From f5cace8bbdfb2a57bc291727a6329196e5d70b9d Mon Sep 17 00:00:00 2001 From: idafurjes <36131195+idafurjes@users.noreply.github.com> Date: Mon, 18 Jul 2022 15:14:58 +0200 Subject: [PATCH] Rename Acl to ACL (#52342) * Rename Acl to ACL * Fix yaml files * Add xorm tags and fix test --- pkg/api/alerting_test.go | 10 +- pkg/api/annotations_test.go | 6 +- pkg/api/dashboard.go | 2 +- pkg/api/dashboard_permission.go | 20 ++-- pkg/api/dashboard_permission_test.go | 48 ++++----- pkg/api/dashboard_snapshot_test.go | 8 +- pkg/api/dashboard_test.go | 58 +++++----- .../docs/definitions/dashboard_permissions.go | 6 +- pkg/api/docs/definitions/folder.go | 2 +- pkg/api/dtos/acl.go | 6 +- pkg/api/dtos/dashboard.go | 2 +- pkg/api/dtos/folder.go | 2 +- pkg/api/folder.go | 2 +- pkg/api/folder_permission.go | 22 ++-- pkg/api/folder_permission_test.go | 46 ++++---- pkg/api/folder_test.go | 6 +- pkg/api/org_users_test.go | 2 +- pkg/models/dashboard_acl.go | 22 ++-- pkg/models/dashboards.go | 2 +- pkg/models/folders.go | 4 +- pkg/services/dashboards/dashboard.go | 8 +- .../dashboards/dashboard_service_mock.go | 10 +- pkg/services/dashboards/database/acl.go | 6 +- pkg/services/dashboards/database/acl_test.go | 64 +++++------ pkg/services/dashboards/database/database.go | 8 +- .../database/database_folder_test.go | 22 ++-- .../dashboards/database/database_test.go | 6 +- .../dashboards/service/dashboard_service.go | 12 +-- pkg/services/dashboards/store_mock.go | 10 +- .../guardian/accesscontrol_guardian.go | 22 ++-- pkg/services/guardian/guardian.go | 88 +++++++-------- pkg/services/guardian/guardian_test.go | 102 +++++++++--------- pkg/services/guardian/guardian_util_test.go | 38 +++---- .../libraryelements/libraryelements_test.go | 4 +- .../librarypanels/librarypanels_test.go | 4 +- .../ngalert/api/api_ruler_validation_test.go | 2 +- pkg/services/ngalert/api/tooling/Makefile | 2 +- .../accesscontrol/dashboard_permissions.go | 8 +- .../sqlstore/migrations/dashboard_acl.go | 20 ++-- .../sqlstore/migrations/migrations.go | 2 +- .../sqlstore/migrations/ualert/dashboard.go | 2 +- .../sqlstore/migrations/ualert/permissions.go | 20 ++-- .../sqlstore/migrations/ualert/ualert.go | 2 +- pkg/services/sqlstore/mockstore/mockstore.go | 6 +- pkg/services/sqlstore/org_test.go | 26 ++--- pkg/services/sqlstore/sqlbuilder_test.go | 4 +- pkg/services/sqlstore/team_test.go | 6 +- pkg/services/sqlstore/user_test.go | 12 +-- 48 files changed, 397 insertions(+), 395 deletions(-) diff --git a/pkg/api/alerting_test.go b/pkg/api/alerting_test.go index 70df8539ca6..da3b80aaba1 100644 --- a/pkg/api/alerting_test.go +++ b/pkg/api/alerting_test.go @@ -26,7 +26,7 @@ var ( ) type setUpConf struct { - aclMockResp []*models.DashboardAclInfoDTO + aclMockResp []*models.DashboardACLInfoDTO } type mockSearchService struct{ ExpectedResult models.HitList } @@ -43,7 +43,7 @@ func setUp(confs ...setUpConf) *HTTPServer { hs := &HTTPServer{SQLStore: store, SearchService: &mockSearchService{}} store.ExpectedAlert = singleAlert - aclMockResp := []*models.DashboardAclInfoDTO{} + aclMockResp := []*models.DashboardACLInfoDTO{} for _, c := range confs { if c.aclMockResp != nil { aclMockResp = c.aclMockResp @@ -51,8 +51,8 @@ func setUp(confs ...setUpConf) *HTTPServer { } store.ExpectedTeamsByUser = []*models.TeamDTO{} dashSvc := &dashboards.FakeDashboardService{} - dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) { - q := args.Get(1).(*models.GetDashboardAclInfoListQuery) + dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) { + q := args.Get(1).(*models.GetDashboardACLInfoListQuery) q.Result = aclMockResp }).Return(nil) guardian.InitLegacyGuardian(store, dashSvc) @@ -84,7 +84,7 @@ func TestAlertingAPIEndpoint(t *testing.T) { postAlertScenario(t, hs, "When calling POST on", "/api/alerts/1/pause", "/api/alerts/:alertId/pause", models.ROLE_EDITOR, cmd, func(sc *scenarioContext) { setUp(setUpConf{ - aclMockResp: []*models.DashboardAclInfoDTO{ + aclMockResp: []*models.DashboardACLInfoDTO{ {Role: &viewerRole, Permission: models.PERMISSION_VIEW}, {Role: &editorRole, Permission: models.PERMISSION_EDIT}, }, diff --git a/pkg/api/annotations_test.go b/pkg/api/annotations_test.go index c2bbd3baaeb..eb85b7b7843 100644 --- a/pkg/api/annotations_test.go +++ b/pkg/api/annotations_test.go @@ -1003,9 +1003,9 @@ func setUpACL() { store := mockstore.NewSQLStoreMock() store.ExpectedTeamsByUser = []*models.TeamDTO{} dashSvc := &dashboards.FakeDashboardService{} - dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) { - q := args.Get(1).(*models.GetDashboardAclInfoListQuery) - q.Result = []*models.DashboardAclInfoDTO{ + dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) { + q := args.Get(1).(*models.GetDashboardACLInfoListQuery) + q.Result = []*models.DashboardACLInfoDTO{ {Role: &viewerRole, Permission: models.PERMISSION_VIEW}, {Role: &editorRole, Permission: models.PERMISSION_EDIT}, } diff --git a/pkg/api/dashboard.go b/pkg/api/dashboard.go index 2fc04caa488..3f4c5c78f68 100644 --- a/pkg/api/dashboard.go +++ b/pkg/api/dashboard.go @@ -133,7 +133,7 @@ func (hs *HTTPServer) GetDashboard(c *models.ReqContext) response.Response { UpdatedBy: updater, CreatedBy: creator, Version: dash.Version, - HasAcl: dash.HasAcl, + HasACL: dash.HasACL, IsFolder: dash.IsFolder, FolderId: dash.FolderId, Url: dash.GetUrl(), diff --git a/pkg/api/dashboard_permission.go b/pkg/api/dashboard_permission.go index 6bbec530a18..ea0bd168700 100644 --- a/pkg/api/dashboard_permission.go +++ b/pkg/api/dashboard_permission.go @@ -46,7 +46,7 @@ func (hs *HTTPServer) GetDashboardPermissionList(c *models.ReqContext) response. return response.Error(500, "Failed to get dashboard permissions", err) } - filteredAcls := make([]*models.DashboardAclInfoDTO, 0, len(acl)) + filteredACLs := make([]*models.DashboardACLInfoDTO, 0, len(acl)) for _, perm := range acl { if perm.UserId > 0 && dtos.IsHiddenUser(perm.UserLogin, c.SignedInUser, hs.Cfg) { continue @@ -61,16 +61,16 @@ func (hs *HTTPServer) GetDashboardPermissionList(c *models.ReqContext) response. perm.Url = models.GetDashboardFolderUrl(perm.IsFolder, perm.Uid, perm.Slug) } - filteredAcls = append(filteredAcls, perm) + filteredACLs = append(filteredACLs, perm) } - return response.JSON(http.StatusOK, filteredAcls) + return response.JSON(http.StatusOK, filteredACLs) } func (hs *HTTPServer) UpdateDashboardPermissions(c *models.ReqContext) response.Response { var dashID int64 var err error - apiCmd := dtos.UpdateDashboardAclCommand{} + apiCmd := dtos.UpdateDashboardACLCommand{} if err := web.Bind(c.Req, &apiCmd); err != nil { return response.Error(http.StatusBadRequest, "bad request data", err) } @@ -100,9 +100,9 @@ func (hs *HTTPServer) UpdateDashboardPermissions(c *models.ReqContext) response. return dashboardGuardianResponse(err) } - var items []*models.DashboardAcl + var items []*models.DashboardACL for _, item := range apiCmd.Items { - items = append(items, &models.DashboardAcl{ + items = append(items, &models.DashboardACL{ OrgID: c.OrgId, DashboardID: dashID, UserID: item.UserID, @@ -133,7 +133,7 @@ func (hs *HTTPServer) UpdateDashboardPermissions(c *models.ReqContext) response. } if !hs.AccessControl.IsDisabled() { - old, err := g.GetAcl() + old, err := g.GetACL() if err != nil { return response.Error(500, "Error while checking dashboard permissions", err) } @@ -144,7 +144,7 @@ func (hs *HTTPServer) UpdateDashboardPermissions(c *models.ReqContext) response. } if err := hs.DashboardService.UpdateDashboardACL(c.Req.Context(), dashID, items); err != nil { - if errors.Is(err, models.ErrDashboardAclInfoMissing) || + if errors.Is(err, models.ErrDashboardACLInfoMissing) || errors.Is(err, models.ErrDashboardPermissionDashboardEmpty) { return response.Error(409, err.Error(), err) } @@ -155,7 +155,7 @@ func (hs *HTTPServer) UpdateDashboardPermissions(c *models.ReqContext) response. } // updateDashboardAccessControl is used for api backward compatibility -func (hs *HTTPServer) updateDashboardAccessControl(ctx context.Context, orgID int64, uid string, isFolder bool, items []*models.DashboardAcl, old []*models.DashboardAclInfoDTO) error { +func (hs *HTTPServer) updateDashboardAccessControl(ctx context.Context, orgID int64, uid string, isFolder bool, items []*models.DashboardACL, old []*models.DashboardACLInfoDTO) error { commands := []accesscontrol.SetResourcePermissionCommand{} for _, item := range items { permissions := item.Permission.String() @@ -216,7 +216,7 @@ func (hs *HTTPServer) updateDashboardAccessControl(ctx context.Context, orgID in return nil } -func validatePermissionsUpdate(apiCmd dtos.UpdateDashboardAclCommand) error { +func validatePermissionsUpdate(apiCmd dtos.UpdateDashboardACLCommand) error { for _, item := range apiCmd.Items { if item.UserID > 0 && item.TeamID > 0 { return models.ErrPermissionsWithUserAndTeamNotAllowed diff --git a/pkg/api/dashboard_permission_test.go b/pkg/api/dashboard_permission_test.go index 0b15fee9012..96ae39ed472 100644 --- a/pkg/api/dashboard_permission_test.go +++ b/pkg/api/dashboard_permission_test.go @@ -58,8 +58,8 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) { assert.Equal(t, 403, sc.resp.Code) }, mockSQLStore) - cmd := dtos.UpdateDashboardAclCommand{ - Items: []dtos.DashboardAclUpdateItem{ + cmd := dtos.UpdateDashboardACLCommand{ + Items: []dtos.DashboardACLUpdateItem{ {UserID: 1000, Permission: models.PERMISSION_ADMIN}, }, } @@ -86,7 +86,7 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) { guardian.MockDashboardGuardian(&guardian.FakeDashboardGuardian{ CanAdminValue: true, CheckPermissionBeforeUpdateValue: true, - GetAclValue: []*models.DashboardAclInfoDTO{ + GetACLValue: []*models.DashboardACLInfoDTO{ {OrgId: 1, DashboardId: 1, UserId: 2, Permission: models.PERMISSION_VIEW}, {OrgId: 1, DashboardId: 1, UserId: 3, Permission: models.PERMISSION_EDIT}, {OrgId: 1, DashboardId: 1, UserId: 4, Permission: models.PERMISSION_ADMIN}, @@ -100,7 +100,7 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) { callGetDashboardPermissions(sc, hs) assert.Equal(t, 200, sc.resp.Code) - var resp []*models.DashboardAclInfoDTO + var resp []*models.DashboardACLInfoDTO err := json.Unmarshal(sc.resp.Body.Bytes(), &resp) require.NoError(t, err) @@ -109,8 +109,8 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) { assert.Equal(t, models.PERMISSION_VIEW, resp[0].Permission) }, mockSQLStore) - cmd := dtos.UpdateDashboardAclCommand{ - Items: []dtos.DashboardAclUpdateItem{ + cmd := dtos.UpdateDashboardACLCommand{ + Items: []dtos.DashboardACLUpdateItem{ {UserID: 1000, Permission: models.PERMISSION_ADMIN}, }, } @@ -138,8 +138,8 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) { CheckPermissionBeforeUpdateValue: true, }) - cmd := dtos.UpdateDashboardAclCommand{ - Items: []dtos.DashboardAclUpdateItem{ + cmd := dtos.UpdateDashboardACLCommand{ + Items: []dtos.DashboardACLUpdateItem{ {UserID: 1000, TeamID: 1, Permission: models.PERMISSION_ADMIN}, }, } @@ -170,8 +170,8 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) { CheckPermissionBeforeUpdateError: guardian.ErrGuardianPermissionExists, }) - cmd := dtos.UpdateDashboardAclCommand{ - Items: []dtos.DashboardAclUpdateItem{ + cmd := dtos.UpdateDashboardACLCommand{ + Items: []dtos.DashboardACLUpdateItem{ {UserID: 1000, Permission: models.PERMISSION_ADMIN}, }, } @@ -190,14 +190,14 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) { t.Run("When trying to update team or user permissions with a role", func(t *testing.T) { role := models.ROLE_EDITOR - cmds := []dtos.UpdateDashboardAclCommand{ + cmds := []dtos.UpdateDashboardACLCommand{ { - Items: []dtos.DashboardAclUpdateItem{ + Items: []dtos.DashboardACLUpdateItem{ {UserID: 1000, Permission: models.PERMISSION_ADMIN, Role: &role}, }, }, { - Items: []dtos.DashboardAclUpdateItem{ + Items: []dtos.DashboardACLUpdateItem{ {TeamID: 1000, Permission: models.PERMISSION_ADMIN, Role: &role}, }, }, @@ -232,8 +232,8 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) { CheckPermissionBeforeUpdateError: guardian.ErrGuardianOverride}, ) - cmd := dtos.UpdateDashboardAclCommand{ - Items: []dtos.DashboardAclUpdateItem{ + cmd := dtos.UpdateDashboardACLCommand{ + Items: []dtos.DashboardACLUpdateItem{ {UserID: 1000, Permission: models.PERMISSION_ADMIN}, }, } @@ -262,19 +262,19 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) { }) mockSQLStore := mockstore.NewSQLStoreMock() - var resp []*models.DashboardAclInfoDTO + var resp []*models.DashboardACLInfoDTO loggedInUserScenarioWithRole(t, "When calling GET on", "GET", "/api/dashboards/id/1/permissions", "/api/dashboards/id/:dashboardId/permissions", models.ROLE_ADMIN, func(sc *scenarioContext) { setUp() guardian.MockDashboardGuardian(&guardian.FakeDashboardGuardian{ CanAdminValue: true, CheckPermissionBeforeUpdateValue: true, - GetAclValue: []*models.DashboardAclInfoDTO{ + GetACLValue: []*models.DashboardACLInfoDTO{ {OrgId: 1, DashboardId: 1, UserId: 2, UserLogin: "hiddenUser", Permission: models.PERMISSION_VIEW}, {OrgId: 1, DashboardId: 1, UserId: 3, UserLogin: testUserLogin, Permission: models.PERMISSION_EDIT}, {OrgId: 1, DashboardId: 1, UserId: 4, UserLogin: "user_1", Permission: models.PERMISSION_ADMIN}, }, - GetHiddenAclValue: []*models.DashboardAcl{ + GetHiddenACLValue: []*models.DashboardACL{ {OrgID: 1, DashboardID: 1, UserID: 2, Permission: models.PERMISSION_VIEW}, }, }) @@ -292,22 +292,22 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) { assert.Equal(t, models.PERMISSION_ADMIN, resp[1].Permission) }, mockSQLStore) - cmd := dtos.UpdateDashboardAclCommand{ - Items: []dtos.DashboardAclUpdateItem{ + cmd := dtos.UpdateDashboardACLCommand{ + Items: []dtos.DashboardACLUpdateItem{ {UserID: 1000, Permission: models.PERMISSION_ADMIN}, }, } for _, acl := range resp { - cmd.Items = append(cmd.Items, dtos.DashboardAclUpdateItem{ + cmd.Items = append(cmd.Items, dtos.DashboardACLUpdateItem{ UserID: acl.UserId, Permission: acl.Permission, }) } assert.Len(t, cmd.Items, 3) - var numOfItems []*models.DashboardAcl + var numOfItems []*models.DashboardACL dashboardStore.On("UpdateDashboardACL", mock.Anything, mock.Anything, mock.Anything).Run(func(args mock.Arguments) { - items := args.Get(2).([]*models.DashboardAcl) + items := args.Get(2).