
@ -138,9 +138,9 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
})
require.Nil(t, err)
query := models.GetDashboardAclInfoListQuery{OrgID: 1, DashboardID: childDash.Id}
query := models.GetDashboardACLInfoListQuery{OrgID: 1, DashboardID: childDash.Id}
err = dashboardStore.GetDashboardAclInfoList(context.Background(), &query)
err = dashboardStore.GetDashboardACLInfoList(context.Background(), &query)
require.Nil(t, err)
defaultPermissionsId := int64(-1)
@ -157,7 +157,7 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
t.Run("Add and delete dashboard permission", func(t *testing.T) {
setup(t)
err := updateDashboardAcl(t, dashboardStore, savedFolder.Id, models.DashboardAcl{
err := updateDashboardACL(t, dashboardStore, savedFolder.Id, models.DashboardACL{
OrgID: 1,
UserID: currentUser.ID,
DashboardID: savedFolder.Id,
@ -165,8 +165,8 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
})
require.Nil(t, err)
q1 := &models.GetDashboardAclInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1}
err = dashboardStore.GetDashboardAclInfoList(context.Background(), q1)
q1 := &models.GetDashboardACLInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1}
err = dashboardStore.GetDashboardACLInfoList(context.Background(), q1)
require.Nil(t, err)
require.Equal(t, savedFolder.Id, q1.Result[0].DashboardId)
@ -176,11 +176,11 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
require.Equal(t, currentUser.Login, q1.Result[0].UserLogin)
require.Equal(t, currentUser.Email, q1.Result[0].UserEmail)
err = updateDashboardAcl(t, dashboardStore, savedFolder.Id)
err = updateDashboardACL(t, dashboardStore, savedFolder.Id)
require.Nil(t, err)
q3 := &models.GetDashboardAclInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1}
err = dashboardStore.GetDashboardAclInfoList(context.Background(), q3)
q3 := &models.GetDashboardACLInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1}
err = dashboardStore.GetDashboardACLInfoList(context.Background(), q3)
require.Nil(t, err)
require.Equal(t, 0, len(q3.Result))
})
@ -190,7 +190,7 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
team1, err := sqlStore.CreateTeam("group1 name", "", 1)
require.Nil(t, err)
err = updateDashboardAcl(t, dashboardStore, savedFolder.Id, models.DashboardAcl{
err = updateDashboardACL(t, dashboardStore, savedFolder.Id, models.DashboardACL{
OrgID: 1,
TeamID: team1.Id,
DashboardID: savedFolder.Id,
@ -198,8 +198,8 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
})
require.Nil(t, err)
q1 := &models.GetDashboardAclInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1}
err = dashboardStore.GetDashboardAclInfoList(context.Background(), q1)
q1 := &models.GetDashboardACLInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1}
err = dashboardStore.GetDashboardACLInfoList(context.Background(), q1)
require.Nil(t, err)
require.Equal(t, savedFolder.Id, q1.Result[0].DashboardId)
require.Equal(t, models.PERMISSION_EDIT, q1.Result[0].Permission)
@ -210,7 +210,7 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
setup(t)
team1, err := sqlStore.CreateTeam("group1 name", "", 1)
require.Nil(t, err)
err = updateDashboardAcl(t, dashboardStore, savedFolder.Id, models.DashboardAcl{
err = updateDashboardACL(t, dashboardStore, savedFolder.Id, models.DashboardACL{
OrgID: 1,
TeamID: team1.Id,
DashboardID: savedFolder.Id,
@ -218,8 +218,8 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
})
require.Nil(t, err)
q3 := &models.GetDashboardAclInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1}
err = dashboardStore.GetDashboardAclInfoList(context.Background(), q3)
q3 := &models.GetDashboardACLInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1}
err = dashboardStore.GetDashboardACLInfoList(context.Background(), q3)
require.Nil(t, err)
require.Equal(t, 1, len(q3.Result))
require.Equal(t, savedFolder.Id, q3.Result[0].DashboardId)
@ -233,9 +233,9 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) {
var rootFolderId int64 = 0
//sqlStore := sqlstore.InitTestDB(t)
query := models.GetDashboardAclInfoListQuery{DashboardID: rootFolderId, OrgID: 1}
query := models.GetDashboardACLInfoListQuery{DashboardID: rootFolderId, OrgID: 1}
err := dashboardStore.GetDashboardAclInfoList(context.Background(), &query)
err := dashboardStore.GetDashboardACLInfoList(context.Background(), &query)
require.Nil(t, err)
require.Equal(t, 2, len(query.Result))

8
pkg/services/dashboards/database/database.go
View File

@ -192,7 +192,7 @@ func (d *DashboardStore) SaveDashboard(cmd models.SaveDashboardCommand) (*models
return cmd.Result, err
}
func (d *DashboardStore) UpdateDashboardACL(ctx context.Context, dashboardID int64, items []*models.DashboardAcl) error {
func (d *DashboardStore) UpdateDashboardACL(ctx context.Context, dashboardID int64, items []*models.DashboardACL) error {
return d.sqlStore.WithTransactionalDbSession(ctx, func(sess *sqlstore.DBSession) error {
// delete existing items
_, err := sess.Exec("DELETE FROM dashboard_acl WHERE dashboard_id=?", dashboardID)
@ -202,7 +202,7 @@ func (d *DashboardStore) UpdateDashboardACL(ctx context.Context, dashboardID int
for _, item := range items {
if item.UserID == 0 && item.TeamID == 0 && (item.Role == nil || !item.Role.IsValid()) {
return models.ErrDashboardAclInfoMissing
return models.ErrDashboardACLInfoMissing
}
if item.DashboardID == 0 {
@ -215,8 +215,8 @@ func (d *DashboardStore) UpdateDashboardACL(ctx context.Context, dashboardID int
}
}
// Update dashboard HasAcl flag
dashboard := models.Dashboard{HasAcl: true}
// Update dashboard HasACL flag
dashboard := models.Dashboard{HasACL: true}
_, err = sess.Cols("has_acl").Where("id=?", dashboardID).Update(&dashboard)
return err
})