([]*models.DashboardACL) numOfItems = items }).Return(nil).Once() updateDashboardPermissionScenario(t, updatePermissionContext{ @@ -339,7 +339,7 @@ type updatePermissionContext struct { desc string url string routePattern string - cmd dtos.UpdateDashboardAclCommand + cmd dtos.UpdateDashboardACLCommand fn scenarioFunc } diff --git a/pkg/api/dashboard_snapshot_test.go b/pkg/api/dashboard_snapshot_test.go index 43251646977..8578fa2ed31 100644 --- a/pkg/api/dashboard_snapshot_test.go +++ b/pkg/api/dashboard_snapshot_test.go @@ -69,7 +69,7 @@ func TestDashboardSnapshotAPIEndpoint_singleSnapshot(t *testing.T) { sc.handlerFunc = hs.DeleteDashboardSnapshot dashSvc := dashboards.NewFakeDashboardService(t) - dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Return(nil).Maybe() + dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Return(nil).Maybe() guardian.InitLegacyGuardian(sc.sqlStore, dashSvc) sc.fakeReqWithParams("DELETE", sc.url, map[string]string{"key": "12345"}).exec() @@ -106,9 +106,9 @@ func TestDashboardSnapshotAPIEndpoint_singleSnapshot(t *testing.T) { t.Run("When user is editor and dashboard has default ACL", func(t *testing.T) { dashSvc := &dashboards.FakeDashboardService{} - dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) { - q := args.Get(1).(*models.GetDashboardAclInfoListQuery) - q.Result = []*models.DashboardAclInfoDTO{ + dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) { + q := args.Get(1).(*models.GetDashboardACLInfoListQuery) + q.Result = []*models.DashboardACLInfoDTO{ {Role: &viewerRole, Permission: models.PERMISSION_VIEW}, {Role: &editorRole, Permission: models.PERMISSION_EDIT}, } diff --git a/pkg/api/dashboard_test.go b/pkg/api/dashboard_test.go index 6c685ac5eb3..9dc4d894e8e 100644 --- a/pkg/api/dashboard_test.go +++ b/pkg/api/dashboard_test.go @@ -123,7 +123,7 @@ func TestDashboardAPIEndpoint(t *testing.T) { fakeDash := models.NewDashboard("Child dash") fakeDash.Id = 1 fakeDash.FolderId = 1 - fakeDash.HasAcl = false + fakeDash.HasACL = false fakeDashboardVersionService := dashvertest.NewDashboardVersionServiceFake() fakeDashboardVersionService.ExpectedDashboardVersion = &dashver.DashboardVersion{} dashboardService := dashboards.NewFakeDashboardService(t) @@ -147,9 +147,9 @@ func TestDashboardAPIEndpoint(t *testing.T) { setUp := func() { viewerRole := models.ROLE_VIEWER editorRole := models.ROLE_EDITOR - dashboardService.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) { - q := args.Get(1).(*models.GetDashboardAclInfoListQuery) - q.Result = []*models.DashboardAclInfoDTO{ + dashboardService.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) { + q := args.Get(1).(*models.GetDashboardACLInfoListQuery) + q.Result = []*models.DashboardACLInfoDTO{ {Role: &viewerRole, Permission: models.PERMISSION_VIEW}, {Role: &editorRole, Permission: models.PERMISSION_EDIT}, } @@ -229,7 +229,7 @@ func TestDashboardAPIEndpoint(t *testing.T) { fakeDash := models.NewDashboard("Child dash") fakeDash.Id = 1 fakeDash.FolderId = 1 - fakeDash.HasAcl = true + fakeDash.HasACL = true fakeDashboardVersionService := dashvertest.NewDashboardVersionServiceFake() fakeDashboardVersionService.ExpectedDashboardVersion = &dashver.DashboardVersion{} dashboardService := dashboards.NewFakeDashboardService(t) @@ -237,9 +237,9 @@ func TestDashboardAPIEndpoint(t *testing.T) { q := args.Get(1).(*models.GetDashboardQuery) q.Result = fakeDash }).Return(nil) - dashboardService.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) { - q := args.Get(1).(*models.GetDashboardAclInfoListQuery) - q.Result = []*models.DashboardAclInfoDTO{ + dashboardService.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) { + q := args.Get(1).(*models.GetDashboardACLInfoListQuery) + q.Result = []*models.DashboardACLInfoDTO{ { DashboardId: 1, Permission: models.PERMISSION_EDIT, @@ -368,9 +368,9 @@ func TestDashboardAPIEndpoint(t *testing.T) { setting.ViewersCanEdit = false dashboardService := dashboards.NewFakeDashboardService(t) - dashboardService.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) { - q := args.Get(1).(*models.GetDashboardAclInfoListQuery) - q.Result = []*models.DashboardAclInfoDTO{ + dashboardService.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) { + q := args.Get(1).(*models.GetDashboardACLInfoListQuery) + q.Result = []*models.DashboardACLInfoDTO{ {OrgId: 1, DashboardId: 2, UserId: 1, Permission: models.PERMISSION_EDIT}, } }).Return(nil) @@ -430,9 +430,9 @@ func TestDashboardAPIEndpoint(t *testing.T) { setting.ViewersCanEdit = true dashboardService := dashboards.NewFakeDashboardService(t) - dashboardService.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) { - q := args.Get(1).(*models.GetDashboardAclInfoListQuery) - q.Result = []*models.DashboardAclInfoDTO{ + dashboardService.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) { + q := args.Get(1).(*models.GetDashboardACLInfoListQuery) + q.Result = []*models.DashboardACLInfoDTO{ {OrgId: 1, DashboardId: 2, UserId: 1, Permission: models.PERMISSION_VIEW}, } }).Return(nil) @@ -470,9 +470,9 @@ func TestDashboardAPIEndpoint(t *testing.T) { setting.ViewersCanEdit = true dashboardService := dashboards.NewFakeDashboardService(t) - dashboardService.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) { - q := args.Get(1).(*models.GetDashboardAclInfoListQuery) - q.Result = []*models.DashboardAclInfoDTO{ + dashboardService.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) { + q := args.Get(1).(*models.GetDashboardACLInfoListQuery) + q.Result = []*models.DashboardACLInfoDTO{ {OrgId: 1, DashboardId: 2, UserId: 1, Permission: models.PERMISSION_ADMIN}, } }).Return(nil) @@ -523,9 +523,9 @@ func TestDashboardAPIEndpoint(t *testing.T) { setUpInner := func() { dashboardService := dashboards.NewFakeDashboardService(t) - dashboardService.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) { - q := args.Get(1).(*models.GetDashboardAclInfoListQuery) - q.Result = []*models.DashboardAclInfoDTO{ + dashboardService.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) { + q := args.Get(1).(*models.GetDashboardACLInfoListQuery) + q.Result = []*models.DashboardACLInfoDTO{ {OrgId: 1, DashboardId: 2, UserId: 1, Permission: models.PERMISSION_VIEW}, } }).Return(nil) @@ -568,12 +568,12 @@ func TestDashboardAPIEndpoint(t *testing.T) { dashOne := models.NewDashboard("dash") dashOne.Id = 2 dashOne.FolderId = 1 - dashOne.HasAcl = false + dashOne.HasACL = false dashTwo := models.NewDashboard("dash") dashTwo.Id = 4 dashTwo.FolderId = 3 - dashTwo.HasAcl = false + dashTwo.HasACL = false }) t.Run("Post dashboard response tests", func(t *testing.T) { @@ -740,7 +740,7 @@ func TestDashboardAPIEndpoint(t *testing.T) { sqlmock := mockstore.SQLStoreMock{} setUp := func() { dashSvc := dashboards.NewFakeDashboardService(t) - dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Return(nil) + dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Return(nil) guardian.InitLegacyGuardian(&sqlmock, dashSvc) } @@ -769,7 +769,7 @@ func TestDashboardAPIEndpoint(t *testing.T) { t.Run("when user does have permission", func(t *testing.T) { role := models.ROLE_ADMIN postDiffScenario(t, "When calling POST on", "/api/dashboards/calculate-diff", "/api/dashboards/calculate-diff", cmd, role, func(sc *scenarioContext) { - // This test shouldn't hit GetDashboardAclInfoList, so no setup needed + // This test shouldn't hit GetDashboardACLInfoList, so no setup needed sc.dashboardVersionService = fakeDashboardVersionService callPostDashboard(sc) assert.Equal(t, 200, sc.resp.Code) @@ -782,7 +782,7 @@ func TestDashboardAPIEndpoint(t *testing.T) { fakeDash := models.NewDashboard("Child dash") fakeDash.Id = 2 fakeDash.FolderId = folderID - fakeDash.HasAcl = false + fakeDash.HasACL = false dashboardService := dashboards.NewFakeDashboardService(t) dashboardService.On("GetDashboard", mock.Anything, mock.AnythingOfType("*models.GetDashboardQuery")).Run(func(args mock.Arguments) { @@ -819,7 +819,7 @@ func TestDashboardAPIEndpoint(t *testing.T) { t.Run("Given dashboard in general folder being restored should restore to general folder", func(t *testing.T) { fakeDash := models.NewDashboard("Child dash") fakeDash.Id = 2 - fakeDash.HasAcl = false + fakeDash.HasACL = false dashboardService := dashboards.NewFakeDashboardService(t) dashboardService.On("GetDashboard", mock.Anything, mock.AnythingOfType("*models.GetDashboardQuery")).Run(func(args mock.Arguments) { @@ -865,9 +865,9 @@ func TestDashboardAPIEndpoint(t *testing.T) { q := args.Get(1).(*models.GetDashboardQuery) q.Result = &models.Dashboard{Id: 1, Data: dataValue} }).Return(nil) - dashboardService.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) { - q := args.Get(1).(*models.GetDashboardAclInfoListQuery) - q.Result = []*models.DashboardAclInfoDTO{{OrgId: testOrgID, DashboardId: 1, UserId: testUserID, Permission: models.PERMISSION_EDIT}} + dashboardService.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) { + q := args.Get(1).(*models.GetDashboardACLInfoListQuery) + q.Result = []*models.DashboardACLInfoDTO{{OrgId: testOrgID, DashboardId: 1, UserId: testUserID, Permission: models.PERMISSION_EDIT}} }).Return(nil) guardian.InitLegacyGuardian(mockSQLStore, dashboardService) diff --git a/pkg/api/docs/definitions/dashboard_permissions.go b/pkg/api/docs/definitions/dashboard_permissions.go index 261d3381d78..d1411b0fb38 100644 --- a/pkg/api/docs/definitions/dashboard_permissions.go +++ b/pkg/api/docs/definitions/dashboard_permissions.go @@ -73,7 +73,7 @@ type GetDashboardPermissionsParams struct { type PostDashboardPermissionsParams struct { // in:body // required:true - Body dtos.UpdateDashboardAclCommand + Body dtos.UpdateDashboardACLCommand // in:path DashboardID int64 } @@ -82,7 +82,7 @@ type PostDashboardPermissionsParams struct { type PostDashboardPermissionsWithUIDParams struct { // in:body // required:true - Body dtos.UpdateDashboardAclCommand + Body dtos.UpdateDashboardACLCommand // in:path // required:true // description: The dashboard UID @@ -92,5 +92,5 @@ type PostDashboardPermissionsWithUIDParams struct { // swagger:response getDashboardPermissionsResponse type GetDashboardPermissionsResponse struct { // in: body - Body []*models.DashboardAclInfoDTO `json:"body"` + Body []*models.DashboardACLInfoDTO `json:"body"` } diff --git a/pkg/api/docs/definitions/folder.go b/pkg/api/docs/definitions/folder.go index e2371f8265c..f6fcf6a7b19 100644 --- a/pkg/api/docs/definitions/folder.go +++ b/pkg/api/docs/definitions/folder.go @@ -109,7 +109,7 @@ type PostDashboardPermissionsParam struct { FolderUID string `json:"folder_uid"` // in:body // required:true - Body dtos.UpdateDashboardAclCommand + Body dtos.UpdateDashboardACLCommand } // swagger:parameters getFolderByID diff --git a/pkg/api/dtos/acl.go b/pkg/api/dtos/acl.go index c163569193f..4d5aee81c1a 100644 --- a/pkg/api/dtos/acl.go +++ b/pkg/api/dtos/acl.go @@ -3,12 +3,12 @@ package dtos import "github.com/grafana/grafana/pkg/models" // swagger:model -type UpdateDashboardAclCommand struct { - Items []DashboardAclUpdateItem `json:"items"` +type UpdateDashboardACLCommand struct { + Items []DashboardACLUpdateItem `json:"items"` } // swagger:model -type DashboardAclUpdateItem struct { +type DashboardACLUpdateItem struct { UserID int64 `json:"userId"` TeamID int64 `json:"teamId"` Role *models.RoleType `json:"role,omitempty"` diff --git a/pkg/api/dtos/dashboard.go b/pkg/api/dtos/dashboard.go index b133fad596b..4b72bcc440e 100644 --- a/pkg/api/dtos/dashboard.go +++ b/pkg/api/dtos/dashboard.go @@ -24,7 +24,7 @@ type DashboardMeta struct { UpdatedBy string `json:"updatedBy"` CreatedBy string `json:"createdBy"` Version int `json:"version"` - HasAcl bool `json:"hasAcl"` + HasACL bool `json:"hasAcl" xorm:"has_acl"` IsFolder bool `json:"isFolder"` FolderId int64 `json:"folderId"` FolderUid string `json:"folderUid"` diff --git a/pkg/api/dtos/folder.go b/pkg/api/dtos/folder.go index d9959caf7c7..87605a01185 100644 --- a/pkg/api/dtos/folder.go +++ b/pkg/api/dtos/folder.go @@ -11,7 +11,7 @@ type Folder struct { Uid string `json:"uid"` Title string `json:"title"` Url string `json:"url"` - HasAcl bool `json:"hasAcl"` + HasACL bool `json:"hasAcl" xorm:"has_acl"` CanSave bool `json:"canSave"` CanEdit bool `json:"canEdit"` CanAdmin bool `json:"canAdmin"` diff --git a/pkg/api/folder.go b/pkg/api/folder.go index 75ba5f1028a..42fabcbba74 100644 --- a/pkg/api/folder.go +++ b/pkg/api/folder.go @@ -164,7 +164,7 @@ func (hs *HTTPServer) toFolderDto(c *models.ReqContext, g guardian.DashboardGuar Uid: folder.Uid, Title: folder.Title, Url: folder.Url, - HasAcl: folder.HasAcl, + HasACL: folder.HasACL, CanSave: canSave, CanEdit: canEdit, CanAdmin: canAdmin, diff --git a/pkg/api/folder_permission.go b/pkg/api/folder_permission.go index 892e9e043aa..8d037cb8838 100644 --- a/pkg/api/folder_permission.go +++ b/pkg/api/folder_permission.go @@ -28,12 +28,12 @@ func (hs *HTTPServer) GetFolderPermissionList(c *models.ReqContext) response.Res return apierrors.ToFolderErrorResponse(dashboards.ErrFolderAccessDenied) } - acl, err := g.GetAcl() + acl, err := g.GetACL() if err != nil { return response.Error(500, "Failed to get folder permissions", err) } - filteredAcls := make([]*models.DashboardAclInfoDTO, 0, len(acl)) + filteredACLs := make([]*models.DashboardACLInfoDTO, 0, len(acl)) for _, perm := range acl { if perm.UserId > 0 && dtos.IsHiddenUser(perm.UserLogin, c.SignedInUser, hs.Cfg) { continue @@ -52,14 +52,14 @@ func (hs *HTTPServer) GetFolderPermissionList(c *models.ReqContext) response.Res perm.Url = models.GetDashboardFolderUrl(perm.IsFolder, perm.Uid, perm.Slug) } - filteredAcls = append(filteredAcls, perm) + filteredACLs = append(filteredACLs, perm) } - return response.JSON(http.StatusOK, filteredAcls) + return response.JSON(http.StatusOK, filteredACLs) } func (hs *HTTPServer) UpdateFolderPermissions(c *models.ReqContext) response.Response { - apiCmd := dtos.UpdateDashboardAclCommand{} + apiCmd := dtos.UpdateDashboardACLCommand{} if err := web.Bind(c.Req, &apiCmd); err != nil { return response.Error(http.StatusBadRequest, "bad request data", err) } @@ -82,9 +82,9 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *models.ReqContext) response.Res return apierrors.ToFolderErrorResponse(dashboards.ErrFolderAccessDenied) } - var items []*models.DashboardAcl + var items []*models.DashboardACL for _, item := range apiCmd.Items { - items = append(items, &models.DashboardAcl{ + items = append(items, &models.DashboardACL{ OrgID: c.OrgId, DashboardID: folder.Id, UserID: item.UserID, @@ -116,7 +116,7 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *models.ReqContext) response.Res } if !hs.AccessControl.IsDisabled() { - old, err := g.GetAcl() + old, err := g.GetACL() if err != nil { return response.Error(500, "Error while checking dashboard permissions", err) } @@ -127,14 +127,14 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *models.ReqContext) response.Res } if err := hs.DashboardService.UpdateDashboardACL(c.Req.Context(), folder.Id, items); err != nil { - if errors.Is(err, models.ErrDashboardAclInfoMissing) { - err = models.ErrFolderAclInfoMissing + if errors.Is(err, models.ErrDashboardACLInfoMissing) { + err = models.ErrFolderACLInfoMissing } if errors.Is(err, models.ErrDashboardPermissionDashboardEmpty) { err = models.ErrFolderPermissionFolderEmpty } - if errors.Is(err, models.ErrFolderAclInfoMissing) || errors.Is(err, models.ErrFolderPermissionFolderEmpty) { + if errors.Is(err, models.ErrFolderACLInfoMissing) || errors.Is(err, models.ErrFolderPermissionFolderEmpty) { return response.Error(409, err.Error(), err) } diff --git a/pkg/api/folder_permission_test.go b/pkg/api/folder_permission_test.go index 093522d2d9e..7c3b85a3f01 100644 --- a/pkg/api/folder_permission_test.go +++ b/pkg/api/folder_permission_test.go @@ -56,8 +56,8 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) { assert.Equal(t, 404, sc.resp.Code) }, mockSQLStore) - cmd := dtos.UpdateDashboardAclCommand{ - Items: []dtos.DashboardAclUpdateItem{ + cmd := dtos.UpdateDashboardACLCommand{ + Items: []dtos.DashboardACLUpdateItem{ {UserID: 1000, Permission: models.PERMISSION_ADMIN}, }, } @@ -89,8 +89,8 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) { assert.Equal(t, 403, sc.resp.Code) }, mockSQLStore) - cmd := dtos.UpdateDashboardAclCommand{ - Items: []dtos.DashboardAclUpdateItem{ + cmd := dtos.UpdateDashboardACLCommand{ + Items: []dtos.DashboardACLUpdateItem{ {UserID: 1000, Permission: models.PERMISSION_ADMIN}, }, } @@ -116,7 +116,7 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) { guardian.MockDashboardGuardian(&guardian.FakeDashboardGuardian{ CanAdminValue: true, CheckPermissionBeforeUpdateValue: true, - GetAclValue: []*models.DashboardAclInfoDTO{ + GetACLValue: []*models.DashboardACLInfoDTO{ {OrgId: 1, DashboardId: 1, UserId: 2, Permission: models.PERMISSION_VIEW}, {OrgId: 1, DashboardId: 1, UserId: 3, Permission: models.PERMISSION_EDIT}, {OrgId: 1, DashboardId: 1, UserId: 4, Permission: models.PERMISSION_ADMIN}, @@ -134,7 +134,7 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) { callGetFolderPermissions(sc, hs) assert.Equal(t, 200, sc.resp.Code) - var resp []*models.DashboardAclInfoDTO + var resp []*models.DashboardACLInfoDTO err := json.Unmarshal(sc.resp.Body.Bytes(), &resp) require.NoError(t, err) @@ -143,8 +143,8 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) { assert.Equal(t, models.PERMISSION_VIEW, resp[0].Permission) }, mockSQLStore) - cmd := dtos.UpdateDashboardAclCommand{ - Items: []dtos.DashboardAclUpdateItem{ + cmd := dtos.UpdateDashboardACLCommand{ + Items: []dtos.DashboardACLUpdateItem{ {UserID: 1000, Permission: models.PERMISSION_ADMIN}, }, } @@ -186,8 +186,8 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) { folderResponse := &models.Folder{Id: 1, Uid: "uid", Title: "Folder"} folderService.On("GetFolderByUID", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(folderResponse, nil).Once() - cmd := dtos.UpdateDashboardAclCommand{ - Items: []dtos.DashboardAclUpdateItem{ + cmd := dtos.UpdateDashboardACLCommand{ + Items: []dtos.DashboardACLUpdateItem{ {UserID: 1000, Permission: models.PERMISSION_ADMIN}, }, } @@ -206,14 +206,14 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) { t.Run("When trying to update team or user permissions with a role", func(t *testing.T) { role := models.ROLE_ADMIN - cmds := []dtos.UpdateDashboardAclCommand{ + cmds := []dtos.UpdateDashboardACLCommand{ { - Items: []dtos.DashboardAclUpdateItem{ + Items: []dtos.DashboardACLUpdateItem{ {UserID: 1000, Permission: models.PERMISSION_ADMIN, Role: &role}, }, }, { - Items: []dtos.DashboardAclUpdateItem{ + Items: []dtos.DashboardACLUpdateItem{ {TeamID: 1000, Permission: models.PERMISSION_ADMIN, Role: &role}, }, }, @@ -251,8 +251,8 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) { folderResponse := &models.Folder{Id: 1, Uid: "uid", Title: "Folder"} folderService.On("GetFolderByUID", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(folderResponse, nil).Once() - cmd := dtos.UpdateDashboardAclCommand{ - Items: []dtos.DashboardAclUpdateItem{ + cmd := dtos.UpdateDashboardACLCommand{ + Items: []dtos.DashboardACLUpdateItem{ {UserID: 1000, Permission: models.PERMISSION_ADMIN}, }, } @@ -283,25 +283,25 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) { guardian.MockDashboardGuardian(&guardian.FakeDashboardGuardian{ CanAdminValue: true, CheckPermissionBeforeUpdateValue: true, - GetAclValue: []*models.DashboardAclInfoDTO{ + GetACLValue: []*models.DashboardACLInfoDTO{ {OrgId: 1, DashboardId: 1, UserId: 2, UserLogin: "hiddenUser", Permission: models.PERMISSION_VIEW}, {OrgId: 1, DashboardId: 1, UserId: 3, UserLogin: testUserLogin, Permission: models.PERMISSION_EDIT}, {OrgId: 1, DashboardId: 1, UserId: 4, UserLogin: "user_1", Permission: models.PERMISSION_ADMIN}, }, - GetHiddenAclValue: []*models.DashboardAcl{ + GetHiddenACLValue: []*models.DashboardACL{ {OrgID: 1, DashboardID: 1, UserID: 2, Permission: models.PERMISSION_VIEW}, }, }) - var gotItems []*models.DashboardAcl + var gotItems []*models.DashboardACL folderResponse := &models.Folder{Id: 1, Uid: "uid", Title: "Folder"} folderService.On("GetFolderByUID", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(folderResponse, nil).Twice() dashboardStore.On("UpdateDashboardACL", mock.Anything, mock.Anything, mock.Anything).Run(func(args mock.Arguments) { - gotItems = args.Get(2).([]*models.DashboardAcl) + gotItems = args.Get(2).([]*models.DashboardACL) }).Return(nil).Once() - var resp []*models.DashboardAclInfoDTO + var resp []*models.DashboardACLInfoDTO mockSQLStore := mockstore.NewSQLStoreMock() loggedInUserScenarioWithRole(t, "When calling GET on", "GET", "/api/folders/uid/permissions", "/api/folders/:uid/permissions", models.ROLE_ADMIN, func(sc *scenarioContext) { callGetFolderPermissions(sc, hs) @@ -317,13 +317,13 @@ func TestFolderPermissionAPIEndpoint(t *testing.T) { assert.Equal(t, models.PERMISSION_ADMIN, resp[1].Permission) }, mockSQLStore) - cmd := dtos.UpdateDashboardAclCommand{ - Items: []dtos.DashboardAclUpdateItem{ + cmd := dtos.UpdateDashboardACLCommand{ + Items: []dtos.DashboardACLUpdateItem{ {UserID: 1000, Permission: models.PERMISSION_ADMIN}, }, } for _, acl := range resp { - cmd.Items = append(cmd.Items, dtos.DashboardAclUpdateItem{ + cmd.Items = append(cmd.Items, dtos.DashboardACLUpdateItem{ UserID: acl.UserId, Permission: acl.Permission, }) diff --git a/pkg/api/folder_test.go b/pkg/api/folder_test.go index 897abd851ed..af6ccb91c49 100644 --- a/pkg/api/folder_test.go +++ b/pkg/api/folder_test.go @@ -235,10 +235,10 @@ func createFolderScenario(t *testing.T, desc string, url string, routePattern st cmd models.CreateFolderCommand, fn scenarioFunc) { setUpRBACGuardian(t) t.Run(fmt.Sprintf("%s %s", desc, url), func(t *testing.T) { - aclMockResp := []*models.DashboardAclInfoDTO{} + aclMockResp := []*models.DashboardACLInfoDTO{} dashSvc := &dashboards.FakeDashboardService{} - dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) { - q := args.Get(1).(*models.GetDashboardAclInfoListQuery) + dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) { + q := args.Get(1).(*models.GetDashboardACLInfoListQuery) q.Result = aclMockResp }).Return(nil) store := mockstore.NewSQLStoreMock() diff --git a/pkg/api/org_users_test.go b/pkg/api/org_users_test.go index 3443b4b6d75..aa408a187ca 100644 --- a/pkg/api/org_users_test.go +++ b/pkg/api/org_users_test.go @@ -155,7 +155,7 @@ func TestOrgUsersAPIEndpoint_LegacyAccessControl_FolderAdmin(t *testing.T) { require.NotNil(t, folder) // Grant our test Viewer with permission to admin the folder - acls := []*models.DashboardAcl{ + acls := []*models.DashboardACL{ { DashboardID: folder.Id, OrgID: testOrgID, diff --git a/pkg/models/dashboard_acl.go b/pkg/models/dashboard_acl.go index 1a7ee44f47a..7ce20b4476a 100644 --- a/pkg/models/dashboard_acl.go +++ b/pkg/models/dashboard_acl.go @@ -24,16 +24,16 @@ func (p PermissionType) String() string { // Typed errors var ( - ErrDashboardAclInfoMissing = errors.New("user id and team id cannot both be empty for a dashboard permission") + ErrDashboardACLInfoMissing = errors.New("user id and team id cannot both be empty for a dashboard permission") ErrDashboardPermissionDashboardEmpty = errors.New("dashboard id must be greater than zero for a dashboard permission") - ErrFolderAclInfoMissing = errors.New("user id and team id cannot both be empty for a folder permission") + ErrFolderACLInfoMissing = errors.New("user id and team id cannot both be empty for a folder permission") ErrFolderPermissionFolderEmpty = errors.New("folder id must be greater than zero for a folder permission") ErrPermissionsWithRoleNotAllowed = errors.New("permissions cannot have both a user and team") ErrPermissionsWithUserAndTeamNotAllowed = errors.New("team and user permissions cannot have an associated role") ) // Dashboard ACL model -type DashboardAcl struct { +type DashboardACL struct { // nolint:stylecheck Id int64 OrgID int64 `xorm:"org_id"` @@ -48,7 +48,7 @@ type DashboardAcl struct { Updated time.Time } -type DashboardAclInfoDTO struct { +type DashboardACLInfoDTO struct { OrgId int64 `json:"-"` DashboardId int64 `json:"dashboardId,omitempty"` FolderId int64 `json:"folderId,omitempty"` @@ -75,7 +75,7 @@ type DashboardAclInfoDTO struct { Inherited bool `json:"inherited"` } -func (dto *DashboardAclInfoDTO) hasSameRoleAs(other *DashboardAclInfoDTO) bool { +func (dto *DashboardACLInfoDTO) hasSameRoleAs(other *DashboardACLInfoDTO) bool { if dto.Role == nil || other.Role == nil { return false } @@ -83,24 +83,26 @@ func (dto *DashboardAclInfoDTO) hasSameRoleAs(other *DashboardAclInfoDTO) bool { return dto.UserId <= 0 && dto.TeamId <= 0 && dto.UserId == other.UserId && dto.TeamId == other.TeamId && *dto.Role == *other.Role } -func (dto *DashboardAclInfoDTO) hasSameUserAs(other *DashboardAclInfoDTO) bool { +func (dto *DashboardACLInfoDTO) hasSameUserAs(other *DashboardACLInfoDTO) bool { return dto.UserId > 0 && dto.UserId == other.UserId } -func (dto *DashboardAclInfoDTO) hasSameTeamAs(other *DashboardAclInfoDTO) bool { +func (dto *DashboardACLInfoDTO) hasSameTeamAs(other *DashboardACLInfoDTO) bool { return dto.TeamId > 0 && dto.TeamId == other.TeamId } // IsDuplicateOf returns true if other item has same role, same user or same team -func (dto *DashboardAclInfoDTO) IsDuplicateOf(other *DashboardAclInfoDTO) bool { +func (dto *DashboardACLInfoDTO) IsDuplicateOf(other *DashboardACLInfoDTO) bool { return dto.hasSameRoleAs(other) || dto.hasSameUserAs(other) || dto.hasSameTeamAs(other) } // // QUERIES // -type GetDashboardAclInfoListQuery struct { +type GetDashboardACLInfoListQuery struct { DashboardID int64 OrgID int64 - Result []*DashboardAclInfoDTO + Result []*DashboardACLInfoDTO } + +func (p DashboardACL) TableName() string { return "dashboard_acl" } diff --git a/pkg/models/dashboards.go b/pkg/models/dashboards.go index a289d2c9a72..750681b6481 100644 --- a/pkg/models/dashboards.go +++ b/pkg/models/dashboards.go @@ -36,7 +36,7 @@ type Dashboard struct { CreatedBy int64 FolderId int64 IsFolder bool - HasAcl bool + HasACL bool `xorm:"has_acl"` Title string Data *simplejson.Json diff --git a/pkg/models/folders.go b/pkg/models/folders.go index 63ac8b58bcc..a2f98f4cd16 100644 --- a/pkg/models/folders.go +++ b/pkg/models/folders.go @@ -17,7 +17,7 @@ type Folder struct { UpdatedBy int64 CreatedBy int64 - HasAcl bool + HasACL bool } // NewFolder creates a new Folder @@ -35,7 +35,7 @@ func DashboardToFolder(dash *Dashboard) *Folder { Id: dash.Id, Uid: dash.Uid, Title: dash.Title, - HasAcl: dash.HasAcl, + HasACL: dash.HasACL, Url: dash.GetUrl(), Version: dash.Version, Created: dash.Created, diff --git a/pkg/services/dashboards/dashboard.go b/pkg/services/dashboards/dashboard.go index d4efb21c54e..2e5bb29725a 100644 --- a/pkg/services/dashboards/dashboard.go +++ b/pkg/services/dashboards/dashboard.go @@ -13,7 +13,7 @@ type DashboardService interface { DeleteDashboard(ctx context.Context, dashboardId int64, orgId int64) error FindDashboards(ctx context.Context, query *models.FindPersistedDashboardsQuery) ([]DashboardSearchProjection, error) GetDashboard(ctx context.Context, query *models.GetDashboardQuery) error - GetDashboardAclInfoList(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error + GetDashboardACLInfoList(ctx context.Context, query *models.GetDashboardACLInfoListQuery) error GetDashboards(ctx context.Context, query *models.GetDashboardsQuery) error GetDashboardTags(ctx context.Context, query *models.GetDashboardTagsQuery) error GetDashboardUIDById(ctx context.Context, query *models.GetDashboardRefByIdQuery) error @@ -23,7 +23,7 @@ type DashboardService interface { MakeUserAdmin(ctx context.Context, orgID int64, userID, dashboardID int64, setViewAndEditPermissions bool) error SaveDashboard(ctx context.Context, dto *SaveDashboardDTO, allowUiUpdate bool) (*models.Dashboard, error) SearchDashboards(ctx context.Context, query *models.FindPersistedDashboardsQuery) error - UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardAcl) error + UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardACL) error } // PluginService is a service for operating on plugin dashboards. @@ -51,7 +51,7 @@ type Store interface { DeleteOrphanedProvisionedDashboards(ctx context.Context, cmd *models.DeleteOrphanedProvisionedDashboardsCommand) error FindDashboards(ctx context.Context, query *models.FindPersistedDashboardsQuery) ([]DashboardSearchProjection, error) GetDashboard(ctx context.Context, query *models.GetDashboardQuery) (*models.Dashboard, error) - GetDashboardAclInfoList(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error + GetDashboardACLInfoList(ctx context.Context, query *models.GetDashboardACLInfoListQuery) error GetDashboardUIDById(ctx context.Context, query *models.GetDashboardRefByIdQuery) error GetDashboards(ctx context.Context, query *models.GetDashboardsQuery) error // GetDashboardsByPluginID retrieves dashboards identified by plugin. @@ -67,7 +67,7 @@ type Store interface { SaveDashboard(cmd models.SaveDashboardCommand) (*models.Dashboard, error) SaveProvisionedDashboard(cmd models.SaveDashboardCommand, provisioning *models.DashboardProvisioning) (*models.Dashboard, error) UnprovisionDashboard(ctx context.Context, id int64) error - UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardAcl) error + UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardACL) error // ValidateDashboardBeforeSave validates a dashboard before save. ValidateDashboardBeforeSave(dashboard *models.Dashboard, overwrite bool) (bool, error) DeleteACLByUser(context.Context, int64) error diff --git a/pkg/services/dashboards/dashboard_service_mock.go b/pkg/services/dashboards/dashboard_service_mock.go index 8e42d531998..e9ab55529b2 100644 --- a/pkg/services/dashboards/dashboard_service_mock.go +++ b/pkg/services/dashboards/dashboard_service_mock.go @@ -90,12 +90,12 @@ func (_m *FakeDashboardService) GetDashboard(ctx context.Context, query *models. return r0 } -// GetDashboardAclInfoList provides a mock function with given fields: ctx, query -func (_m *FakeDashboardService) GetDashboardAclInfoList(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { +// GetDashboardACLInfoList provides a mock function with given fields: ctx, query +func (_m *FakeDashboardService) GetDashboardACLInfoList(ctx context.Context, query *models.GetDashboardACLInfoListQuery) error { ret := _m.Called(ctx, query) var r0 error - if rf, ok := ret.Get(0).