22
pkg/services/dashboards/database/database_folder_test.go
View File

@ -54,7 +54,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) {
t.Run("and acl is set for dashboard folder", func(t *testing.T) {
var otherUser int64 = 999
err := updateDashboardAcl(t, dashboardStore, folder.Id, models.DashboardAcl{
err := updateDashboardACL(t, dashboardStore, folder.Id, models.DashboardACL{
DashboardID: folder.Id,
OrgID: 1,
UserID: otherUser,
@ -75,7 +75,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) {
})
t.Run("when the user is given permission", func(t *testing.T) {
err := updateDashboardAcl(t, dashboardStore, folder.Id, models.DashboardAcl{
err := updateDashboardACL(t, dashboardStore, folder.Id, models.DashboardACL{
DashboardID: folder.Id, OrgID: 1, UserID: currentUser.ID, Permission: models.PERMISSION_EDIT,
})
require.NoError(t, err)
@ -116,9 +116,9 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) {
t.Run("and acl is set for dashboard child and folder has all permissions removed", func(t *testing.T) {
var otherUser int64 = 999
err := updateDashboardAcl(t, dashboardStore, folder.Id)
err := updateDashboardACL(t, dashboardStore, folder.Id)
require.NoError(t, err)
err = updateDashboardAcl(t, dashboardStore, childDash.Id, models.DashboardAcl{
err = updateDashboardACL(t, dashboardStore, childDash.Id, models.DashboardACL{
DashboardID: folder.Id, OrgID: 1, UserID: otherUser, Permission: models.PERMISSION_EDIT,
})
require.NoError(t, err)
@ -134,7 +134,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) {
})
t.Run("when the user is given permission to child", func(t *testing.T) {
err := updateDashboardAcl(t, dashboardStore, childDash.Id, models.DashboardAcl{
err := updateDashboardACL(t, dashboardStore, childDash.Id, models.DashboardACL{
DashboardID: childDash.Id, OrgID: 1, UserID: currentUser.ID, Permission: models.PERMISSION_EDIT,
})
require.NoError(t, err)
@ -211,7 +211,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) {
t.Run("and acl is set for one dashboard folder", func(t *testing.T) {
const otherUser int64 = 999
err := updateDashboardAcl(t, dashboardStore, folder1.Id, models.DashboardAcl{
err := updateDashboardACL(t, dashboardStore, folder1.Id, models.DashboardACL{
DashboardID: folder1.Id, OrgID: 1, UserID: otherUser, Permission: models.PERMISSION_EDIT,
})
require.NoError(t, err)
@ -252,7 +252,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) {
})
t.Run("and a dashboard with an acl is moved to the folder without an acl", func(t *testing.T) {
err := updateDashboardAcl(t, dashboardStore, childDash1.Id, models.DashboardAcl{
err := updateDashboardACL(t, dashboardStore, childDash1.Id, models.DashboardACL{
DashboardID: childDash1.Id, OrgID: 1, UserID: otherUser, Permission: models.PERMISSION_EDIT,
})
require.NoError(t, err)
@ -348,7 +348,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) {
})
t.Run("Should have write access to one dashboard folder if default role changed to view for one folder", func(t *testing.T) {
err := updateDashboardAcl(t, dashboardStore, folder1.Id, models.DashboardAcl{
err := updateDashboardACL(t, dashboardStore, folder1.Id, models.DashboardACL{
DashboardID: folder1.Id, OrgID: 1, UserID: editorUser.ID, Permission: models.PERMISSION_VIEW,
})
require.NoError(t, err)
@ -394,7 +394,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) {
})
t.Run("Should be able to get one dashboard folder if default role changed to edit for one folder", func(t *testing.T) {
err := updateDashboardAcl(t, dashboardStore, folder1.Id, models.DashboardAcl{
err := updateDashboardACL(t, dashboardStore, folder1.Id, models.DashboardACL{
DashboardID: folder1.Id, OrgID: 1, UserID: viewerUser.ID, Permission: models.PERMISSION_EDIT,
})
require.NoError(t, err)
@ -427,7 +427,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) {
})
t.Run("and admin permission is given for user with org role viewer in one dashboard folder", func(t *testing.T) {
err := updateDashboardAcl(t, dashboardStore, folder1.Id, models.DashboardAcl{
err := updateDashboardACL(t, dashboardStore, folder1.Id, models.DashboardACL{
DashboardID: folder1.Id, OrgID: 1, UserID: viewerUser.ID, Permission: models.PERMISSION_ADMIN,
})
require.NoError(t, err)
@ -443,7 +443,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) {
})
t.Run("and edit permission is given for user with org role viewer in one dashboard folder", func(t *testing.T) {
err := updateDashboardAcl(t, dashboardStore, folder1.Id, models.DashboardAcl{
err := updateDashboardACL(t, dashboardStore, folder1.Id, models.DashboardACL{
DashboardID: folder1.Id, OrgID: 1, UserID: viewerUser.ID, Permission: models.PERMISSION_EDIT,
})
require.NoError(t, err)

6
pkg/services/dashboards/database/database_test.go
View File

@ -723,11 +723,11 @@ func insertTestDashboardForPlugin(t *testing.T, dashboardStore *DashboardStore,
return dash
}
func updateDashboardAcl(t *testing.T, dashboardStore *DashboardStore, dashboardID int64,
items ...models.DashboardAcl) error {
func updateDashboardACL(t *testing.T, dashboardStore *DashboardStore, dashboardID int64,
items ...models.DashboardACL) error {
t.Helper()
var itemPtrs []*models.DashboardAcl
var itemPtrs []*models.DashboardACL
for _, it := range items {
item := it
item.Created = time.Now()

12
pkg/services/dashboards/service/dashboard_service.go
View File

@ -173,7 +173,7 @@ func (dr *DashboardServiceImpl) BuildSaveDashboardCommand(ctx context.Context, d
return cmd, nil
}
func (dr *DashboardServiceImpl) UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardAcl) error {
func (dr *DashboardServiceImpl) UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardACL) error {
return dr.dashboardStore.UpdateDashboardACL(ctx, uid, items)
}
@ -371,7 +371,7 @@ func (dr *DashboardServiceImpl) MakeUserAdmin(ctx context.Context, orgID int64,
rtEditor := models.ROLE_EDITOR
rtViewer := models.ROLE_VIEWER
items := []*models.DashboardAcl{
items := []*models.DashboardACL{
{
OrgID: orgID,
DashboardID: dashboardID,
@ -384,7 +384,7 @@ func (dr *DashboardServiceImpl) MakeUserAdmin(ctx context.Context, orgID int64,
if setViewAndEditPermissions {
items = append(items,
&models.DashboardAcl{
&models.DashboardACL{
OrgID: orgID,
DashboardID: dashboardID,
Role: &rtEditor,
@ -392,7 +392,7 @@ func (dr *DashboardServiceImpl) MakeUserAdmin(ctx context.Context, orgID int64,
Created: time.Now(),
Updated: time.Now(),
},
&models.DashboardAcl{
&models.DashboardACL{
OrgID: orgID,
DashboardID: dashboardID,
Role: &rtViewer,
@ -578,8 +578,8 @@ func makeQueryResult(query *models.FindPersistedDashboardsQuery, res []dashboard
}
}
func (dr *DashboardServiceImpl) GetDashboardAclInfoList(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error {
return dr.dashboardStore.GetDashboardAclInfoList(ctx, query)
func (dr *DashboardServiceImpl) GetDashboardACLInfoList(ctx context.Context, query *models.GetDashboardACLInfoListQuery) error {
return dr.dashboardStore.GetDashboardACLInfoList(ctx, query)
}
func (dr *DashboardServiceImpl) HasAdminPermissionInDashboardsOrFolders(ctx context.Context, query *models.HasAdminPermissionInDashboardsOrFoldersQuery) error {

10
pkg/services/dashboards/store_mock.go
View File

@ -90,12 +90,12 @@ func (_m *FakeDashboardStore) GetDashboard(ctx context.Context, query *models.Ge
return r0, r1
}
// GetDashboardAclInfoList provides a mock function with given fields: ctx, query
func (_m *FakeDashboardStore) GetDashboardAclInfoList(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error {
// GetDashboardACLInfoList provides a mock function with given fields: ctx, query
func (_m *FakeDashboardStore) GetDashboardACLInfoList(ctx context.Context, query *models.GetDashboardACLInfoListQuery) error {
ret := _m.Called(ctx, query)
var r0 error
if rf, ok := ret.Get(0).(func(context.Context, *models.GetDashboardAclInfoListQuery) error); ok {
if rf, ok := ret.Get(0).(func(context.Context, *models.GetDashboardACLInfoListQuery) error); ok {
r0 = rf(ctx, query)
} else {
r0 = ret.Error(0)
@ -401,11 +401,11 @@ func (_m *FakeDashboardStore) UnprovisionDashboard(ctx context.Context, id int64
}
// UpdateDashboardACL provides a mock function with given fields: ctx, uid, items
func (_m *FakeDashboardStore) UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardAcl) error {
func (_m *FakeDashboardStore) UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardACL) error {
ret := _m.Called(ctx, uid, items)
var r0 error
if rf, ok := ret.Get(0).(func(context.Context, int64, []*models.DashboardAcl) error); ok {
if rf, ok := ret.Get(0).(func(context.Context, int64, []*models.DashboardACL) error); ok {
r0 = rf(ctx, uid, items)
} else {
r0 = ret.Error(0)