(func(context.Context, *models.GetDashboardAclInfoListQuery) error); ok { + if rf, ok := ret.Get(0).(func(context.Context, *models.GetDashboardACLInfoListQuery) error); ok { r0 = rf(ctx, query) } else { r0 = ret.Error(0) @@ -249,11 +249,11 @@ func (_m *FakeDashboardService) SearchDashboards(ctx context.Context, query *mod } // UpdateDashboardACL provides a mock function with given fields: ctx, uid, items -func (_m *FakeDashboardService) UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardAcl) error { +func (_m *FakeDashboardService) UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardACL) error { ret := _m.Called(ctx, uid, items) var r0 error - if rf, ok := ret.Get(0).(func(context.Context, int64, []*models.DashboardAcl) error); ok { + if rf, ok := ret.Get(0).(func(context.Context, int64, []*models.DashboardACL) error); ok { r0 = rf(ctx, uid, items) } else { r0 = ret.Error(0) diff --git a/pkg/services/dashboards/database/acl.go b/pkg/services/dashboards/database/acl.go index f56e3bc610c..931d6f9f80b 100644 --- a/pkg/services/dashboards/database/acl.go +++ b/pkg/services/dashboards/database/acl.go @@ -7,14 +7,14 @@ import ( "github.com/grafana/grafana/pkg/services/sqlstore" ) -// GetDashboardAclInfoList returns a list of permissions for a dashboard. They can be fetched from three +// GetDashboardACLInfoList returns a list of permissions for a dashboard. They can be fetched from three // different places. // 1) Permissions for the dashboard // 2) permissions for its parent folder // 3) if no specific permissions have been set for the dashboard or its parent folder then get the default permissions -func (d *DashboardStore) GetDashboardAclInfoList(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { +func (d *DashboardStore) GetDashboardACLInfoList(ctx context.Context, query *models.GetDashboardACLInfoListQuery) error { outerErr := d.sqlStore.WithDbSession(ctx, func(dbSession *sqlstore.DBSession) error { - query.Result = make([]*models.DashboardAclInfoDTO, 0) + query.Result = make([]*models.DashboardACLInfoDTO, 0) falseStr := d.dialect.BooleanStr(false) if query.DashboardID == 0 { diff --git a/pkg/services/dashboards/database/acl_test.go b/pkg/services/dashboards/database/acl_test.go index 66a32fca4a2..e66b25ecfb4 100644 --- a/pkg/services/dashboards/database/acl_test.go +++ b/pkg/services/dashboards/database/acl_test.go @@ -10,7 +10,7 @@ import ( "github.com/stretchr/testify/require" ) -func TestIntegrationDashboardAclDataAccess(t *testing.T) { +func TestIntegrationDashboardACLDataAccess(t *testing.T) { if testing.Short() { t.Skip("skipping integration test") } @@ -29,19 +29,19 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { t.Run("Dashboard permission with userId and teamId set to 0", func(t *testing.T) { setup(t) - err := updateDashboardAcl(t, dashboardStore, savedFolder.Id, models.DashboardAcl{ + err := updateDashboardACL(t, dashboardStore, savedFolder.Id, models.DashboardACL{ OrgID: 1, DashboardID: savedFolder.Id, Permission: models.PERMISSION_EDIT, }) - require.Equal(t, models.ErrDashboardAclInfoMissing, err) + require.Equal(t, models.ErrDashboardACLInfoMissing, err) }) t.Run("Folder acl should include default acl", func(t *testing.T) { setup(t) - query := models.GetDashboardAclInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1} + query := models.GetDashboardACLInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1} - err := dashboardStore.GetDashboardAclInfoList(context.Background(), &query) + err := dashboardStore.GetDashboardACLInfoList(context.Background(), &query) require.Nil(t, err) require.Equal(t, 2, len(query.Result)) @@ -56,9 +56,9 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { t.Run("Dashboard acl should include acl for parent folder", func(t *testing.T) { setup(t) - query := models.GetDashboardAclInfoListQuery{DashboardID: childDash.Id, OrgID: 1} + query := models.GetDashboardACLInfoListQuery{DashboardID: childDash.Id, OrgID: 1} - err := dashboardStore.GetDashboardAclInfoList(context.Background(), &query) + err := dashboardStore.GetDashboardACLInfoList(context.Background(), &query) require.Nil(t, err) require.Equal(t, 2, len(query.Result)) @@ -76,8 +76,8 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { err := dashboardStore.UpdateDashboardACL(context.Background(), savedFolder.Id, nil) require.Nil(t, err) - query := models.GetDashboardAclInfoListQuery{DashboardID: childDash.Id, OrgID: 1} - err = dashboardStore.GetDashboardAclInfoList(context.Background(), &query) + query := models.GetDashboardACLInfoListQuery{DashboardID: childDash.Id, OrgID: 1} + err = dashboardStore.GetDashboardACLInfoList(context.Background(), &query) require.Nil(t, err) require.Equal(t, 0, len(query.Result)) @@ -86,7 +86,7 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { t.Run("Given a dashboard folder and a user", func(t *testing.T) { t.Run("Given dashboard folder permission", func(t *testing.T) { setup(t) - err := updateDashboardAcl(t, dashboardStore, savedFolder.Id, models.DashboardAcl{ + err := updateDashboardACL(t, dashboardStore, savedFolder.Id, models.DashboardACL{ OrgID: 1, UserID: currentUser.ID, DashboardID: savedFolder.Id, @@ -95,9 +95,9 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { require.Nil(t, err) t.Run("When reading dashboard acl should include acl for parent folder", func(t *testing.T) { - query := models.GetDashboardAclInfoListQuery{DashboardID: childDash.Id, OrgID: 1} + query := models.GetDashboardACLInfoListQuery{DashboardID: childDash.Id, OrgID: 1} - err := dashboardStore.GetDashboardAclInfoList(context.Background(), &query) + err := dashboardStore.GetDashboardACLInfoList(context.Background(), &query) require.Nil(t, err) require.Equal(t, 1, len(query.Result)) @@ -105,7 +105,7 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { }) t.Run("Given child dashboard permission", func(t *testing.T) { - err := updateDashboardAcl(t, dashboardStore, childDash.Id, models.DashboardAcl{ + err := updateDashboardACL(t, dashboardStore, childDash.Id, models.DashboardACL{ OrgID: 1, UserID: currentUser.ID, DashboardID: childDash.Id, @@ -114,9 +114,9 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { require.Nil(t, err) t.Run("When reading dashboard acl should include acl for parent folder and child", func(t *testing.T) { - query := models.GetDashboardAclInfoListQuery{OrgID: 1, DashboardID: childDash.Id} + query := models.GetDashboardACLInfoListQuery{OrgID: 1, DashboardID: childDash.Id} - err := dashboardStore.GetDashboardAclInfoList(context.Background(), &query) + err := dashboardStore.GetDashboardACLInfoList(context.Background(), &query) require.Nil(t, err) require.Equal(t, 2, len(query.Result)) @@ -130,7 +130,7 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { t.Run("Reading dashboard acl should include default acl for parent folder and the child acl", func(t *testing.T) { setup(t) - err := updateDashboardAcl(t, dashboardStore, childDash.Id, models.DashboardAcl{ + err := updateDashboardACL(t, dashboardStore, childDash.Id, models.DashboardACL{ OrgID: 1, UserID: currentUser.ID, DashboardID: childDash.Id, @@ -138,9 +138,9 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { }) require.Nil(t, err) - query := models.GetDashboardAclInfoListQuery{OrgID: 1, DashboardID: childDash.Id} + query := models.GetDashboardACLInfoListQuery{OrgID: 1, DashboardID: childDash.Id} - err = dashboardStore.GetDashboardAclInfoList(context.Background(), &query) + err = dashboardStore.GetDashboardACLInfoList(context.Background(), &query) require.Nil(t, err) defaultPermissionsId := int64(-1) @@ -157,7 +157,7 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { t.Run("Add and delete dashboard permission", func(t *testing.T) { setup(t) - err := updateDashboardAcl(t, dashboardStore, savedFolder.Id, models.DashboardAcl{ + err := updateDashboardACL(t, dashboardStore, savedFolder.Id, models.DashboardACL{ OrgID: 1, UserID: currentUser.ID, DashboardID: savedFolder.Id, @@ -165,8 +165,8 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { }) require.Nil(t, err) - q1 := &models.GetDashboardAclInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1} - err = dashboardStore.GetDashboardAclInfoList(context.Background(), q1) + q1 := &models.GetDashboardACLInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1} + err = dashboardStore.GetDashboardACLInfoList(context.Background(), q1) require.Nil(t, err) require.Equal(t, savedFolder.Id, q1.Result[0].DashboardId) @@ -176,11 +176,11 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { require.Equal(t, currentUser.Login, q1.Result[0].UserLogin) require.Equal(t, currentUser.Email, q1.Result[0].UserEmail) - err = updateDashboardAcl(t, dashboardStore, savedFolder.Id) + err = updateDashboardACL(t, dashboardStore, savedFolder.Id) require.Nil(t, err) - q3 := &models.GetDashboardAclInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1} - err = dashboardStore.GetDashboardAclInfoList(context.Background(), q3) + q3 := &models.GetDashboardACLInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1} + err = dashboardStore.GetDashboardACLInfoList(context.Background(), q3) require.Nil(t, err) require.Equal(t, 0, len(q3.Result)) }) @@ -190,7 +190,7 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { team1, err := sqlStore.CreateTeam("group1 name", "", 1) require.Nil(t, err) - err = updateDashboardAcl(t, dashboardStore, savedFolder.Id, models.DashboardAcl{ + err = updateDashboardACL(t, dashboardStore, savedFolder.Id, models.DashboardACL{ OrgID: 1, TeamID: team1.Id, DashboardID: savedFolder.Id, @@ -198,8 +198,8 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { }) require.Nil(t, err) - q1 := &models.GetDashboardAclInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1} - err = dashboardStore.GetDashboardAclInfoList(context.Background(), q1) + q1 := &models.GetDashboardACLInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1} + err = dashboardStore.GetDashboardACLInfoList(context.Background(), q1) require.Nil(t, err) require.Equal(t, savedFolder.Id, q1.Result[0].DashboardId) require.Equal(t, models.PERMISSION_EDIT, q1.Result[0].Permission) @@ -210,7 +210,7 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { setup(t) team1, err := sqlStore.CreateTeam("group1 name", "", 1) require.Nil(t, err) - err = updateDashboardAcl(t, dashboardStore, savedFolder.Id, models.DashboardAcl{ + err = updateDashboardACL(t, dashboardStore, savedFolder.Id, models.DashboardACL{ OrgID: 1, TeamID: team1.Id, DashboardID: savedFolder.Id, @@ -218,8 +218,8 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { }) require.Nil(t, err) - q3 := &models.GetDashboardAclInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1} - err = dashboardStore.GetDashboardAclInfoList(context.Background(), q3) + q3 := &models.GetDashboardACLInfoListQuery{DashboardID: savedFolder.Id, OrgID: 1} + err = dashboardStore.GetDashboardACLInfoList(context.Background(), q3) require.Nil(t, err) require.Equal(t, 1, len(q3.Result)) require.Equal(t, savedFolder.Id, q3.Result[0].DashboardId) @@ -233,9 +233,9 @@ func TestIntegrationDashboardAclDataAccess(t *testing.T) { var rootFolderId int64 = 0 //sqlStore := sqlstore.InitTestDB(t) - query := models.GetDashboardAclInfoListQuery{DashboardID: rootFolderId, OrgID: 1} + query := models.GetDashboardACLInfoListQuery{DashboardID: rootFolderId, OrgID: 1} - err := dashboardStore.GetDashboardAclInfoList(context.Background(), &query) + err := dashboardStore.GetDashboardACLInfoList(context.Background(), &query) require.Nil(t, err) require.Equal(t, 2, len(query.Result)) diff --git a/pkg/services/dashboards/database/database.go b/pkg/services/dashboards/database/database.go index 41b3fb271bf..2e8b2e984ec 100644 --- a/pkg/services/dashboards/database/database.go +++ b/pkg/services/dashboards/database/database.go @@ -192,7 +192,7 @@ func (d *DashboardStore) SaveDashboard(cmd models.SaveDashboardCommand) (*models return cmd.Result, err } -func (d *DashboardStore) UpdateDashboardACL(ctx context.Context, dashboardID int64, items []*models.DashboardAcl) error { +func (d *DashboardStore) UpdateDashboardACL(ctx context.Context, dashboardID int64, items []*models.DashboardACL) error { return d.sqlStore.WithTransactionalDbSession(ctx, func(sess *sqlstore.DBSession) error { // delete existing items _, err := sess.Exec("DELETE FROM dashboard_acl WHERE dashboard_id=?", dashboardID) @@ -202,7 +202,7 @@ func (d *DashboardStore) UpdateDashboardACL(ctx context.Context, dashboardID int for _, item := range items { if item.UserID == 0 && item.TeamID == 0 && (item.Role == nil || !item.Role.IsValid()) { - return models.ErrDashboardAclInfoMissing + return models.ErrDashboardACLInfoMissing } if item.DashboardID == 0 { @@ -215,8 +215,8 @@ func (d *DashboardStore) UpdateDashboardACL(ctx context.Context, dashboardID int } } - // Update dashboard HasAcl flag - dashboard := models.Dashboard{HasAcl: true} + // Update dashboard HasACL flag + dashboard := models.Dashboard{HasACL: true} _, err = sess.Cols("has_acl").Where("id=?", dashboardID).Update(&dashboard) return err }) diff --git a/pkg/services/dashboards/database/database_folder_test.go b/pkg/services/dashboards/database/database_folder_test.go index a967863eec8..664fffeecf0 100644 --- a/pkg/services/dashboards/database/database_folder_test.go +++ b/pkg/services/dashboards/database/database_folder_test.go @@ -54,7 +54,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) { t.Run("and acl is set for dashboard folder", func(t *testing.T) { var otherUser int64 = 999 - err := updateDashboardAcl(t, dashboardStore, folder.Id, models.DashboardAcl{ + err := updateDashboardACL(t, dashboardStore, folder.Id, models.DashboardACL{ DashboardID: folder.Id, OrgID: 1, UserID: otherUser, @@ -75,7 +75,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) { }) t.Run("when the user is given permission", func(t *testing.T) { - err := updateDashboardAcl(t, dashboardStore, folder.Id, models.DashboardAcl{ + err := updateDashboardACL(t, dashboardStore, folder.Id, models.DashboardACL{ DashboardID: folder.Id, OrgID: 1, UserID: currentUser.ID, Permission: models.PERMISSION_EDIT, }) require.NoError(t, err) @@ -116,9 +116,9 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) { t.Run("and acl is set for dashboard child and folder has all permissions removed", func(t *testing.T) { var otherUser int64 = 999 - err := updateDashboardAcl(t, dashboardStore, folder.Id) + err := updateDashboardACL(t, dashboardStore, folder.Id) require.NoError(t, err) - err = updateDashboardAcl(t, dashboardStore, childDash.Id, models.DashboardAcl{ + err = updateDashboardACL(t, dashboardStore, childDash.Id, models.DashboardACL{ DashboardID: folder.Id, OrgID: 1, UserID: otherUser, Permission: models.PERMISSION_EDIT, }) require.NoError(t, err) @@ -134,7 +134,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) { }) t.Run("when the user is given permission to child", func(t *testing.T) { - err := updateDashboardAcl(t, dashboardStore, childDash.Id, models.DashboardAcl{ + err := updateDashboardACL(t, dashboardStore, childDash.Id, models.DashboardACL{ DashboardID: childDash.Id, OrgID: 1, UserID: currentUser.ID, Permission: models.PERMISSION_EDIT, }) require.NoError(t, err) @@ -211,7 +211,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) { t.Run("and acl is set for one dashboard folder", func(t *testing.T) { const otherUser int64 = 999 - err := updateDashboardAcl(t, dashboardStore, folder1.Id, models.DashboardAcl{ + err := updateDashboardACL(t, dashboardStore, folder1.Id, models.DashboardACL{ DashboardID: folder1.Id, OrgID: 1, UserID: otherUser, Permission: models.PERMISSION_EDIT, }) require.NoError(t, err) @@ -252,7 +252,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) { }) t.Run("and a dashboard with an acl is moved to the folder without an acl", func(t *testing.T) { - err := updateDashboardAcl(t, dashboardStore, childDash1.Id, models.DashboardAcl{ + err := updateDashboardACL(t, dashboardStore, childDash1.Id, models.DashboardACL{ DashboardID: childDash1.Id, OrgID: 1, UserID: otherUser, Permission: models.PERMISSION_EDIT, }) require.NoError(t, err) @@ -348,7 +348,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) { }) t.Run("Should have write access to one dashboard folder if default role changed to view for one folder", func(t *testing.T) { - err := updateDashboardAcl(t, dashboardStore, folder1.Id, models.DashboardAcl{ + err := updateDashboardACL(t, dashboardStore, folder1.Id, models.DashboardACL{ DashboardID: folder1.Id, OrgID: 1, UserID: editorUser.ID, Permission: models.PERMISSION_VIEW, }) require.NoError(t, err) @@ -394,7 +394,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) { }) t.Run("Should be able to get one dashboard folder if default role changed to edit for one folder", func(t *testing.T) { - err := updateDashboardAcl(t, dashboardStore, folder1.Id, models.DashboardAcl{ + err := updateDashboardACL(t, dashboardStore, folder1.Id, models.DashboardACL{ DashboardID: folder1.Id, OrgID: 1, UserID: viewerUser.ID, Permission: models.PERMISSION_EDIT, }) require.NoError(t, err) @@ -427,7 +427,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) { }) t.Run("and admin permission is given for user with org role viewer in one dashboard folder", func(t *testing.T) { - err := updateDashboardAcl(t, dashboardStore, folder1.Id, models.DashboardAcl{ + err := updateDashboardACL(t, dashboardStore, folder1.Id, models.DashboardACL{ DashboardID: folder1.Id, OrgID: 1, UserID: viewerUser.ID, Permission: models.PERMISSION_ADMIN, }) require.NoError(t, err) @@ -443,7 +443,7 @@ func TestIntegrationDashboardFolderDataAccess(t *testing.T) { }) t.Run("and edit permission is given for user with org role viewer in one dashboard folder", func(t *testing.T) { - err := updateDashboardAcl(t, dashboardStore, folder1.Id, models.DashboardAcl{ + err := updateDashboardACL(t, dashboardStore, folder1.Id, models.DashboardACL{ DashboardID: folder1.Id, OrgID: 1, UserID: viewerUser.ID, Permission: models.PERMISSION_EDIT, }) require.NoError(t, err) diff --git a/pkg/services/dashboards/database/database_test.go b/pkg/services/dashboards/database/database_test.go index d0332cebc99..98bfd184ce0 100644 --- a/pkg/services/dashboards/database/database_test.go +++ b/pkg/services/dashboards/database/database_test.go @@ -723,11 +723,11 @@ func insertTestDashboardForPlugin(t *testing.T, dashboardStore *DashboardStore, return dash } -func updateDashboardAcl(t *testing.T, dashboardStore *DashboardStore, dashboardID int64, - items ...models.DashboardAcl) error { +func updateDashboardACL(t *testing.T, dashboardStore *DashboardStore, dashboardID int64, + items ...models.DashboardACL) error { t.Helper() - var itemPtrs []*models.DashboardAcl + var itemPtrs []*models.DashboardACL for _, it := range items { item := it item.Created = time.Now() diff --git a/pkg/services/dashboards/service/dashboard_service.go b/pkg/services/dashboards/service/dashboard_service.go index 14f8cd2d728..e5a10f6fbd7 100644 --- a/pkg/services/dashboards/service/dashboard_service.go +++ b/pkg/services/dashboards/service/dashboard_service.go @@ -173,7 +173,7 @@ func (dr *DashboardServiceImpl) BuildSaveDashboardCommand(ctx context.Context, d return cmd, nil } -func (dr *DashboardServiceImpl) UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardAcl) error { +func (dr *DashboardServiceImpl) UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardACL) error { return dr.dashboardStore.UpdateDashboardACL(ctx, uid, items) } @@ -371,7 +371,7 @@ func (dr *DashboardServiceImpl) MakeUserAdmin(ctx context.Context, orgID int64, rtEditor := models.ROLE_EDITOR rtViewer := models.ROLE_VIEWER - items := []*models.DashboardAcl{ + items := []*models.DashboardACL{ { OrgID: orgID, DashboardID: dashboardID, @@ -384,7 +384,7 @@ func (dr *DashboardServiceImpl) MakeUserAdmin(ctx context.Context, orgID int64, if setViewAndEditPermissions { items = append(items, - &models.DashboardAcl{ + &models.DashboardACL{ OrgID: orgID, DashboardID: dashboardID, Role: &rtEditor, @@ -392,7 +392,7 @@ func (dr *DashboardServiceImpl) MakeUserAdmin(ctx context.Context, orgID int64, Created: time.Now(), Updated: time.Now(), }, - &models.DashboardAcl{ + &models.DashboardACL{ OrgID: orgID, DashboardID: dashboardID, Role: &rtViewer, @@ -578,8 +578,8 @@ func makeQueryResult(query *models.FindPersistedDashboardsQuery, res []dashboard } } -func (dr *DashboardServiceImpl) GetDashboardAclInfoList(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { - return dr.dashboardStore.GetDashboardAclInfoList(ctx, query) +func (dr *DashboardServiceImpl) GetDashboardACLInfoList(ctx context.Context, query *models.GetDashboardACLInfoListQuery) error { + return dr.dashboardStore.GetDashboardACLInfoList(ctx, query) } func (dr *DashboardServiceImpl) HasAdminPermissionInDashboardsOrFolders(ctx context.Context, query *models.HasAdminPermissionInDashboardsOrFoldersQuery) error { diff --git a/pkg/services/dashboards/store_mock.go b/pkg/services/dashboards/store_mock.go index 0695797b999..a84db251092 100644 --- a/pkg/services/dashboards/store_mock.go +++ b/pkg/services/dashboards/store_mock.go @@ -90,12 +90,12 @@ func (_m *FakeDashboardStore) GetDashboard(ctx context.Context, query *models.Ge return r0, r1 } -// GetDashboardAclInfoList provides a mock function with given fields: ctx, query -func (_m *FakeDashboardStore) GetDashboardAclInfoList(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { +// GetDashboardACLInfoList provides a mock function with given fields: ctx, query +func (_m *FakeDashboardStore) GetDashboardACLInfoList(ctx context.Context, query *models.GetDashboardACLInfoListQuery) error { ret := _m.Called(ctx, query) var r0 error - if rf, ok := ret.Get(0).(func(context.Context, *models.GetDashboardAclInfoListQuery) error); ok { + if rf, ok := ret.Get(0).(func(context.Context, *models.GetDashboardACLInfoListQuery) error); ok { r0 = rf(ctx, query) } else { r0 = ret.Error(0) @@ -401,11 +401,11 @@ func (_m *FakeDashboardStore) UnprovisionDashboard(ctx context.Context, id int64 } // UpdateDashboardACL provides a mock function with given fields: ctx, uid, items -func (_m *FakeDashboardStore) UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardAcl) error { +func (_m *FakeDashboardStore) UpdateDashboardACL(ctx context.Context, uid int64, items []*models.DashboardACL) error { ret := _m.Called(ctx, uid, items) var r0 error - if rf, ok := ret.Get(0).(func(context.Context, int64, []*models.DashboardAcl) error); ok { + if rf, ok := ret.Get(0).(func(context.Context, int64, []*models.DashboardACL) error); ok { r0 = rf(ctx, uid, items) } else { r0 = ret.Error(0) diff --git a/pkg/services/guardian/accesscontrol_guardian.go b/pkg/services/guardian/accesscontrol_guardian.go index 7287d3ae04b..db7f5d9ad75 100644 --- a/pkg/services/guardian/accesscontrol_guardian.go +++ b/pkg/services/guardian/accesscontrol_guardian.go @@ -153,13 +153,13 @@ func (a *AccessControlDashboardGuardian) evaluate(evaluator accesscontrol.Evalua return ok, err } -func (a *AccessControlDashboardGuardian) CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardAcl) (bool, error) { +func (a *AccessControlDashboardGuardian) CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardACL) (bool, error) { // always true for access control return true, nil } -// GetAcl translate access control permissions to dashboard acl info -func (a *AccessControlDashboardGuardian) GetAcl() ([]*models.DashboardAclInfoDTO, error) { +// GetACL translate access control permissions to dashboard acl info +func (a *AccessControlDashboardGuardian) GetACL() ([]*models.DashboardACLInfoDTO, error) { if err := a.loadDashboard(); err != nil { return nil, err } @@ -176,7 +176,7 @@ func (a *AccessControlDashboardGuardian) GetAcl() ([]*models.DashboardAclInfoDTO return nil, err } - acl := make([]*models.DashboardAclInfoDTO, 0, len(permissions)) + acl := make([]*models.DashboardACLInfoDTO, 0, len(permissions)) for _, p := range permissions { if !p.IsManaged { continue @@ -188,7 +188,7 @@ func (a *AccessControlDashboardGuardian) GetAcl() ([]*models.DashboardAclInfoDTO role = &tmp } - acl = append(acl, &models.DashboardAclInfoDTO{ + acl = append(acl, &models.DashboardACLInfoDTO{ OrgId: a.dashboard.OrgId, DashboardId: a.dashboard.Id, FolderId: a.dashboard.FolderId, @@ -215,17 +215,17 @@ func (a *AccessControlDashboardGuardian) GetAcl() ([]*models.DashboardAclInfoDTO return acl, nil } -func (a *AccessControlDashboardGuardian) GetACLWithoutDuplicates() ([]*models.DashboardAclInfoDTO, error) { - return a.GetAcl() +func (a *AccessControlDashboardGuardian) GetACLWithoutDuplicates() ([]*models.DashboardACLInfoDTO, error) { + return a.GetACL() } -func (a *AccessControlDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*models.DashboardAcl, error) { - var hiddenACL []*models.DashboardAcl +func (a *AccessControlDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*models.DashboardACL, error) { + var hiddenACL []*models.DashboardACL if a.user.IsGrafanaAdmin { return hiddenACL, nil } - existingPermissions, err := a.GetAcl() + existingPermissions, err := a.GetACL() if err != nil { return hiddenACL, err } @@ -236,7 +236,7 @@ func (a *AccessControlDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*mode } if _, hidden := cfg.HiddenUsers[item.UserLogin]; hidden { - hiddenACL = append(hiddenACL, &models.DashboardAcl{ + hiddenACL = append(hiddenACL, &models.DashboardACL{ OrgID: item.OrgId, DashboardID: item.DashboardId, UserID: item.UserId, diff --git a/pkg/services/guardian/guardian.go b/pkg/services/guardian/guardian.go index fcf278642ef..5c9af681ecb 100644 --- a/pkg/services/guardian/guardian.go +++ b/pkg/services/guardian/guardian.go @@ -24,23 +24,23 @@ type DashboardGuardian interface { CanAdmin() (bool, error) CanDelete() (bool, error) CanCreate(folderID int64, isFolder bool) (bool, error) - CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardAcl) (bool, error) + CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardACL) (bool, error) - // GetAcl returns ACL. - GetAcl() ([]*models.DashboardAclInfoDTO, error) + // GetACL returns ACL. + GetACL() ([]*models.DashboardACLInfoDTO, error) // GetACLWithoutDuplicates returns ACL and strips any permission // that already has an inherited permission with higher or equal // permission. - GetACLWithoutDuplicates() ([]*models.DashboardAclInfoDTO, error) - GetHiddenACL(*setting.Cfg) ([]*models.DashboardAcl, error) + GetACLWithoutDuplicates() ([]*models.DashboardACLInfoDTO, error) + GetHiddenACL(*setting.Cfg) ([]*models.DashboardACL, error) } type dashboardGuardianImpl struct { user *models.SignedInUser dashId int64 orgId int64 - acl []*models.DashboardAclInfoDTO + acl []*models.DashboardACLInfoDTO teams []*models.TeamDTO log log.Logger ctx context.Context @@ -101,12 +101,12 @@ func (g *dashboardGuardianImpl) HasPermission(permission models.PermissionType) return g.logHasPermissionResult(permission, true, nil) } - acl, err := g.GetAcl() + acl, err := g.GetACL() if err != nil { return g.logHasPermissionResult(permission, false, err) } - result, err := g.checkAcl(permission, acl) + result, err := g.checkACL(permission, acl) return g.logHasPermissionResult(permission, result, err) } @@ -124,9 +124,9 @@ func (g *dashboardGuardianImpl) logHasPermissionResult(permission models.Permiss return hasPermission, err } -func (g *dashboardGuardianImpl) checkAcl(permission models.PermissionType, acl []*models.DashboardAclInfoDTO) (bool, error) { +func (g *dashboardGuardianImpl) checkACL(permission models.PermissionType, acl []*models.DashboardACLInfoDTO) (bool, error) { orgRole := g.user.OrgRole - teamAclItems := []*models.DashboardAclInfoDTO{} + teamACLItems := []*models.DashboardACLInfoDTO{} for _, p := range acl { // user match @@ -145,12 +145,12 @@ func (g *dashboardGuardianImpl) checkAcl(permission models.PermissionType, acl [ // remember this rule for later if p.TeamId > 0 { - teamAclItems = append(teamAclItems, p) + teamACLItems = append(teamACLItems, p) } } // do we have team rules? - if len(teamAclItems) == 0 { + if len(teamACLItems) == 0 { return false, nil } @@ -172,14 +172,14 @@ func (g *dashboardGuardianImpl) checkAcl(permission models.PermissionType, acl [ return false, nil } -func (g *dashboardGuardianImpl) CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardAcl) (bool, error) { - acl := []*models.DashboardAclInfoDTO{} +func (g *dashboardGuardianImpl) CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardACL) (bool, error) { + acl := []*models.DashboardACLInfoDTO{} adminRole := models.ROLE_ADMIN - everyoneWithAdminRole := &models.DashboardAclInfoDTO{DashboardId: g.dashId, UserId: 0, TeamId: 0, Role: &adminRole, Permission: models.PERMISSION_ADMIN} + everyoneWithAdminRole := &models.DashboardACLInfoDTO{DashboardId: g.dashId, UserId: 0, TeamId: 0, Role: &adminRole, Permission: models.PERMISSION_ADMIN} // validate that duplicate permissions don't exists for _, p := range updatePermissions { - aclItem := &models.DashboardAclInfoDTO{DashboardId: p.DashboardID, UserId: p.UserID, TeamId: p.TeamID, Role: p.Role, Permission: p.Permission} + aclItem := &models.DashboardACLInfoDTO{DashboardId: p.DashboardID, UserId: p.UserID, TeamId: p.TeamID, Role: p.Role, Permission: p.Permission} if aclItem.IsDuplicateOf(everyoneWithAdminRole) { return false, ErrGuardianPermissionExists } @@ -193,7 +193,7 @@ func (g *dashboardGuardianImpl) CheckPermissionBeforeUpdate(permission models.Pe acl = append(acl, aclItem) } - existingPermissions, err := g.GetAcl() + existingPermissions, err := g.GetACL() if err != nil { return false, err } @@ -215,31 +215,31 @@ func (g *dashboardGuardianImpl) CheckPermissionBeforeUpdate(permission models.Pe return true, nil } - return g.checkAcl(permission, existingPermissions) + return g.checkACL(permission, existingPermissions) } -// GetAcl returns dashboard acl -func (g *dashboardGuardianImpl) GetAcl() ([]*models.DashboardAclInfoDTO, error) { +// GetACL returns dashboard acl +func (g *dashboardGuardianImpl) GetACL() ([]*models.DashboardACLInfoDTO, error) { if g.acl != nil { return g.acl, nil } - query := models.GetDashboardAclInfoListQuery{DashboardID: g.dashId, OrgID: g.orgId} - if err := g.dashboardService.GetDashboardAclInfoList(g.ctx, &query); err != nil { + query := models.GetDashboardACLInfoListQuery{DashboardID: g.dashId, OrgID: g.orgId} + if err := g.dashboardService.GetDashboardACLInfoList(g.ctx, &query); err != nil { return nil, err } g.acl = query.Result return g.acl, nil } -func (g *dashboardGuardianImpl) GetACLWithoutDuplicates() ([]*models.DashboardAclInfoDTO, error) { - acl, err := g.GetAcl() +func (g *dashboardGuardianImpl) GetACLWithoutDuplicates() ([]*models.DashboardACLInfoDTO, error) { + acl, err := g.GetACL() if err != nil { return nil, err } - nonInherited := []*models.DashboardAclInfoDTO{} - inherited := []*models.DashboardAclInfoDTO{} + nonInherited := []*models.DashboardACLInfoDTO{} + inherited := []*models.DashboardACLInfoDTO{} for _, aclItem := range acl { if aclItem.Inherited { inherited = append(inherited, aclItem) @@ -248,18 +248,18 @@ func (g *dashboardGuardianImpl) GetACLWithoutDuplicates() ([]*models.DashboardAc } } - result := []*models.DashboardAclInfoDTO{} - for _, nonInheritedAclItem := range nonInherited { + result := []*models.DashboardACLInfoDTO{} + for _, nonInheritedACLItem := range nonInherited { duplicate := false - for _, inheritedAclItem := range inherited { - if nonInheritedAclItem.IsDuplicateOf(inheritedAclItem) && nonInheritedAclItem.Permission <= inheritedAclItem.Permission { + for _, inheritedACLItem := range inherited { + if nonInheritedACLItem.IsDuplicateOf(inheritedACLItem) && nonInheritedACLItem.Permission <= inheritedACLItem.Permission { duplicate = true break } } if !duplicate { - result = append(result, nonInheritedAclItem) + result = append(result, nonInheritedACLItem) } } @@ -280,13 +280,13 @@ func (g *dashboardGuardianImpl) getTeams() ([]*models.TeamDTO, error) { return query.Result, err } -func (g *dashboardGuardianImpl) GetHiddenACL(cfg *setting.Cfg) ([]*models.DashboardAcl, error) { - hiddenACL := make([]*models.DashboardAcl, 0) +func (g *dashboardGuardianImpl) GetHiddenACL(cfg *setting.Cfg) ([]*models.DashboardACL, error) { + hiddenACL := make([]*models.DashboardACL, 0) if g.user.IsGrafanaAdmin { return hiddenACL, nil } - existingPermissions, err := g.GetAcl() + existingPermissions, err := g.GetACL() if err != nil { return hiddenACL, err } @@ -297,7 +297,7 @@ func (g *dashboardGuardianImpl) GetHiddenACL(cfg *setting.Cfg) ([]*models.Dashbo } if _, hidden := cfg.HiddenUsers[item.UserLogin]; hidden { - hiddenACL = append(hiddenACL, &models.DashboardAcl{ + hiddenACL = append(hiddenACL, &models.DashboardACL{ OrgID: item.OrgId, DashboardID: item.DashboardId, UserID: item.UserId, @@ -324,8 +324,8 @@ type FakeDashboardGuardian struct { HasPermissionValue bool CheckPermissionBeforeUpdateValue bool CheckPermissionBeforeUpdateError error - GetAclValue []*models.DashboardAclInfoDTO - GetHiddenAclValue []*models.DashboardAcl + GetACLValue []*models.DashboardACLInfoDTO + GetHiddenACLValue []*models.DashboardACL } func (g *FakeDashboardGuardian) CanSave() (bool, error) { @@ -356,20 +356,20 @@ func (g *FakeDashboardGuardian) HasPermission(permission models.PermissionType) return g.HasPermissionValue, nil } -func (g *FakeDashboardGuardian) CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardAcl) (bool, error) { +func (g *FakeDashboardGuardian) CheckPermissionBeforeUpdate(permission models.PermissionType, updatePermissions []*models.DashboardACL) (bool, error) { return g.CheckPermissionBeforeUpdateValue, g.CheckPermissionBeforeUpdateError } -func (g *FakeDashboardGuardian) GetAcl() ([]*models.DashboardAclInfoDTO, error) { - return g.GetAclValue, nil +func (g *FakeDashboardGuardian) GetACL() ([]*models.DashboardACLInfoDTO, error) { + return g.GetACLValue, nil } -func (g *FakeDashboardGuardian) GetACLWithoutDuplicates() ([]*models.DashboardAclInfoDTO, error) { - return g.GetAcl() +func (g *FakeDashboardGuardian) GetACLWithoutDuplicates() ([]*models.DashboardACLInfoDTO, error) { + return g.GetACL() } -func (g *FakeDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*models.DashboardAcl, error) { - return g.GetHiddenAclValue, nil +func (g *FakeDashboardGuardian) GetHiddenACL(cfg *setting.Cfg) ([]*models.DashboardACL, error) { + return g.GetHiddenACLValue, nil } // nolint:unused diff --git a/pkg/services/guardian/guardian_test.go b/pkg/services/guardian/guardian_test.go index fd74cbcc95c..07e864848bc 100644 --- a/pkg/services/guardian/guardian_test.go +++ b/pkg/services/guardian/guardian_test.go @@ -184,7 +184,7 @@ func (sc *scenarioContext) defaultPermissionScenario(pt permissionType, flag per _, callerFile, callerLine, _ := runtime.Caller(1) sc.callerFile = callerFile sc.callerLine = callerLine - existingPermissions := []*models.DashboardAclInfoDTO{ + existingPermissions := []*models.DashboardACLInfoDTO{ toDto(newEditorRolePermission(defaultDashboardID, models.PERMISSION_EDIT)), toDto(newViewerRolePermission(defaultDashboardID, models.PERMISSION_VIEW)), } @@ -203,17 +203,17 @@ func (sc *scenarioContext) dashboardPermissionScenario(pt permissionType, permis _, callerFile, callerLine, _ := runtime.Caller(1) sc.callerFile = callerFile sc.callerLine = callerLine - var existingPermissions []*models.DashboardAclInfoDTO + var existingPermissions []*models.DashboardACLInfoDTO switch pt { case USER: - existingPermissions = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: dashboardID, UserId: userID, Permission: permission}} + existingPermissions = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: dashboardID, UserId: userID, Permission: permission}} case TEAM: - existingPermissions = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: dashboardID, TeamId: teamID, Permission: permission}} + existingPermissions = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: dashboardID, TeamId: teamID, Permission: permission}} case EDITOR: - existingPermissions = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: dashboardID, Role: &editorRole, Permission: permission}} + existingPermissions = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: dashboardID, Role: &editorRole, Permission: permission}} case VIEWER: - existingPermissions = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: dashboardID, Role: &viewerRole, Permission: permission}} + existingPermissions = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: dashboardID, Role: &viewerRole, Permission: permission}} } permissionScenario(fmt.Sprintf("and %s has permission to %s dashboard", pt.String(), permission.String()), @@ -230,20 +230,20 @@ func (sc *scenarioContext) parentFolderPermissionScenario(pt permissionType, per _, callerFile, callerLine, _ := runtime.Caller(1) sc.callerFile = callerFile sc.callerLine = callerLine - var folderPermissionList []*models.DashboardAclInfoDTO + var folderPermissionList []*models.DashboardACLInfoDTO switch pt { case USER: - folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, + folderPermissionList = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, UserId: userID, Permission: permission, Inherited: true}} case TEAM: - folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, TeamId: teamID, + folderPermissionList = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, TeamId: teamID, Permission: permission, Inherited: true}} case EDITOR: - folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, + folderPermissionList = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, Role: &editorRole, Permission: permission, Inherited: true}} case VIEWER: - folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, + folderPermissionList = []*models.DashboardACLInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, Role: &viewerRole, Permission: permission, Inherited: true}} } @@ -308,7 +308,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() { tc := "When updating dashboard permissions with duplicate permission for user should not be allowed" sc.t.Run(tc, func(t *testing.T) { - p := []*models.DashboardAcl{ + p := []*models.DashboardACL{ newDefaultUserPermission(dashboardID, models.PERMISSION_VIEW), newDefaultUserPermission(dashboardID, models.PERMISSION_ADMIN), } @@ -323,7 +323,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() { tc = "When updating dashboard permissions with duplicate permission for team should not be allowed" sc.t.Run(tc, func(t *testing.T) { - p := []*models.DashboardAcl{ + p := []*models.DashboardACL{ newDefaultTeamPermission(dashboardID, models.PERMISSION_VIEW), newDefaultTeamPermission(dashboardID, models.PERMISSION_ADMIN), } @@ -337,7 +337,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() { tc = "When updating dashboard permissions with duplicate permission for editor role should not be allowed" sc.t.Run(tc, func(t *testing.T) { - p := []*models.DashboardAcl{ + p := []*models.DashboardACL{ newEditorRolePermission(dashboardID, models.PERMISSION_VIEW), newEditorRolePermission(dashboardID, models.PERMISSION_ADMIN), } @@ -352,7 +352,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() { tc = "When updating dashboard permissions with duplicate permission for viewer role should not be allowed" sc.t.Run(tc, func(t *testing.T) { - p := []*models.DashboardAcl{ + p := []*models.DashboardACL{ newViewerRolePermission(dashboardID, models.PERMISSION_VIEW), newViewerRolePermission(dashboardID, models.PERMISSION_ADMIN), } @@ -366,7 +366,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() { tc = "When updating dashboard permissions with duplicate permission for admin role should not be allowed" sc.t.Run(tc, func(t *testing.T) { - p := []*models.DashboardAcl{ + p := []*models.DashboardACL{ newAdminRolePermission(dashboardID, models.PERMISSION_ADMIN), } sc.updatePermissions = p @@ -386,24 +386,24 @@ func (sc *scenarioContext) verifyUpdateDashboardPermissionsShouldBeAllowed(pt pe for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} { tc := fmt.Sprintf("When updating dashboard permissions with %s permissions should be allowed", p.String()) sc.t.Run(tc, func(t *testing.T) { - permissionList := []*models.DashboardAcl{} + permissionList := []*models.DashboardACL{} switch pt { case USER: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newEditorRolePermission(dashboardID, p), newViewerRolePermission(dashboardID, p), newCustomUserPermission(dashboardID, otherUserID, p), newDefaultTeamPermission(dashboardID, p), } case TEAM: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newEditorRolePermission(dashboardID, p), newViewerRolePermission(dashboardID, p), newDefaultUserPermission(dashboardID, p), newCustomTeamPermission(dashboardID, otherTeamID, p), } case EDITOR, VIEWER: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newEditorRolePermission(dashboardID, p), newViewerRolePermission(dashboardID, p), newDefaultUserPermission(dashboardID, p), @@ -432,18 +432,18 @@ func (sc *scenarioContext) verifyUpdateDashboardPermissionsShouldNotBeAllowed(pt for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} { tc := fmt.Sprintf("When updating dashboard permissions with %s permissions should NOT be allowed", p.String()) sc.t.Run(tc, func(t *testing.T) { - permissionList := []*models.DashboardAcl{ + permissionList := []*models.DashboardACL{ newEditorRolePermission(dashboardID, p), newViewerRolePermission(dashboardID, p), } switch pt { case USER: - permissionList = append(permissionList, []*models.DashboardAcl{ + permissionList = append(permissionList, []*models.DashboardACL{ newCustomUserPermission(dashboardID, otherUserID, p), newDefaultTeamPermission(dashboardID, p), }...) case TEAM: - permissionList = append(permissionList, []*models.DashboardAcl{ + permissionList = append(permissionList, []*models.DashboardACL{ newDefaultUserPermission(dashboardID, p), newCustomTeamPermission(dashboardID, otherTeamID, p), }...) @@ -472,24 +472,24 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsShouldBeAllowed( for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} { tc := fmt.Sprintf("When updating child dashboard permissions with %s permissions should be allowed", p.String()) sc.t.Run(tc, func(t *testing.T) { - permissionList := []*models.DashboardAcl{} + permissionList := []*models.DashboardACL{} switch pt { case USER: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newEditorRolePermission(childDashboardID, p), newViewerRolePermission(childDashboardID, p), newCustomUserPermission(childDashboardID, otherUserID, p), newDefaultTeamPermission(childDashboardID, p), } case TEAM: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newEditorRolePermission(childDashboardID, p), newViewerRolePermission(childDashboardID, p), newDefaultUserPermission(childDashboardID, p), newCustomTeamPermission(childDashboardID, otherTeamID, p), } case EDITOR: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newViewerRolePermission(childDashboardID, p), newDefaultUserPermission(childDashboardID, p), newDefaultTeamPermission(childDashboardID, p), @@ -500,7 +500,7 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsShouldBeAllowed( permissionList = append(permissionList, newEditorRolePermission(childDashboardID, p)) } case VIEWER: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newEditorRolePermission(childDashboardID, p), newDefaultUserPermission(childDashboardID, p), newDefaultTeamPermission(childDashboardID, p), @@ -533,24 +533,24 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsShouldNotBeAllow for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} { tc := fmt.Sprintf("When updating child dashboard permissions with %s permissions should NOT be allowed", p.String()) sc.t.Run(tc, func(t *testing.T) { - permissionList := []*models.DashboardAcl{} + permissionList := []*models.DashboardACL{} switch pt { case USER: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newEditorRolePermission(childDashboardID, p), newViewerRolePermission(childDashboardID, p), newCustomUserPermission(childDashboardID, otherUserID, p), newDefaultTeamPermission(childDashboardID, p), } case TEAM: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newEditorRolePermission(childDashboardID, p), newViewerRolePermission(childDashboardID, p), newDefaultUserPermission(childDashboardID, p), newCustomTeamPermission(childDashboardID, otherTeamID, p), } case