22
pkg/services/guardian/accesscontrol_guardian.go
View File

@ -153,13 +153,13 @@ func (a *AccessControlDashboardGuardian) evaluate(evaluator accesscontrol.Evalua
return ok, err
}
func (a *AccessControlDashboardGuardian) CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardAcl) (bool, error) {
func (a *AccessControlDashboardGuardian) CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardACL) (bool, error) {
// always true for access control
return true, nil
}
// GetAcl translate access control permissions to dashboard acl info
func (a *AccessControlDashboardGuardian) GetAcl() ([]*models.DashboardAclInfoDTO, error) {
// GetACL translate access control permissions to dashboard acl info
func (a *AccessControlDashboardGuardian) GetACL() ([]*models.DashboardACLInfoDTO, error) {
if err := a.loadDashboard(); err != nil {
return nil, err
}
@ -176,7 +176,7 @@ func (a *AccessControlDashboardGuardian) GetAcl() ([]*models.DashboardAclInfoDTO
return nil, err
}
acl := make([]*models.DashboardAclInfoDTO, 0, len(permissions))
acl := make([]*models.DashboardACLInfoDTO, 0, len(permissions))
for _, p := range permissions {
if !p.IsManaged {
continue
@ -188,7 +188,7 @@ func (a *AccessControlDashboardGuardian) GetAcl() ([]*models.DashboardAclInfoDTO
role = &tmp
}
acl = append(acl, &models.DashboardAclInfoDTO{
acl = append(acl, &models.DashboardACLInfoDTO{
OrgId: a.dashboard.OrgId,
DashboardId: a.dashboard.Id,
FolderId: a.dashboard.FolderId,
@ -215,17 +215,17 @@ func (a *AccessControlDashboardGuardian) GetAcl() ([]*models.DashboardAclInfoDTO
return acl, nil
}
func (a *AccessControlDashboardGuardian) GetACLWithoutDuplicates() ([]*models.DashboardAclInfoDTO, error) {
return a.GetAcl()
func (a *AccessControlDashboardGuardian) GetACLWithoutDuplicates() ([]*models.DashboardACLInfoDTO, error) {
return a.GetACL()
}
func (a *AccessControlDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*models.DashboardAcl, error) {
var hiddenACL []*models.DashboardAcl
func (a *AccessControlDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*models.DashboardACL, error) {
var hiddenACL []*models.DashboardACL
if a.user.IsGrafanaAdmin {
return hiddenACL, nil
}
existingPermissions, err := a.GetAcl()
existingPermissions, err := a.GetACL()
if err != nil {
return hiddenACL, err
}
@ -236,7 +236,7 @@ func (a *AccessControlDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*mode
}
if _, hidden := cfg.HiddenUsers[item.UserLogin]; hidden {
hiddenACL = append(hiddenACL, &models.DashboardAcl{
hiddenACL = append(hiddenACL, &models.DashboardACL{
OrgID: item.OrgId,
DashboardID: item.DashboardId,
UserID: item.UserId,

88
pkg/services/guardian/guardian.go
View File

@ -24,23 +24,23 @@ type DashboardGuardian interface {
CanAdmin() (bool, error)
CanDelete() (bool, error)
CanCreate(folderID int64, isFolder bool) (bool, error)
CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardAcl) (bool, error)
CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardACL) (bool, error)
// GetAcl returns ACL.
GetAcl() ([]*models.DashboardAclInfoDTO, error)
// GetACL returns ACL.
GetACL() ([]*models.DashboardACLInfoDTO, error)
// GetACLWithoutDuplicates returns ACL and strips any permission
// that already has an inherited permission with higher or equal
// permission.
GetACLWithoutDuplicates() ([]*models.DashboardAclInfoDTO, error)
GetHiddenACL(*setting.Cfg) ([]*models.DashboardAcl, error)
GetACLWithoutDuplicates() ([]*models.DashboardACLInfoDTO, error)
GetHiddenACL(*setting.Cfg) ([]*models.DashboardACL, error)
}
type dashboardGuardianImpl struct {
user *models.SignedInUser
dashId int64
orgId int64
acl []*models.DashboardAclInfoDTO
acl []*models.DashboardACLInfoDTO
teams []*models.TeamDTO
log log.Logger
ctx context.Context
@ -101,12 +101,12 @@ func (g *dashboardGuardianImpl) HasPermission(permission models.PermissionType)
return g.logHasPermissionResult(permission, true, nil)
}
acl, err := g.GetAcl()
acl, err := g.GetACL()
if err != nil {
return g.logHasPermissionResult(permission, false, err)
}
result, err := g.checkAcl(permission, acl)
result, err := g.checkACL(permission, acl)
return g.logHasPermissionResult(permission, result, err)
}
@ -124,9 +124,9 @@ func (g *dashboardGuardianImpl) logHasPermissionResult(permission models.Permiss
return hasPermission, err
}
func (g *dashboardGuardianImpl) checkAcl(permission models.PermissionType, acl []*models.DashboardAclInfoDTO) (bool, error) {
func (g *dashboardGuardianImpl) checkACL(permission models.PermissionType, acl []*models.DashboardACLInfoDTO) (bool, error) {
orgRole := g.user.OrgRole
teamAclItems := []*models.DashboardAclInfoDTO{}
teamACLItems := []*models.DashboardACLInfoDTO{}
for _, p := range acl {
// user match
@ -145,12 +145,12 @@ func (g *dashboardGuardianImpl) checkAcl(permission models.PermissionType, acl [
// remember this rule for later
if p.TeamId > 0 {
teamAclItems = append(teamAclItems, p)
teamACLItems = append(teamACLItems, p)
}
}
// do we have team rules?
if len(teamAclItems) == 0 {
if len(teamACLItems) == 0 {
return false, nil
}
@ -172,14 +172,14 @@ func (g *dashboardGuardianImpl) checkAcl(permission models.PermissionType, acl [
return false, nil
}
func (g *dashboardGuardianImpl) CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardAcl) (bool, error) {
acl := []*models.DashboardAclInfoDTO{}
func (g *dashboardGuardianImpl) CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardACL) (bool, error) {
acl := []*models.DashboardACLInfoDTO{}
adminRole := models.ROLE_ADMIN
everyoneWithAdminRole := &models.DashboardAclInfoDTO{DashboardId: g.dashId, UserId: 0, TeamId: 0, Role: &adminRole, Permission: models.PERMISSION_ADMIN}
everyoneWithAdminRole := &models.DashboardACLInfoDTO{DashboardId: g.dashId, UserId: 0, TeamId: 0, Role: &adminRole, Permission: models.PERMISSION_ADMIN}
// validate that duplicate permissions don't exists
for _, p := range updatePermissions {
aclItem := &models.DashboardAclInfoDTO{DashboardId: p.DashboardID, UserId: p.UserID, TeamId: p.TeamID, Role: p.Role, Permission: p.Permission}
aclItem := &models.DashboardACLInfoDTO{DashboardId: p.DashboardID, UserId: p.UserID, TeamId: p.TeamID, Role: p.Role, Permission: p.Permission}
if aclItem.IsDuplicateOf(everyoneWithAdminRole) {
return false, ErrGuardianPermissionExists
}
@ -193,7 +193,7 @@ func (g *dashboardGuardianImpl) CheckPermissionBeforeUpdate(permission models.Pe
acl = append(acl, aclItem)
}
existingPermissions, err := g.GetAcl()
existingPermissions, err := g.GetACL()
if err != nil {
return false, err
}
@ -215,31 +215,31 @@ func (g *dashboardGuardianImpl) CheckPermissionBeforeUpdate(permission models.Pe
return true, nil
}
return g.checkAcl(permission, existingPermissions)
return g.checkACL(permission, existingPermissions)
}
// GetAcl returns dashboard acl
func (g *dashboardGuardianImpl) GetAcl() ([]*models.DashboardAclInfoDTO, error) {
// GetACL returns dashboard acl
func (g *dashboardGuardianImpl) GetACL() ([]*models.DashboardACLInfoDTO, error) {
if g.acl != nil {
return g.acl, nil
}
query := models.GetDashboardAclInfoListQuery{DashboardID: g.dashId, OrgID: g.orgId}
if err := g.dashboardService.GetDashboardAclInfoList(g.ctx, &query); err != nil {
query := models.GetDashboardACLInfoListQuery{DashboardID: g.dashId, OrgID: g.orgId}
if err := g.dashboardService.GetDashboardACLInfoList(g.ctx, &query); err != nil {
return nil, err
}
g.acl = query.Result
return g.acl, nil
}
func (g *dashboardGuardianImpl) GetACLWithoutDuplicates() ([]*models.DashboardAclInfoDTO, error) {
acl, err := g.GetAcl()
func (g *dashboardGuardianImpl) GetACLWithoutDuplicates() ([]*models.DashboardACLInfoDTO, error) {
acl, err := g.GetACL()
if err != nil {
return nil, err
}
nonInherited := []*models.DashboardAclInfoDTO{}
inherited := []*models.DashboardAclInfoDTO{}
nonInherited := []*models.DashboardACLInfoDTO{}
inherited := []*models.DashboardACLInfoDTO{}
for _, aclItem := range acl {
if aclItem.Inherited {
inherited = append(inherited, aclItem)
@ -248,18 +248,18 @@ func (g *dashboardGuardianImpl) GetACLWithoutDuplicates() ([]*models.DashboardAc
}
}
result := []*models.DashboardAclInfoDTO{}
for _, nonInheritedAclItem := range nonInherited {
result := []*models.DashboardACLInfoDTO{}
for _, nonInheritedACLItem := range nonInherited {
duplicate := false
for _, inheritedAclItem := range inherited {
if nonInheritedAclItem.IsDuplicateOf(inheritedAclItem) && nonInheritedAclItem.Permission <= inheritedAclItem.Permission {
for _, inheritedACLItem := range inherited {
if nonInheritedACLItem.IsDuplicateOf(inheritedACLItem) && nonInheritedACLItem.Permission <= inheritedACLItem.Permission {
duplicate = true
break
}
}
if !duplicate {
result = append(result, nonInheritedAclItem)
result = append(result, nonInheritedACLItem)
}
}
@ -280,13 +280,13 @@ func (g *dashboardGuardianImpl) getTeams() ([]*models.TeamDTO, error) {
return query.Result, err
}
func (g *dashboardGuardianImpl) GetHiddenACL(cfg *setting.Cfg) ([]*models.DashboardAcl, error) {
hiddenACL := make([]*models.DashboardAcl, 0)
func (g *dashboardGuardianImpl) GetHiddenACL(cfg *setting.Cfg) ([]*models.DashboardACL, error) {
hiddenACL := make([]*models.DashboardACL, 0)
if g.user.IsGrafanaAdmin {
return hiddenACL, nil
}
existingPermissions, err := g.GetAcl()
existingPermissions, err := g.GetACL()
if err != nil {
return hiddenACL, err
}
@ -297,7 +297,7 @@ func (g *dashboardGuardianImpl) GetHiddenACL(cfg *setting.Cfg) ([]*models.Dashbo
}
if _, hidden := cfg.HiddenUsers[item.UserLogin]; hidden {
hiddenACL = append(hiddenACL, &models.DashboardAcl{
hiddenACL = append(hiddenACL, &models.DashboardACL{
OrgID: item.OrgId,
DashboardID: item.DashboardId,
UserID: item.UserId,
@ -324,8 +324,8 @@ type FakeDashboardGuardian struct {
HasPermissionValue bool
CheckPermissionBeforeUpdateValue bool
CheckPermissionBeforeUpdateError error
GetAclValue []*models.DashboardAclInfoDTO
GetHiddenAclValue []*models.DashboardAcl
GetACLValue []*models.DashboardACLInfoDTO
GetHiddenACLValue []*models.DashboardACL
}
func (g *FakeDashboardGuardian) CanSave() (bool, error) {
@ -356,20 +356,20 @@ func (g *FakeDashboardGuardian) HasPermission(permission models.PermissionType)
return g.HasPermissionValue, nil
}
func (g *FakeDashboardGuardian) CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardAcl) (bool, error) {
func (g *FakeDashboardGuardian) CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardACL) (bool, error) {
return g.CheckPermissionBeforeUpdateValue, g.CheckPermissionBeforeUpdateError
}
func (g *FakeDashboardGuardian) GetAcl() ([]*models.DashboardAclInfoDTO, error) {
return g.GetAclValue, nil
func (g *FakeDashboardGuardian) GetACL() ([]*models.DashboardACLInfoDTO, error) {
return g.GetACLValue, nil
}
func (g *FakeDashboardGuardian) GetACLWithoutDuplicates() ([]*models.DashboardAclInfoDTO, error) {
return g.GetAcl()
func (g *FakeDashboardGuardian) GetACLWithoutDuplicates() ([]*models.DashboardACLInfoDTO, error) {
return g.GetACL()
}
func (g *FakeDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*models.DashboardAcl, error) {
return g.GetHiddenAclValue, nil
func (g *FakeDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*models.DashboardACL, error) {
return g.GetHiddenACLValue, nil
}
// nolint:unused