EDITOR: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newViewerRolePermission(childDashboardID, p), newDefaultUserPermission(childDashboardID, p), newDefaultTeamPermission(childDashboardID, p), @@ -561,7 +561,7 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsShouldNotBeAllow permissionList = append(permissionList, newEditorRolePermission(childDashboardID, p)) } case VIEWER: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newEditorRolePermission(childDashboardID, p), newDefaultUserPermission(childDashboardID, p), newDefaultTeamPermission(childDashboardID, p), @@ -599,22 +599,22 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsWithOverrideShou tc := fmt.Sprintf("When updating child dashboard permissions overriding parent %s permission with %s permission should NOT be allowed", pt.String(), p.String()) sc.t.Run(tc, func(t *testing.T) { - permissionList := []*models.DashboardAcl{} + permissionList := []*models.DashboardACL{} switch pt { case USER: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newDefaultUserPermission(childDashboardID, p), } case TEAM: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newDefaultTeamPermission(childDashboardID, p), } case EDITOR: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newEditorRolePermission(childDashboardID, p), } case VIEWER: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newViewerRolePermission(childDashboardID, p), } } @@ -645,22 +645,22 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsWithOverrideShou pt.String(), p.String(), ) sc.t.Run(tc, func(t *testing.T) { - permissionList := []*models.DashboardAcl{} + permissionList := []*models.DashboardACL{} switch pt { case USER: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newDefaultUserPermission(childDashboardID, p), } case TEAM: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newDefaultTeamPermission(childDashboardID, p), } case EDITOR: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newEditorRolePermission(childDashboardID, p), } case VIEWER: - permissionList = []*models.DashboardAcl{ + permissionList = []*models.DashboardACL{ newViewerRolePermission(childDashboardID, p), } } @@ -686,9 +686,9 @@ func TestGuardianGetHiddenACL(t *testing.T) { t.Run("Get hidden ACL tests", func(t *testing.T) { store := mockstore.NewSQLStoreMock() dashSvc := dashboards.NewFakeDashboardService(t) - dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) { - q := args.Get(1).(*models.GetDashboardAclInfoListQuery) - q.Result = []*models.DashboardAclInfoDTO{ + dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) { + q := args.Get(1).(*models.GetDashboardACLInfoListQuery) + q.Result = []*models.DashboardACLInfoDTO{ {Inherited: false, UserId: 1, UserLogin: "user1", Permission: models.PERMISSION_EDIT}, {Inherited: false, UserId: 2, UserLogin: "user2", Permission: models.PERMISSION_ADMIN}, {Inherited: true, UserId: 3, UserLogin: "user3", Permission: models.PERMISSION_VIEW}, @@ -730,13 +730,13 @@ func TestGuardianGetHiddenACL(t *testing.T) { }) } -func TestGuardianGetAclWithoutDuplicates(t *testing.T) { +func TestGuardianGetACLWithoutDuplicates(t *testing.T) { t.Run("Get hidden ACL tests", func(t *testing.T) { store := mockstore.NewSQLStoreMock() dashSvc := dashboards.NewFakeDashboardService(t) - dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) { - q := args.Get(1).(*models.GetDashboardAclInfoListQuery) - q.Result = []*models.DashboardAclInfoDTO{ + dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) { + q := args.Get(1).(*models.GetDashboardACLInfoListQuery) + q.Result = []*models.DashboardACLInfoDTO{ {Inherited: true, UserId: 3, UserLogin: "user3", Permission: models.PERMISSION_EDIT}, {Inherited: false, UserId: 3, UserLogin: "user3", Permission: models.PERMISSION_VIEW}, {Inherited: false, UserId: 2, UserLogin: "user2", Permission: models.PERMISSION_ADMIN}, @@ -760,7 +760,7 @@ func TestGuardianGetAclWithoutDuplicates(t *testing.T) { require.NoError(t, err) require.NotNil(t, acl) require.Len(t, acl, 6) - require.ElementsMatch(t, []*models.DashboardAclInfoDTO{ + require.ElementsMatch(t, []*models.DashboardACLInfoDTO{ {Inherited: true, UserId: 3, UserLogin: "user3", Permission: models.PERMISSION_EDIT}, {Inherited: true, UserId: 4, UserLogin: "user4", Permission: models.PERMISSION_ADMIN}, {Inherited: true, UserId: 6, UserLogin: "user6", Permission: models.PERMISSION_VIEW}, diff --git a/pkg/services/guardian/guardian_util_test.go b/pkg/services/guardian/guardian_util_test.go index d0f3d6b427d..6dad9430c2b 100644 --- a/pkg/services/guardian/guardian_util_test.go +++ b/pkg/services/guardian/guardian_util_test.go @@ -22,9 +22,9 @@ type scenarioContext struct { g DashboardGuardian givenUser *models.SignedInUser givenDashboardID int64 - givenPermissions []*models.DashboardAclInfoDTO + givenPermissions []*models.DashboardACLInfoDTO givenTeams []*models.TeamDTO - updatePermissions []*models.DashboardAcl + updatePermissions []*models.DashboardACL expectedFlags permissionFlags callerFile string callerLine int @@ -76,7 +76,7 @@ func apiKeyScenario(desc string, t *testing.T, role models.RoleType, fn scenario } func permissionScenario(desc string, dashboardID int64, sc *scenarioContext, - permissions []*models.DashboardAclInfoDTO, fn scenarioFunc) { + permissions []*models.DashboardACLInfoDTO, fn scenarioFunc) { sc.t.Run(desc, func(t *testing.T) { store := mockstore.NewSQLStoreMock() teams := []*models.TeamDTO{} @@ -89,8 +89,8 @@ func permissionScenario(desc string, dashboardID int64, sc *scenarioContext, store.ExpectedTeamsByUser = teams dashSvc := dashboards.NewFakeDashboardService(t) - dashSvc.On("GetDashboardAclInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardAclInfoListQuery")).Run(func(args mock.Arguments) { - q := args.Get(1).(*models.GetDashboardAclInfoListQuery) + dashSvc.On("GetDashboardACLInfoList", mock.Anything, mock.AnythingOfType("*models.GetDashboardACLInfoListQuery")).Run(func(args mock.Arguments) { + q := args.Get(1).(*models.GetDashboardACLInfoListQuery) q.Result = permissions }).Return(nil) @@ -225,36 +225,36 @@ func (sc *scenarioContext) reportFailure(desc string, expected interface{}, actu sc.t.Fatalf(buf.String()) } -func newCustomUserPermission(dashboardID int64, userID int64, permission models.PermissionType) *models.DashboardAcl { - return &models.DashboardAcl{OrgID: orgID, DashboardID: dashboardID, UserID: userID, Permission: permission} +func newCustomUserPermission(dashboardID int64, userID int64, permission models.PermissionType) *models.DashboardACL { + return &models.DashboardACL{OrgID: orgID, DashboardID: dashboardID, UserID: userID, Permission: permission} } -func newDefaultUserPermission(dashboardID int64, permission models.PermissionType) *models.DashboardAcl { +func newDefaultUserPermission(dashboardID int64, permission models.PermissionType) *models.DashboardACL { return newCustomUserPermission(dashboardID, userID, permission) } -func newCustomTeamPermission(dashboardID int64, teamID int64, permission models.PermissionType) *models.DashboardAcl { - return &models.DashboardAcl{OrgID: orgID, DashboardID: dashboardID, TeamID: teamID, Permission: permission} +func newCustomTeamPermission(dashboardID int64, teamID int64, permission models.PermissionType) *models.DashboardACL { + return &models.DashboardACL{OrgID: orgID, DashboardID: dashboardID, TeamID: teamID, Permission: permission} } -func newDefaultTeamPermission(dashboardID int64, permission models.PermissionType) *models.DashboardAcl { +func newDefaultTeamPermission(dashboardID int64, permission models.PermissionType) *models.DashboardACL { return newCustomTeamPermission(dashboardID, teamID, permission) } -func newAdminRolePermission(dashboardID int64, permission models.PermissionType) *models.DashboardAcl { - return &models.DashboardAcl{OrgID: orgID, DashboardID: dashboardID, Role: &adminRole, Permission: permission} +func newAdminRolePermission(dashboardID int64, permission models.PermissionType) *models.DashboardACL { + return &models.DashboardACL{OrgID: orgID, DashboardID: dashboardID, Role: &adminRole, Permission: permission} } -func newEditorRolePermission(dashboardID int64, permission models.PermissionType) *models.DashboardAcl { - return &models.DashboardAcl{OrgID: orgID, DashboardID: dashboardID, Role: &editorRole, Permission: permission} +func newEditorRolePermission(dashboardID int64, permission models.PermissionType) *models.DashboardACL { + return &models.DashboardACL{OrgID: orgID, DashboardID: dashboardID, Role: &editorRole, Permission: permission} } -func newViewerRolePermission(dashboardID int64, permission models.PermissionType) *models.DashboardAcl { - return &models.DashboardAcl{OrgID: orgID, DashboardID: dashboardID, Role: &viewerRole, Permission: permission} +func newViewerRolePermission(dashboardID int64, permission models.PermissionType) *models.DashboardACL { + return &models.DashboardACL{OrgID: orgID, DashboardID: dashboardID, Role: &viewerRole, Permission: permission} } -func toDto(acl *models.DashboardAcl) *models.DashboardAclInfoDTO { - return &models.DashboardAclInfoDTO{ +func toDto(acl *models.DashboardACL) *models.DashboardACLInfoDTO { + return &models.DashboardACLInfoDTO{ OrgId: acl.OrgID, DashboardId: acl.DashboardID, UserId: acl.UserID, diff --git a/pkg/services/libraryelements/libraryelements_test.go b/pkg/services/libraryelements/libraryelements_test.go index 00753e31fed..77068b9a447 100644 --- a/pkg/services/libraryelements/libraryelements_test.go +++ b/pkg/services/libraryelements/libraryelements_test.go @@ -256,11 +256,11 @@ func updateFolderACL(t *testing.T, dashboardStore *database.DashboardStore, fold return } - var aclItems []*models.DashboardAcl + var aclItems []*models.DashboardACL for _, item := range items { role := item.roleType permission := item.permission - aclItems = append(aclItems, &models.DashboardAcl{ + aclItems = append(aclItems, &models.DashboardACL{ DashboardID: folderID, Role: &role, Permission: permission, diff --git a/pkg/services/librarypanels/librarypanels_test.go b/pkg/services/librarypanels/librarypanels_test.go index 9f82feadffe..6ae0f70de21 100644 --- a/pkg/services/librarypanels/librarypanels_test.go +++ b/pkg/services/librarypanels/librarypanels_test.go @@ -1419,11 +1419,11 @@ func updateFolderACL(t *testing.T, dashboardStore *database.DashboardStore, fold return } - var aclItems []*models.DashboardAcl + var aclItems []*models.DashboardACL for _, item := range items { role := item.roleType permission := item.permission - aclItems = append(aclItems, &models.DashboardAcl{ + aclItems = append(aclItems, &models.DashboardACL{ DashboardID: folderID, Role: &role, Permission: permission, diff --git a/pkg/services/ngalert/api/api_ruler_validation_test.go b/pkg/services/ngalert/api/api_ruler_validation_test.go index 9bf26b8fcda..bd4072a59c0 100644 --- a/pkg/services/ngalert/api/api_ruler_validation_test.go +++ b/pkg/services/ngalert/api/api_ruler_validation_test.go @@ -94,7 +94,7 @@ func randFolder() *models2.Folder { Updated: time.Time{}, UpdatedBy: 0, CreatedBy: 0, - HasAcl: false, + HasACL: false, } } diff --git a/pkg/services/ngalert/api/tooling/Makefile b/pkg/services/ngalert/api/tooling/Makefile index 2cf406d766e..82d72f892f4 100644 --- a/pkg/services/ngalert/api/tooling/Makefile +++ b/pkg/services/ngalert/api/tooling/Makefile @@ -52,7 +52,7 @@ copy-files: fix: sed $(SED_INPLACE) -e 's/apimodels\.\[\]PostableAlert/apimodels.PostableAlerts/' $(GENERATED_GO_MATCHERS) - sed $(SED_INPLACE) -e 's/apimodels\.\[\]UpdateDashboardAclCommand/apimodels.Permissions/' $(GENERATED_GO_MATCHERS) + sed $(SED_INPLACE) -e 's/apimodels\.\[\]UpdateDashboardACLCommand/apimodels.Permissions/' $(GENERATED_GO_MATCHERS) sed $(SED_INPLACE) -e 's/apimodels\.\[\]PostableApiReceiver/apimodels.TestReceiversConfigParams/' $(GENERATED_GO_MATCHERS) goimports -w -v $(GENERATED_GO_MATCHERS) diff --git a/pkg/services/sqlstore/migrations/accesscontrol/dashboard_permissions.go b/pkg/services/sqlstore/migrations/accesscontrol/dashboard_permissions.go index 3cd04098ab0..b9232e0b7bb 100644 --- a/pkg/services/sqlstore/migrations/accesscontrol/dashboard_permissions.go +++ b/pkg/services/sqlstore/migrations/accesscontrol/dashboard_permissions.go @@ -80,12 +80,12 @@ func (m dashboardPermissionsMigrator) Exec(sess *xorm.Session, migrator *migrato return err } - var acl []models.DashboardAcl + var acl []models.DashboardACL if err := m.sess.Find(&acl); err != nil { return err } - aclMap := make(map[int64][]models.DashboardAcl, len(acl)) + aclMap := make(map[int64][]models.DashboardACL, len(acl)) for _, p := range acl { aclMap[p.DashboardID] = append(aclMap[p.DashboardID], p) } @@ -97,7 +97,7 @@ func (m dashboardPermissionsMigrator) Exec(sess *xorm.Session, migrator *migrato return nil } -func (m dashboardPermissionsMigrator) migratePermissions(dashboards []dashboard, aclMap map[int64][]models.DashboardAcl) error { +func (m dashboardPermissionsMigrator) migratePermissions(dashboards []dashboard, aclMap map[int64][]models.DashboardACL) error { permissionMap := map[int64]map[string][]*ac.Permission{} for _, d := range dashboards { if d.ID == -1 { @@ -210,7 +210,7 @@ func (m dashboardPermissionsMigrator) mapPermission(id int64, p models.Permissio return permissions } -func getRoleName(p models.DashboardAcl) string { +func getRoleName(p models.DashboardACL) string { if p.UserID != 0 { return fmt.Sprintf("managed:users:%d:permissions", p.UserID) } diff --git a/pkg/services/sqlstore/migrations/dashboard_acl.go b/pkg/services/sqlstore/migrations/dashboard_acl.go index a7fff287f54..ec9adf1e638 100644 --- a/pkg/services/sqlstore/migrations/dashboard_acl.go +++ b/pkg/services/sqlstore/migrations/dashboard_acl.go @@ -2,8 +2,8 @@ package migrations import . "github.com/grafana/grafana/pkg/services/sqlstore/migrator" -func addDashboardAclMigrations(mg *Migrator) { - dashboardAclV1 := Table{ +func addDashboardACLMigrations(mg *Migrator) { + dashboardACLV1 := Table{ Name: "dashboard_acl", Columns: []*Column{ {Name: "id", Type: DB_BigInt, IsPrimaryKey: true, IsAutoIncrement: true}, @@ -27,16 +27,16 @@ func addDashboardAclMigrations(mg *Migrator) { }, } - mg.AddMigration("create dashboard acl table", NewAddTableMigration(dashboardAclV1)) + mg.AddMigration("create dashboard acl table", NewAddTableMigration(dashboardACLV1)) //------- indexes ------------------ - mg.AddMigration("add index dashboard_acl_dashboard_id", NewAddIndexMigration(dashboardAclV1, dashboardAclV1.Indices[0])) - mg.AddMigration("add unique index dashboard_acl_dashboard_id_user_id", NewAddIndexMigration(dashboardAclV1, dashboardAclV1.Indices[1])) - mg.AddMigration("add unique index dashboard_acl_dashboard_id_team_id", NewAddIndexMigration(dashboardAclV1, dashboardAclV1.Indices[2])) - mg.AddMigration("add index dashboard_acl_user_id", NewAddIndexMigration(dashboardAclV1, dashboardAclV1.Indices[3])) - mg.AddMigration("add index dashboard_acl_team_id", NewAddIndexMigration(dashboardAclV1, dashboardAclV1.Indices[4])) - mg.AddMigration("add index dashboard_acl_org_id_role", NewAddIndexMigration(dashboardAclV1, dashboardAclV1.Indices[5])) - mg.AddMigration("add index dashboard_permission", NewAddIndexMigration(dashboardAclV1, dashboardAclV1.Indices[6])) + mg.AddMigration("add index dashboard_acl_dashboard_id", NewAddIndexMigration(dashboardACLV1, dashboardACLV1.Indices[0])) + mg.AddMigration("add unique index dashboard_acl_dashboard_id_user_id", NewAddIndexMigration(dashboardACLV1, dashboardACLV1.Indices[1])) + mg.AddMigration("add unique index dashboard_acl_dashboard_id_team_id", NewAddIndexMigration(dashboardACLV1, dashboardACLV1.Indices[2])) + mg.AddMigration("add index dashboard_acl_user_id", NewAddIndexMigration(dashboardACLV1, dashboardACLV1.Indices[3])) + mg.AddMigration("add index dashboard_acl_team_id", NewAddIndexMigration(dashboardACLV1, dashboardACLV1.Indices[4])) + mg.AddMigration("add index dashboard_acl_org_id_role", NewAddIndexMigration(dashboardACLV1, dashboardACLV1.Indices[5])) + mg.AddMigration("add index dashboard_permission", NewAddIndexMigration(dashboardACLV1, dashboardACLV1.Indices[6])) const rawSQL = ` INSERT INTO dashboard_acl diff --git a/pkg/services/sqlstore/migrations/migrations.go b/pkg/services/sqlstore/migrations/migrations.go index c67971a0736..0e6ea36c180 100644 --- a/pkg/services/sqlstore/migrations/migrations.go +++ b/pkg/services/sqlstore/migrations/migrations.go @@ -42,7 +42,7 @@ func (*OSSMigrations) AddMigration(mg *Migrator) { addTestDataMigrations(mg) addDashboardVersionMigration(mg) addTeamMigrations(mg) - addDashboardAclMigrations(mg) // Do NOT add more migrations to this function. + addDashboardACLMigrations(mg) // Do NOT add more migrations to this function. addTagMigration(mg) addLoginAttemptMigrations(mg) addUserAuthMigrations(mg) diff --git a/pkg/services/sqlstore/migrations/ualert/dashboard.go b/pkg/services/sqlstore/migrations/ualert/dashboard.go index e083c40d5da..917858ae788 100644 --- a/pkg/services/sqlstore/migrations/ualert/dashboard.go +++ b/pkg/services/sqlstore/migrations/ualert/dashboard.go @@ -26,7 +26,7 @@ type dashboard struct { CreatedBy int64 FolderId int64 IsFolder bool - HasAcl bool + HasACL bool `xorm:"has_acl"` Title string Data *simplejson.Json diff --git a/pkg/services/sqlstore/migrations/ualert/permissions.go b/pkg/services/sqlstore/migrations/ualert/permissions.go index 369f6bb15b3..2a74694657c 100644 --- a/pkg/services/sqlstore/migrations/ualert/permissions.go +++ b/pkg/services/sqlstore/migrations/ualert/permissions.go @@ -30,7 +30,7 @@ func (r roleType) IsValid() bool { type permissionType int -type dashboardAcl struct { +type dashboardACL struct { // nolint:stylecheck Id int64 OrgID int64 `xorm:"org_id"` @@ -157,17 +157,17 @@ func (m *folderHelper) generateNewDashboardUid(orgId int64) (string, error) { // based on SQLStore.UpdateDashboardACL() // it should be called from inside a transaction -func (m *folderHelper) setACL(orgID int64, dashboardID int64, items []*dashboardAcl) error { +func (m *folderHelper) setACL(orgID int64, dashboardID int64, items []*dashboardACL) error { if dashboardID <= 0 { return fmt.Errorf("folder id must be greater than zero for a folder permission") } // userPermissionsMap is a map keeping the highest permission per user // for handling conficting inherited (folder) and non-inherited (dashboard) user permissions - userPermissionsMap := make(map[int64]*dashboardAcl, len(items)) + userPermissionsMap := make(map[int64]*dashboardACL, len(items)) // teamPermissionsMap is a map keeping the highest permission per team // for handling conficting inherited (folder) and non-inherited (dashboard) team permissions - teamPermissionsMap := make(map[int64]*dashboardAcl, len(items)) + teamPermissionsMap := make(map[int64]*dashboardACL, len(items)) for _, item := range items { if item.UserID != 0 { acl, ok := userPermissionsMap[item.UserID] @@ -204,7 +204,7 @@ func (m *folderHelper) setACL(orgID int64, dashboardID int64, items []*dashboard seen := make(map[keyType]struct{}, len(items)) for _, item := range items { if item.UserID == 0 && item.TeamID == 0 && (item.Role == nil || !item.Role.IsValid()) { - return models.ErrDashboardAclInfoMissing + return models.ErrDashboardACLInfoMissing } // ignore duplicate user permissions @@ -249,19 +249,19 @@ func (m *folderHelper) setACL(orgID int64, dashboardID int64, items []*dashboard seen[key] = struct{}{} } - // Update dashboard HasAcl flag - dashboard := models.Dashboard{HasAcl: true} + // Update dashboard HasACL flag + dashboard := models.Dashboard{HasACL: true} _, err := m.sess.Cols("has_acl").Where("id=?", dashboardID).Update(&dashboard) return err } -// based on SQLStore.GetDashboardAclInfoList() -func (m *folderHelper) getACL(orgID, dashboardID int64) ([]*dashboardAcl, error) { +// based on SQLStore.GetDashboardACLInfoList() +func (m *folderHelper) getACL(orgID, dashboardID int64) ([]*dashboardACL, error) { var err error falseStr := m.mg.Dialect.BooleanStr(false) - result := make([]*dashboardAcl, 0) + result := make([]*dashboardACL, 0) rawSQL := ` -- get distinct permissions for the dashboard and its parent folder SELECT DISTINCT diff --git a/pkg/services/sqlstore/migrations/ualert/ualert.go b/pkg/services/sqlstore/migrations/ualert/ualert.go index 6d7946bc7c6..348e8035587 100644 --- a/pkg/services/sqlstore/migrations/ualert/ualert.go +++ b/pkg/services/sqlstore/migrations/ualert/ualert.go @@ -292,7 +292,7 @@ func (m *migration) Exec(sess *xorm.Session, mg *migrator.Migrator) error { var folder *dashboard switch { - case dash.HasAcl: + case dash.HasACL: folderName := getAlertFolderNameFromDashboard(&dash) f, ok := folderCache[folderName] if !ok { diff --git a/pkg/services/sqlstore/mockstore/mockstore.go b/pkg/services/sqlstore/mockstore/mockstore.go index ad8d48e5f53..eb6a349ba52 100644 --- a/pkg/services/sqlstore/mockstore/mockstore.go +++ b/pkg/services/sqlstore/mockstore/mockstore.go @@ -24,7 +24,7 @@ type SQLStoreMock struct { ExpectedAlert *models.Alert ExpectedPluginSetting *models.PluginSetting ExpectedDashboards []*models.Dashboard - ExpectedDashboardAclInfoList []*models.DashboardAclInfoDTO + ExpectedDashboardACLInfoList []*models.DashboardACLInfoDTO ExpectedUserOrgList []*models.UserOrgDTO ExpectedOrgListResponse OrgListResponse ExpectedTeamsByUser []*models.TeamDTO @@ -327,8 +327,8 @@ func (m *SQLStoreMock) InTransaction(ctx context.Context, fn func(ctx context.Co return m.ExpectedError } -func (m SQLStoreMock) GetDashboardAclInfoList(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { - query.Result = m.ExpectedDashboardAclInfoList +func (m SQLStoreMock) GetDashboardACLInfoList(ctx context.Context, query *models.GetDashboardACLInfoListQuery) error { + query.Result = m.ExpectedDashboardACLInfoList return m.ExpectedError } diff --git a/pkg/services/sqlstore/org_test.go b/pkg/services/sqlstore/org_test.go index 69057ea193b..6070c65b602 100644 --- a/pkg/services/sqlstore/org_test.go +++ b/pkg/services/sqlstore/org_test.go @@ -374,12 +374,12 @@ func TestIntegrationAccountDataAccess(t *testing.T) { dash1 := insertTestDashboard(t, sqlStore, "1 test dash", ac1.OrgID, 0, false, "prod", "webapp") dash2 := insertTestDashboard(t, sqlStore, "2 test dash", ac3.OrgID, 0, false, "prod", "webapp") - err = updateDashboardAcl(t, sqlStore, dash1.Id, &models.DashboardAcl{ + err = updateDashboardACL(t, sqlStore, dash1.Id, &models.DashboardACL{ DashboardID: dash1.Id, OrgID: ac1.OrgID, UserID: ac3.ID, Permission: models.PERMISSION_EDIT, }) require.NoError(t, err) - err = updateDashboardAcl(t, sqlStore, dash2.Id, &models.DashboardAcl{ + err = updateDashboardACL(t, sqlStore, dash2.Id, &models.DashboardACL{ DashboardID: dash2.Id, OrgID: ac3.OrgID, UserID: ac3.ID, Permission: models.PERMISSION_EDIT, }) require.NoError(t, err) @@ -390,18 +390,18 @@ func TestIntegrationAccountDataAccess(t *testing.T) { require.NoError(t, err) t.Run("Should remove dependent permissions for deleted org user", func(t *testing.T) { - permQuery := &models.GetDashboardAclInfoListQuery{DashboardID: dash1.Id, OrgID: ac1.OrgID} + permQuery := &models.GetDashboardACLInfoListQuery{DashboardID: dash1.Id, OrgID: ac1.OrgID} - err = getDashboardAclInfoList(sqlStore, permQuery) + err = getDashboardACLInfoList(sqlStore, permQuery) require.NoError(t, err) require.Equal(t, len(permQuery.Result), 0) }) t.Run("Should not remove dashboard permissions for same user in another org", func(t *testing.T) { - permQuery := &models.GetDashboardAclInfoListQuery{DashboardID: dash2.Id, OrgID: ac3.OrgID} + permQuery := &models.GetDashboardACLInfoListQuery{DashboardID: dash2.Id, OrgID: ac3.OrgID} - err = getDashboardAclInfoList(sqlStore, permQuery) + err = getDashboardACLInfoList(sqlStore, permQuery) require.NoError(t, err) require.Equal(t, len(permQuery.Result), 1) @@ -473,7 +473,7 @@ func insertTestDashboard(t *testing.T, sqlStore *SQLStore, title string, orgId i } //TODO: Use FakeDashboardStore when org has its own service -func updateDashboardAcl(t *testing.T, sqlStore *SQLStore, dashboardID int64, items ...*models.DashboardAcl) error { +func updateDashboardACL(t *testing.T, sqlStore *SQLStore, dashboardID int64, items ...*models.DashboardACL) error { t.Helper() err := sqlStore.WithDbSession(context.Background(), func(sess *DBSession) error { @@ -486,7 +486,7 @@ func updateDashboardAcl(t *testing.T, sqlStore *SQLStore, dashboardID int64, ite item.Created = time.Now() item.Updated = time.Now() if item.UserID == 0 && item.TeamID == 0 && (item.Role == nil || !item.Role.IsValid()) { - return models.ErrDashboardAclInfoMissing + return models.ErrDashboardACLInfoMissing } if item.DashboardID == 0 { @@ -499,8 +499,8 @@ func updateDashboardAcl(t *testing.T, sqlStore *SQLStore, dashboardID int64, ite } } - // Update dashboard HasAcl flag - dashboard := models.Dashboard{HasAcl: true} + // Update dashboard HasACL flag + dashboard := models.Dashboard{HasACL: true} _, err = sess.Cols("has_acl").Where("id=?", dashboardID).Update(&dashboard) return err }) @@ -509,10 +509,10 @@ func updateDashboardAcl(t *testing.T, sqlStore *SQLStore, dashboardID int64, ite // This function was copied from pkg/services/dashboards/database to circumvent // import cycles. When this org-related code is refactored into a service the -// tests can the real GetDashboardAclInfoList functions -func getDashboardAclInfoList(s *SQLStore, query *models.GetDashboardAclInfoListQuery) error { +// tests can the real GetDashboardACLInfoList functions +func getDashboardACLInfoList(s *SQLStore, query *models.GetDashboardACLInfoListQuery) error { outerErr := s.WithDbSession(context.Background(), func(dbSession *DBSession) error { - query.Result = make([]*models.DashboardAclInfoDTO, 0) + query.Result = make([]*models.DashboardACLInfoDTO, 0) falseStr := dialect.BooleanStr(false) if query.DashboardID == 0 { diff --git a/pkg/services/sqlstore/sqlbuilder_test.go b/pkg/services/sqlstore/sqlbuilder_test.go index 926f275a8c1..9021f169219 100644 --- a/pkg/services/sqlstore/sqlbuilder_test.go +++ b/pkg/services/sqlstore/sqlbuilder_test.go @@ -255,7 +255,7 @@ func createDummyDashboard(t *testing.T, sqlStore *SQLStore, dashboardProps Dashb func createDummyACL(t *testing.T, sqlStore *SQLStore, dashboardPermission *DashboardPermission, search Search, dashboardID int64) int64 { t.Helper() - acl := &models.DashboardAcl{ + acl := &models.DashboardACL{ OrgID: 1, Created: time.Now(), Updated: time.Now(), @@ -288,7 +288,7 @@ func createDummyACL(t *testing.T, sqlStore *SQLStore, dashboardPermission *Dashb acl.Role = &dashboardPermission.Role } - err := updateDashboardAcl(t, sqlStore, dashboardID, acl) + err := updateDashboardACL(t, sqlStore, dashboardID, acl) require.NoError(t, err) if user != nil { return user.ID diff --git a/pkg/services/sqlstore/team_test.go b/pkg/services/sqlstore/team_test.go index 2726ad0e2ef..b84383c3359 100644 --- a/pkg/services/sqlstore/team_test.go +++ b/pkg/services/sqlstore/team_test.go @@ -291,7 +291,7 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) { require.NoError(t, err) err = sqlStore.AddTeamMember(userIds[2], testOrgID, groupId, false, 0) require.NoError(t, err) - err = updateDashboardAcl(t, sqlStore, 1, &models.DashboardAcl{ + err = updateDashboardACL(t, sqlStore, 1, &models.DashboardACL{ DashboardID: 1, OrgID: testOrgID, Permission: models.PERMISSION_EDIT, TeamID: groupId, }) require.NoError(t, err) @@ -302,8 +302,8 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) { err = sqlStore.GetTeamById(context.Background(), query) require.Equal(t, err, models.ErrTeamNotFound) - permQuery := &models.GetDashboardAclInfoListQuery{DashboardID: 1, OrgID: testOrgID} - err = getDashboardAclInfoList(sqlStore, permQuery) + permQuery := &models.GetDashboardACLInfoListQuery{DashboardID: 1, OrgID: testOrgID} + err = getDashboardACLInfoList(sqlStore, permQuery) require.NoError(t, err) require.Equal(t, len(permQuery.Result), 0) diff --git a/pkg/services/sqlstore/user_test.go b/pkg/services/sqlstore/user_test.go index ca419fa583d..47da354fadb 100644 --- a/pkg/services/sqlstore/user_test.go +++ b/pkg/services/sqlstore/user_test.go @@ -357,7 +357,7 @@ func TestIntegrationUserDataAccess(t *testing.T) { }) require.Nil(t, err) - err = updateDashboardAcl(t, ss, 1, &models.DashboardAcl{ + err = updateDashboardACL(t, ss, 1, &models.DashboardACL{ DashboardID: 1, OrgID: users[0].OrgID, UserID: users[1].ID, Permission: models.PERMISSION_EDIT, }) @@ -373,8 +373,8 @@ func TestIntegrationUserDataAccess(t *testing.T) { require.Len(t, query1.Result, 1) - permQuery := &models.GetDashboardAclInfoListQuery{DashboardID: 1, OrgID: users[0].OrgID} - err = getDashboardAclInfoList(ss, permQuery) + permQuery := &models.GetDashboardACLInfoListQuery{DashboardID: 1, OrgID: users[0].OrgID} + err = getDashboardACLInfoList(ss, permQuery) require.Nil(t, err) require.Len(t, permQuery.Result, 0) @@ -396,7 +396,7 @@ func TestIntegrationUserDataAccess(t *testing.T) { }) require.Nil(t, err) - err = updateDashboardAcl(t, ss, 1, &models.DashboardAcl{ + err = updateDashboardACL(t, ss, 1, &models.DashboardACL{ DashboardID: 1, OrgID: users[0].OrgID, UserID: users[1].ID, Permission: models.PERMISSION_EDIT, }) @@ -447,8 +447,8 @@ func TestIntegrationUserDataAccess(t *testing.T) { require.Len(t, query2.Result, 1) - permQuery = &models.GetDashboardAclInfoListQuery{DashboardID: 1, OrgID: users[0].OrgID} - err = getDashboardAclInfoList(ss, permQuery) + permQuery = &models.GetDashboardACLInfoListQuery{DashboardID: 1, OrgID: users[0].OrgID} + err = getDashboardACLInfoList(ss, permQuery) require.Nil(t, err) require.Len(t, permQuery.Result, 0)