102
pkg/services/guardian/guardian_test.go
View File

@ -184,7 +184,7 @@ func (sc *scenarioContext) defaultPermissionScenario(pt permissionType, flag per
_, callerFile, callerLine, _ := runtime.Caller(1)
sc.callerFile = callerFile
sc.callerLine = callerLine
existingPermissions := []*models.DashboardAclInfoDTO{
existingPermissions := []*models.DashboardACLInfoDTO{
toDto(newEditorRolePermission(defaultDashboardID, models.PERMISSION_EDIT)),
toDto(newViewerRolePermission(defaultDashboardID, models.PERMISSION_VIEW)),
}
@ -203,17 +203,17 @@ func (sc *scenarioContext) dashboardPermissionScenario(pt permissionType, permis
_, callerFile, callerLine, _ := runtime.Caller(1)
sc.callerFile = callerFile
sc.callerLine = callerLine
var existingPermissions []*models.DashboardAclInfoDTO
var existingPermissions []*models.DashboardACLInfoDTO
switch pt {
case USER:
existingPermissions = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: dashboardID, UserId: userID, Permission: permission}}
existingPermissions = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: dashboardID, UserId: userID, Permission: permission}}
case TEAM:
existingPermissions = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: dashboardID, TeamId: teamID, Permission: permission}}
existingPermissions = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: dashboardID, TeamId: teamID, Permission: permission}}
case EDITOR:
existingPermissions = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: dashboardID, Role: &editorRole, Permission: permission}}
existingPermissions = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: dashboardID, Role: &editorRole, Permission: permission}}
case VIEWER:
existingPermissions = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: dashboardID, Role: &viewerRole, Permission: permission}}
existingPermissions = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: dashboardID, Role: &viewerRole, Permission: permission}}
}
permissionScenario(fmt.Sprintf("and %s has permission to %s dashboard", pt.String(), permission.String()),
@ -230,20 +230,20 @@ func (sc *scenarioContext) parentFolderPermissionScenario(pt permissionType, per
_, callerFile, callerLine, _ := runtime.Caller(1)
sc.callerFile = callerFile
sc.callerLine = callerLine
var folderPermissionList []*models.DashboardAclInfoDTO
var folderPermissionList []*models.DashboardACLInfoDTO
switch pt {
case USER:
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID,
folderPermissionList = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: parentFolderID,
UserId: userID, Permission: permission, Inherited: true}}
case TEAM:
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, TeamId: teamID,
folderPermissionList = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, TeamId: teamID,
Permission: permission, Inherited: true}}
case EDITOR:
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID,
folderPermissionList = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: parentFolderID,
Role: &editorRole, Permission: permission, Inherited: true}}
case VIEWER:
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID,
folderPermissionList = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: parentFolderID,
Role: &viewerRole, Permission: permission, Inherited: true}}
}
@ -308,7 +308,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() {
tc := "When updating dashboard permissions with duplicate permission for user should not be allowed"
sc.t.Run(tc, func(t *testing.T) {
p := []*models.DashboardAcl{
p := []*models.DashboardACL{
newDefaultUserPermission(dashboardID, models.PERMISSION_VIEW),
newDefaultUserPermission(dashboardID, models.PERMISSION_ADMIN),
}
@ -323,7 +323,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() {
tc = "When updating dashboard permissions with duplicate permission for team should not be allowed"
sc.t.Run(tc, func(t *testing.T) {
p := []*models.DashboardAcl{
p := []*models.DashboardACL{
newDefaultTeamPermission(dashboardID, models.PERMISSION_VIEW),
newDefaultTeamPermission(dashboardID, models.PERMISSION_ADMIN),
}
@ -337,7 +337,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() {
tc = "When updating dashboard permissions with duplicate permission for editor role should not be allowed"
sc.t.Run(tc, func(t *testing.T) {
p := []*models.DashboardAcl{
p := []*models.DashboardACL{
newEditorRolePermission(dashboardID, models.PERMISSION_VIEW),
newEditorRolePermission(dashboardID, models.PERMISSION_ADMIN),
}
@ -352,7 +352,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() {
tc = "When updating dashboard permissions with duplicate permission for viewer role should not be allowed"
sc.t.Run(tc, func(t *testing.T) {
p := []*models.DashboardAcl{
p := []*models.DashboardACL{
newViewerRolePermission(dashboardID, models.PERMISSION_VIEW),
newViewerRolePermission(dashboardID, models.PERMISSION_ADMIN),
}
@ -366,7 +366,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() {
tc = "When updating dashboard permissions with duplicate permission for admin role should not be allowed"
sc.t.Run(tc, func(t *testing.T) {
p := []*models.DashboardAcl{
p := []*models.DashboardACL{
newAdminRolePermission(dashboardID, models.PERMISSION_ADMIN),
}
sc.updatePermissions = p
@ -386,24 +386,24 @@ func (sc *scenarioContext) verifyUpdateDashboardPermissionsShouldBeAllowed(pt pe
for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} {
tc := fmt.Sprintf("When updating dashboard permissions with %s permissions should be allowed", p.String())
sc.t.Run(tc, func(t *testing.T) {
permissionList := []*models.DashboardAcl{}
permissionList := []*models.DashboardACL{}
switch pt {
case USER:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newEditorRolePermission(dashboardID, p),
newViewerRolePermission(dashboardID, p),
newCustomUserPermission(dashboardID, otherUserID, p),
newDefaultTeamPermission(dashboardID, p),
}
case TEAM:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newEditorRolePermission(dashboardID, p),
newViewerRolePermission(dashboardID, p),
newDefaultUserPermission(dashboardID, p),
newCustomTeamPermission(dashboardID, otherTeamID, p),
}
case EDITOR, VIEWER:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newEditorRolePermission(dashboardID, p),
newViewerRolePermission(dashboardID, p),
newDefaultUserPermission(dashboardID, p),
@ -432,18 +432,18 @@ func (sc *scenarioContext) verifyUpdateDashboardPermissionsShouldNotBeAllowed(pt
for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} {
tc := fmt.Sprintf("When updating dashboard permissions with %s permissions should NOT be allowed", p.String())
sc.t.Run(tc, func(t *testing.T) {
permissionList := []*models.DashboardAcl{
permissionList := []*models.DashboardACL{
newEditorRolePermission(dashboardID, p),
newViewerRolePermission(dashboardID, p),
}
switch pt {
case USER:
permissionList = append(permissionList, []*models.DashboardAcl{
permissionList = append(permissionList, []*models.DashboardACL{
newCustomUserPermission(dashboardID, otherUserID, p),
newDefaultTeamPermission(dashboardID, p),
}...)
case TEAM:
permissionList = append(permissionList, []*models.DashboardAcl{
permissionList = append(permissionList, []*models.DashboardACL{
newDefaultUserPermission(dashboardID, p),
newCustomTeamPermission(dashboardID, otherTeamID, p),
}...)
@ -472,24 +472,24 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsShouldBeAllowed(
for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} {
tc := fmt.Sprintf("When updating child dashboard permissions with %s permissions should be allowed", p.String())
sc.t.Run(tc, func(t *testing.T) {
permissionList := []*models.DashboardAcl{}
permissionList := []*models.DashboardACL{}
switch pt {
case USER:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newEditorRolePermission(childDashboardID, p),
newViewerRolePermission(childDashboardID, p),
newCustomUserPermission(childDashboardID, otherUserID, p),
newDefaultTeamPermission(childDashboardID, p),
}
case TEAM:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newEditorRolePermission(childDashboardID, p),
newViewerRolePermission(childDashboardID, p),
newDefaultUserPermission(childDashboardID, p),
newCustomTeamPermission(childDashboardID, otherTeamID, p),
}
case EDITOR:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newViewerRolePermission(childDashboardID, p),
newDefaultUserPermission(childDashboardID, p),
newDefaultTeamPermission(childDashboardID, p),
@ -500,7 +500,7 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsShouldBeAllowed(
permissionList = append(permissionList, newEditorRolePermission(childDashboardID, p))
}
case VIEWER:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newEditorRolePermission(childDashboardID, p),
newDefaultUserPermission(childDashboardID, p),
newDefaultTeamPermission(childDashboardID, p),
@ -533,24 +533,24 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsShouldNotBeAllow
for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} {
tc := fmt.Sprintf("When updating child dashboard permissions with %s permissions should NOT be allowed", p.String())
sc.t.Run(tc, func(t *testing.T) {
permissionList := []*models.DashboardAcl{}
permissionList := []*models.DashboardACL{}
switch pt {
case USER:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newEditorRolePermission(childDashboardID, p),
newViewerRolePermission(childDashboardID, p),
newCustomUserPermission(childDashboardID, otherUserID, p),
newDefaultTeamPermission(childDashboardID, p),
}
case TEAM:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newEditorRolePermission(childDashboardID, p),
newViewerRolePermission(childDashboardID, p),
newDefaultUserPermission(childDashboardID, p),
newCustomTeamPermission(childDashboardID, otherTeamID, p),
}
case EDITOR:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newViewerRolePermission(childDashboardID, p),
newDefaultUserPermission(childDashboardID, p),
newDefaultTeamPermission(childDashboardID, p),
@ -561,7 +561,7 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsShouldNotBeAllow
permissionList = append(permissionList, newEditorRolePermission(childDashboardID, p))
}
case VIEWER:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newEditorRolePermission(childDashboardID, p),
newDefaultUserPermission(childDashboardID, p),
newDefaultTeamPermission(childDashboardID, p),
@ -599,22 +599,22 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsWithOverrideShou
tc := fmt.Sprintf("When updating child dashboard permissions overriding parent %s permission with %s permission should NOT be allowed", pt.String(), p.String())
sc.t.Run(tc, func(t *testing.T) {
permissionList := []*models.DashboardAcl{}
permissionList := []*models.DashboardACL{}
switch pt {
case USER:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newDefaultUserPermission(childDashboardID, p),
}
case TEAM:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newDefaultTeamPermission(childDashboardID, p),
}
case EDITOR:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newEditorRolePermission(childDashboardID, p),
}
case VIEWER:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newViewerRolePermission(childDashboardID, p),
}
}
@ -645,22 +645,22 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsWithOverrideShou
pt.String(), p.String(),
)
sc.t.Run(tc, func(t *testing.T) {
permissionList := []*models.DashboardAcl{}
permissionList := []*models.DashboardACL{}
switch pt {
case USER:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newDefaultUserPermission(childDashboardID, p),
}
case TEAM:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newDefaultTeamPermission(childDashboardID, p),
}
case EDITOR:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newEditorRolePermission(childDashboardID, p),
}
case VIEWER:
permissionList = []*models.DashboardAcl{
permissionList = []*models.DashboardACL{
newViewerRolePermission(childDashboardID, p),
}
}
@ -686,9 +686,9 @@ func TestGuardianGetHiddenACL(t *testing.T) {
t.Run("Get hidden ACL tests", func(t *testing.T) {
store := mockstore.NewSQLStoreMock()
dashSvc := dashboards.NewFakeDashboardService(t)
dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardAclInfoListQuery)
q.Result = []*models.DashboardAclInfoDTO{
dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardACLInfoListQuery)
q.Result = []*models.DashboardACLInfoDTO{
{Inherited: false, UserId: 1, UserLogin: "user1", Permission: models.PERMISSION_EDIT},
{Inherited: false, UserId: 2, UserLogin: "user2", Permission: models.PERMISSION_ADMIN},
{Inherited: true, UserId: 3, UserLogin: "user3", Permission: models.PERMISSION_VIEW},
@ -730,13 +730,13 @@ func TestGuardianGetHiddenACL(t *testing.T) {
})
}
func TestGuardianGetAclWithoutDuplicates(t *testing.T) {
func TestGuardianGetACLWithoutDuplicates(t *testing.T) {
t.Run("Get hidden ACL tests", func(t *testing.T) {
store := mockstore.NewSQLStoreMock()
dashSvc := dashboards.NewFakeDashboardService(t)
dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardAclInfoListQuery)
q.Result = []*models.DashboardAclInfoDTO{
dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardACLInfoListQuery)
q.Result = []*models.DashboardACLInfoDTO{
{Inherited: true, UserId: 3, UserLogin: "user3", Permission: models.PERMISSION_EDIT},
{Inherited: false, UserId: 3, UserLogin: "user3", Permission: models.PERMISSION_VIEW},
{Inherited: false, UserId: 2, UserLogin: "user2", Permission: models.PERMISSION_ADMIN},
@ -760,7 +760,7 @@ func TestGuardianGetAclWithoutDuplicates(t *testing.T) {
require.NoError(t, err)
require.NotNil(t, acl)
require.Len(t, acl, 6)
require.ElementsMatch(t, []*models.DashboardAclInfoDTO{
require.ElementsMatch(t, []*models.DashboardACLInfoDTO{
{Inherited: true, UserId: 3, UserLogin: "user3", Permission: models.PERMISSION_EDIT},
{Inherited: true, UserId: 4, UserLogin: "user4", Permission: models.PERMISSION_ADMIN},
{Inherited: true, UserId: 6, UserLogin: "user6", Permission: models.PERMISSION_VIEW},

38
pkg/services/guardian/guardian_util_test.go
View File

@ -22,9 +22,9 @@ type scenarioContext struct {
g DashboardGuardian
givenUser *models.SignedInUser
givenDashboardID int64
givenPermissions []*models.DashboardAclInfoDTO
givenPermissions []*models.DashboardACLInfoDTO
givenTeams []*models.TeamDTO
updatePermissions []*models.DashboardAcl
updatePermissions []*models.DashboardACL
expectedFlags permissionFlags
callerFile string
callerLine int
@ -76,7 +76,7 @@ func apiKeyScenario(desc string, t *testing.T, role models.RoleType, fn scenario
}
func permissionScenario(desc string, dashboardID int64, sc *scenarioContext,
permissions []*models.DashboardAclInfoDTO, fn scenarioFunc) {
permissions []*models.DashboardACLInfoDTO, fn scenarioFunc) {
sc.t.Run(desc, func(t *testing.T) {
store := mockstore.NewSQLStoreMock()
teams := []*models.TeamDTO{}
@ -89,8 +89,8 @@ func permissionScenario(desc string, dashboardID int64, sc *scenarioContext,
store.ExpectedTeamsByUser = teams
dashSvc := dashboards.NewFakeDashboardService(t)
dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardAclInfoListQuery)
dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) {
q := args.Get(1).(*models.GetDashboardACLInfoListQuery)
q.Result = permissions
}).Return(nil)
@ -225,36 +225,36 @@ func (sc *scenarioContext) reportFailure(desc string, expected interface{}, actu
sc.t.Fatalf(buf.String())
}
func newCustomUserPermission(dashboardID int64, userID int64, permission models.PermissionType) *models.DashboardAcl {
return &models.DashboardAcl{OrgID: orgID, DashboardID: dashboardID, UserID: userID, Permission: permission}
func newCustomUserPermission(dashboardID int64, userID int64, permission models.PermissionType) *models.DashboardACL {
return &models.DashboardACL{OrgID: orgID, DashboardID: dashboardID, UserID: userID, Permission: permission}
}
func newDefaultUserPermission(dashboardID int64, permission models.PermissionType) *models.DashboardAcl {
func newDefaultUserPermission(dashboardID int64, permission models.PermissionType) *models.DashboardACL {
return newCustomUserPermission(dashboardID, userID, permission)
}
func newCustomTeamPermission(dashboardID int64, teamID int64, permission models.PermissionType) *models.DashboardAcl {
return &models.DashboardAcl{OrgID: orgID, DashboardID: dashboardID, TeamID: teamID, Permission: permission}
func newCustomTeamPermission(dashboardID int64, teamID int64, permission models.PermissionType) *models.DashboardACL {
return &models.DashboardACL{OrgID: orgID, DashboardID: dashboardID, TeamID: teamID, Permission: permission}
}
func newDefaultTeamPermission(dashboardID int64, permission models.PermissionType) *models.DashboardAcl {
func newDefaultTeamPermission(dashboardID int64, permission models.PermissionType) *models.DashboardACL {
return newCustomTeamPermission(dashboardID, teamID, permission)
}
func newAdminRolePermission(dashboardID int64, permission models.PermissionType) *models.DashboardAcl {
return &models.DashboardAcl{OrgID: orgID, DashboardID: dashboardID, Role: &adminRole, Permission: permission}
func newAdminRolePermission(dashboardID int64, permission models.PermissionType) *models.DashboardACL {
return &models.DashboardACL{OrgID: orgID, DashboardID: dashboardID, Role: &adminRole, Permission: permission}
}
func newEditorRolePermission(dashboardID int64, permission models.PermissionType) *models.DashboardAcl {
return &models.DashboardAcl{OrgID: orgID, DashboardID: dashboardID, Role: &editorRole, Permission: permission}
func newEditorRolePermission(dashboardID int64, permission models.PermissionType) *models.DashboardACL {
return &models.DashboardACL{OrgID: orgID, DashboardID: dashboardID, Role: &editorRole, Permission: permission}
}
func newViewerRolePermission(dashboardID int64, permission models.PermissionType) *models.DashboardAcl {
return &models.DashboardAcl{OrgID: orgID, DashboardID: dashboardID, Role: &viewerRole, Permission: permission}
func newViewerRolePermission(dashboardID int64, permission models.PermissionType) *models.DashboardACL {
return &models.DashboardACL{OrgID: orgID, DashboardID: dashboardID, Role: &viewerRole, Permission: permission}
}
func toDto(acl *models.DashboardAcl) *models.DashboardAclInfoDTO {
return &models.DashboardAclInfoDTO{
func toDto(acl *models.DashboardACL) *models.DashboardACLInfoDTO {
return &models.DashboardACLInfoDTO{
OrgId: acl.OrgID,
DashboardId: acl.DashboardID,
UserId: acl.UserID,

4
pkg/services/libraryelements/libraryelements_test.go
View File

@ -256,11 +256,11 @@ func updateFolderACL(t *testing.T, dashboardStore *database.DashboardStore, fold
return
}
var aclItems []*models.DashboardAcl
var aclItems []*models.DashboardACL
for _, item := range items {
role := item.roleType
permission := item.permission
aclItems = append(aclItems, &models.DashboardAcl{
aclItems = append(aclItems, &models.DashboardACL{
DashboardID: folderID,
Role: &role,
Permission: permission,

4
pkg/services/librarypanels/librarypanels_test.go
View File

@ -1419,11 +1419,11 @@ func updateFolderACL(t *testing.T, dashboardStore *database.DashboardStore, fold
return
}
var aclItems []*models.DashboardAcl
var aclItems []*models.DashboardACL
for _, item := range items {
role := item.roleType
permission := item.permission
aclItems = append(aclItems, &models.DashboardAcl{
aclItems = append(aclItems, &models.DashboardACL{
DashboardID: folderID,
Role: &role,
Permission: permission,

2
pkg/services/ngalert/api/api_ruler_validation_test.go
View File

@ -94,7 +94,7 @@ func randFolder() *models2.Folder {
Updated: time.Time{},
UpdatedBy: 0,
CreatedBy: 0,
HasAcl: false,
HasACL: false,
}
}

2
pkg/services/ngalert/api/tooling/Makefile
View File

@ -52,7 +52,7 @@ copy-files:
fix:
sed $(SED_INPLACE) -e 's/apimodels\.\[\]PostableAlert/apimodels.PostableAlerts/' $(GENERATED_GO_MATCHERS)
sed $(SED_INPLACE) -e 's/apimodels\.\[\]UpdateDashboardAclCommand/apimodels.Permissions/' $(GENERATED_GO_MATCHERS)
sed $(SED_INPLACE) -e 's/apimodels\.\[\]UpdateDashboardACLCommand/apimodels.Permissions/' $(GENERATED_GO_MATCHERS)
sed $(SED_INPLACE) -e 's/apimodels\.\[\]PostableApiReceiver/apimodels.TestReceiversConfigParams/' $(GENERATED_GO_MATCHERS)
goimports -w -v $(GENERATED_GO_MATCHERS)

8
pkg/services/sqlstore/migrations/accesscontrol/dashboard_permissions.go
View File

@ -80,12 +80,12 @@ func (m dashboardPermissionsMigrator) Exec(sess *xorm.Session, migrator *migrato
return err
}
var acl []models.DashboardAcl
var acl []models.DashboardACL
if err := m.sess.Find(&acl); err != nil {
return err
}
aclMap := make(map[int64][]models.DashboardAcl, len(acl))
aclMap := make(map[int64][]models.DashboardACL, len(acl))
for _, p := range acl {
aclMap[p.DashboardID] = append(aclMap[p.DashboardID], p)
}
@ -97,7 +97,7 @@ func (m dashboardPermissionsMigrator) Exec(sess *xorm.Session, migrator *migrato
return nil
}
func (m dashboardPermissionsMigrator) migratePermissions(dashboards []dashboard, aclMap map[int64][]models.DashboardAcl) error {
func (m dashboardPermissionsMigrator) migratePermissions(dashboards []dashboard, aclMap map[int64][]models.DashboardACL) error {
permissionMap := map[int64]map[string][]*ac.Permission{}
for _, d := range dashboards {
if d.ID == -1 {
@ -210,7 +210,7 @@ func (m dashboardPermissionsMigrator) mapPermission(id int64, p models.Permissio
return permissions
}
func getRoleName(p models.DashboardAcl) string {
func getRoleName(p models.DashboardACL) string {
if p.UserID != 0 {
return fmt.Sprintf("managed:users:%d:permissions", p.UserID)
}

20
pkg/services/sqlstore/migrations/dashboard_acl.go
View File

@ -2,8 +2,8 @@ package migrations
import . "github.com/grafana/grafana/pkg/services/sqlstore/migrator"
func addDashboardAclMigrations(mg *Migrator) {
dashboardAclV1 := Table{
func addDashboardACLMigrations(mg *Migrator) {
dashboardACLV1 := Table{
Name: "dashboard_acl",
Columns: []*Column{
{Name: "id", Type: DB_BigInt, IsPrimaryKey: true, IsAutoIncrement: true},
@ -27,16 +27,16 @@ func addDashboardAclMigrations(mg *Migrator) {
},
}
mg.AddMigration("create dashboard acl table", NewAddTableMigration(dashboardAclV1))
mg.AddMigration("create dashboard acl table", NewAddTableMigration(dashboardACLV1))
//------- indexes ------------------
mg.AddMigration("add index dashboard_acl_dashboard_id", NewAddIndexMigration(dashboardAclV1, dashboardAclV1.Indices[0]))
mg.AddMigration("add unique index dashboard_acl_dashboard_id_user_id", NewAddIndexMigration(dashboardAclV1, dashboardAclV1.Indices[1]))
mg.AddMigration("add unique index dashboard_acl_dashboard_id_team_id", NewAddIndexMigration(dashboardAclV1, dashboardAclV1.Indices[2]))
mg.AddMigration("add index dashboard_acl_user_id", NewAddIndexMigration(dashboardAclV1, dashboardAclV1.Indices[3]))
mg.AddMigration("add index dashboard_acl_team_id", NewAddIndexMigration(dashboardAclV1, dashboardAclV1.Indices[4]))
mg.AddMigration("add index dashboard_acl_org_id_role", NewAddIndexMigration(dashboardAclV1, dashboardAclV1.Indices[5]))
mg.AddMigration("add index dashboard_permission", NewAddIndexMigration(dashboardAclV1, dashboardAclV1.Indices[6]))
mg.AddMigration("add index dashboard_acl_dashboard_id", NewAddIndexMigration(dashboardACLV1, dashboardACLV1.Indices[0]))
mg.AddMigration("add unique index dashboard_acl_dashboard_id_user_id", NewAddIndexMigration(dashboardACLV1, dashboardACLV1.Indices[1]))
mg.AddMigration("add unique index dashboard_acl_dashboard_id_team_id", NewAddIndexMigration(dashboardACLV1, dashboardACLV1.Indices[2]))
mg.AddMigration("add index dashboard_acl_user_id", NewAddIndexMigration(dashboardACLV1, dashboardACLV1.Indices[3]))
mg.AddMigration("add index dashboard_acl_team_id", NewAddIndexMigration(dashboardACLV1, dashboardACLV1.Indices[4]))
mg.AddMigration("add index dashboard_acl_org_id_role", NewAddIndexMigration(dashboardACLV1, dashboardACLV1.Indices[5]))
mg.AddMigration("add index dashboard_permission", NewAddIndexMigration(dashboardACLV1, dashboardACLV1.Indices[6]))
const rawSQL = `
INSERT INTO dashboard_acl

2
pkg/services/sqlstore/migrations/migrations.go
View File

@ -42,7 +42,7 @@ func (*OSSMigrations) AddMigration(mg *Migrator) {
addTestDataMigrations(mg)
addDashboardVersionMigration(mg)
addTeamMigrations(mg)
addDashboardAclMigrations(mg) // Do NOT add more migrations to this function.
addDashboardACLMigrations(mg) // Do NOT add more migrations to this function.
addTagMigration(mg)
addLoginAttemptMigrations(mg)
addUserAuthMigrations(mg)

2
pkg/services/sqlstore/migrations/ualert/dashboard.go
View File

@ -26,7 +26,7 @@ type dashboard struct {
CreatedBy int64
FolderId int64
IsFolder bool
HasAcl bool
HasACL bool `xorm:"has_acl"`
Title string
Data *simplejson.Json

20
pkg/services/sqlstore/migrations/ualert/permissions.go
View File

@ -30,7 +30,7 @@ func (r roleType) IsValid() bool {
type permissionType int
type dashboardAcl struct {
type dashboardACL struct {
// nolint:stylecheck
Id int64
OrgID int64 `xorm:"org_id"`
@ -157,17 +157,17 @@ func (m *folderHelper) generateNewDashboardUid(orgId int64) (string, error) {
// based on SQLStore.UpdateDashboardACL()
// it should be called from inside a transaction
func (m *folderHelper) setACL(orgID int64, dashboardID int64, items []*dashboardAcl) error {
func (m *folderHelper) setACL(orgID int64, dashboardID int64, items []*dashboardACL) error {
if dashboardID <= 0 {
return fmt.Errorf("folder id must be greater than zero for a folder permission")
}
// userPermissionsMap is a map keeping the highest permission per user
// for handling conficting inherited (folder) and non-inherited (dashboard) user permissions
userPermissionsMap := make(map[int64]*dashboardAcl, len(items))
userPermissionsMap := make(map[int64]*dashboardACL, len(items))
// teamPermissionsMap is a map keeping the highest permission per team
// for handling conficting inherited (folder) and non-inherited (dashboard) team permissions
teamPermissionsMap := make(map[int64]*dashboardAcl, len(items))
teamPermissionsMap := make(map[int64]*dashboardACL, len(items))
for _, item := range items {
if item.UserID != 0 {
acl, ok := userPermissionsMap[item.UserID]
@ -204,7 +204,7 @@ func (m *folderHelper) setACL(orgID int64, dashboardID int64, items []*dashboard
seen := make(map[keyType]struct{}, len(items))
for _, item := range items {
if item.UserID == 0 && item.TeamID == 0 && (item.Role == nil || !item.Role.IsValid()) {
return models.ErrDashboardAclInfoMissing
return models.ErrDashboardACLInfoMissing
}
// ignore duplicate user permissions
@ -249,19 +249,19 @@ func (m *folderHelper) setACL(orgID int64, dashboardID int64, items []*dashboard
seen[key] = struct{}{}
}
// Update dashboard HasAcl flag
dashboard := models.Dashboard{HasAcl: true}
// Update dashboard HasACL flag
dashboard := models.Dashboard{HasACL: true}
_, err := m.sess.Cols("has_acl").Where("id=?", dashboardID).Update(&dashboard)
return err
}
// based on SQLStore.GetDashboardAclInfoList()
func (m *folderHelper) getACL(orgID, dashboardID int64) ([]*dashboardAcl, error) {
// based on SQLStore.GetDashboardACLInfoList()
func (m *folderHelper) getACL(orgID, dashboardID int64) ([]*dashboardACL, error) {
var err error
falseStr := m.mg.Dialect.BooleanStr(false)
result := make([]*dashboardAcl, 0)
result := make([]*dashboardACL, 0)
rawSQL := `
-- get distinct permissions for the dashboard and its parent folder
SELECT DISTINCT

2
pkg/services/sqlstore/migrations/ualert/ualert.go
View File

@ -292,7 +292,7 @@ func (m *migration) Exec(sess *xorm.Session, mg *migrator.Migrator) error {
var folder *dashboard
switch {
case dash.HasAcl:
case dash.HasACL:
folderName := getAlertFolderNameFromDashboard(&dash)
f, ok := folderCache[folderName]
if !ok {

6
pkg/services/sqlstore/mockstore/mockstore.go
View File

@ -24,7 +24,7 @@ type SQLStoreMock struct {
ExpectedAlert *models.Alert
ExpectedPluginSetting *models.PluginSetting
ExpectedDashboards []*models.Dashboard
ExpectedDashboardAclInfoList []*models.DashboardAclInfoDTO
ExpectedDashboardACLInfoList []*models.DashboardACLInfoDTO
ExpectedUserOrgList []*models.UserOrgDTO
ExpectedOrgListResponse OrgListResponse
ExpectedTeamsByUser []*models.TeamDTO
@ -327,8 +327,8 @@ func (m *SQLStoreMock) InTransaction(ctx context.Context, fn func(ctx context.Co
return m.ExpectedError
}
func (m SQLStoreMock) GetDashboardAclInfoList(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error {
query.Result = m.ExpectedDashboardAclInfoList
func (m SQLStoreMock) GetDashboardACLInfoList(ctx context.Context, query *models.GetDashboardACLInfoListQuery) error {
query.Result = m.ExpectedDashboardACLInfoList
return m.ExpectedError
}

26
pkg/services/sqlstore/org_test.go
View File

@ -374,12 +374,12 @@ func TestIntegrationAccountDataAccess(t *testing.T) {
dash1 := insertTestDashboard(t, sqlStore, "1 test dash", ac1.OrgID, 0, false, "prod", "webapp")
dash2 := insertTestDashboard(t, sqlStore, "2 test dash", ac3.OrgID, 0, false, "prod", "webapp")
err = updateDashboardAcl(t, sqlStore, dash1.Id, &models.DashboardAcl{
err = updateDashboardACL(t, sqlStore, dash1.Id, &models.DashboardACL{
DashboardID: dash1.Id, OrgID: ac1.OrgID, UserID: ac3.ID, Permission: models.PERMISSION_EDIT,
})
require.NoError(t, err)
err = updateDashboardAcl(t, sqlStore, dash2.Id, &models.DashboardAcl{
err = updateDashboardACL(t, sqlStore, dash2.Id, &models.DashboardACL{
DashboardID: dash2.Id, OrgID: ac3.OrgID, UserID: ac3.ID, Permission: models.PERMISSION_EDIT,
})
require.NoError(t, err)
@ -390,18 +390,18 @@ func TestIntegrationAccountDataAccess(t *testing.T) {
require.NoError(t, err)
t.Run("Should remove dependent permissions for deleted org user", func(t *testing.T) {
permQuery := &models.GetDashboardAclInfoListQuery{DashboardID: dash1.Id, OrgID: ac1.OrgID}
permQuery := &models.GetDashboardACLInfoListQuery{DashboardID: dash1.Id, OrgID: ac1.OrgID}
err = getDashboardAclInfoList(sqlStore, permQuery)
err = getDashboardACLInfoList(sqlStore, permQuery)
require.NoError(t, err)
require.Equal(t, len(permQuery.Result), 0)
})
t.Run("Should not remove dashboard permissions for same user in another org", func(t *testing.T) {
permQuery := &models.GetDashboardAclInfoListQuery{DashboardID: dash2.Id, OrgID: ac3.OrgID}
permQuery := &models.GetDashboardACLInfoListQuery{DashboardID: dash2.Id, OrgID: ac3.OrgID}
err = getDashboardAclInfoList(sqlStore, permQuery)
err = getDashboardACLInfoList(sqlStore, permQuery)
require.NoError(t, err)
require.Equal(t, len(permQuery.Result), 1)
@ -473,7 +473,7 @@ func insertTestDashboard(t *testing.T, sqlStore *SQLStore, title string, orgId i
}
//TODO: Use FakeDashboardStore when org has its own service
func updateDashboardAcl(t *testing.T, sqlStore *SQLStore, dashboardID int64, items ...*models.DashboardAcl) error {
func updateDashboardACL(t *testing.T, sqlStore *SQLStore, dashboardID int64, items ...*models.DashboardACL) error {
t.Helper()
err := sqlStore.WithDbSession(context.Background(), func(sess *DBSession) error {
@ -486,7 +486,7 @@ func updateDashboardAcl(t *testing.T, sqlStore *SQLStore, dashboardID int64, ite
item.Created = time.Now()
item.Updated = time.Now()
if item.UserID == 0 && item.TeamID == 0 && (item.Role == nil || !item.Role.IsValid()) {
return models.ErrDashboardAclInfoMissing
return models.ErrDashboardACLInfoMissing
}
if item.DashboardID == 0 {
@ -499,8 +499,8 @@ func updateDashboardAcl(t *testing.T, sqlStore *SQLStore, dashboardID int64, ite
}
}
// Update dashboard HasAcl flag
dashboard := models.Dashboard{HasAcl: true}
// Update dashboard HasACL flag
dashboard := models.Dashboard{HasACL: true}
_, err = sess.Cols("has_acl").Where("id=?", dashboardID).Update(&dashboard)
return err
})
@ -509,10 +509,10 @@ func updateDashboardAcl(t *testing.T, sqlStore *SQLStore, dashboardID int64, ite
// This function was copied from pkg/services/dashboards/database to circumvent
// import cycles. When this org-related code is refactored into a service the
// tests can the real GetDashboardAclInfoList functions
func getDashboardAclInfoList(s *SQLStore, query *models.GetDashboardAclInfoListQuery) error {
// tests can the real GetDashboardACLInfoList functions
func getDashboardACLInfoList(s *SQLStore, query *models.GetDashboardACLInfoListQuery) error {
outerErr := s.WithDbSession(context.Background(), func(dbSession *DBSession) error {
query.Result = make([]*models.DashboardAclInfoDTO, 0)
query.Result = make([]*models.DashboardACLInfoDTO, 0)
falseStr := dialect.BooleanStr(false)
if query.DashboardID == 0 {

4
pkg/services/sqlstore/sqlbuilder_test.go
View File

@ -255,7 +255,7 @@ func createDummyDashboard(t *testing.T, sqlStore *SQLStore, dashboardProps Dashb
func createDummyACL(t *testing.T, sqlStore *SQLStore, dashboardPermission *DashboardPermission, search Search, dashboardID int64) int64 {
t.Helper()
acl := &models.DashboardAcl{
acl := &models.DashboardACL{
OrgID: 1,
Created: time.Now(),
Updated: time.Now(),
@ -288,7 +288,7 @@ func createDummyACL(t *testing.T, sqlStore *SQLStore, dashboardPermission *Dashb
acl.Role = &dashboardPermission.Role
}
err := updateDashboardAcl(t, sqlStore, dashboardID, acl)
err := updateDashboardACL(t, sqlStore, dashboardID, acl)
require.NoError(t, err)
if user != nil {
return user.ID

6
pkg/services/sqlstore/team_test.go
View File

@ -291,7 +291,7 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
require.NoError(t, err)
err = sqlStore.AddTeamMember(userIds[2], testOrgID, groupId, false, 0)
require.NoError(t, err)
err = updateDashboardAcl(t, sqlStore, 1, &models.DashboardAcl{
err = updateDashboardACL(t, sqlStore, 1, &models.DashboardACL{
DashboardID: 1, OrgID: testOrgID, Permission: models.PERMISSION_EDIT, TeamID: groupId,
})
require.NoError(t, err)
@ -302,8 +302,8 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
err = sqlStore.GetTeamById(context.Background(), query)
require.Equal(t, err, models.ErrTeamNotFound)
permQuery := &models.GetDashboardAclInfoListQuery{DashboardID: 1, OrgID: testOrgID}
err = getDashboardAclInfoList(sqlStore, permQuery)
permQuery := &models.GetDashboardACLInfoListQuery{DashboardID: 1, OrgID: testOrgID}
err = getDashboardACLInfoList(sqlStore, permQuery)
require.NoError(t, err)
require.Equal(t, len(permQuery.Result), 0)

12
pkg/services/sqlstore/user_test.go
View File

@ -357,7 +357,7 @@ func TestIntegrationUserDataAccess(t *testing.T) {
})
require.Nil(t, err)
err = updateDashboardAcl(t, ss, 1, &models.DashboardAcl{
err = updateDashboardACL(t, ss, 1, &models.DashboardACL{
DashboardID: 1, OrgID: users[0].OrgID, UserID: users[1].ID,
Permission: models.PERMISSION_EDIT,
})
@ -373,8 +373,8 @@ func TestIntegrationUserDataAccess(t *testing.T) {
require.Len(t, query1.Result, 1)
permQuery := &models.GetDashboardAclInfoListQuery{DashboardID: 1, OrgID: users[0].OrgID}
err = getDashboardAclInfoList(ss, permQuery)
permQuery := &models.GetDashboardACLInfoListQuery{DashboardID: 1, OrgID: users[0].OrgID}
err = getDashboardACLInfoList(ss, permQuery)
require.Nil(t, err)
require.Len(t, permQuery.Result, 0)
@ -396,7 +396,7 @@ func TestIntegrationUserDataAccess(t *testing.T) {
})
require.Nil(t, err)
err = updateDashboardAcl(t, ss, 1, &models.DashboardAcl{
err = updateDashboardACL(t, ss, 1, &models.DashboardACL{
DashboardID: 1, OrgID: users[0].OrgID, UserID: users[1].ID,
Permission: models.PERMISSION_EDIT,
})
@ -447,8 +447,8 @@ func TestIntegrationUserDataAccess(t *testing.T) {
require.Len(t, query2.Result, 1)
permQuery = &models.GetDashboardAclInfoListQuery{DashboardID: 1, OrgID: users[0].OrgID}
err = getDashboardAclInfoList(ss, permQuery)
permQuery = &models.GetDashboardACLInfoListQuery{DashboardID: 1, OrgID: users[0].OrgID}
err = getDashboardACLInfoList(ss, permQuery)
require.Nil(t, err)
require.Len(t, permQuery.Result, 0)