mirror of
https://github.com/grafana/grafana.git
synced 2025-01-18 20:43:26 -06:00
605d056136
* * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>
105 lines
2.5 KiB
Go
105 lines
2.5 KiB
Go
package models
|
|
|
|
import (
|
|
"errors"
|
|
"time"
|
|
)
|
|
|
|
// Typed errors
|
|
var (
|
|
ErrTeamNotFound = errors.New("team not found")
|
|
ErrTeamNameTaken = errors.New("team name is taken")
|
|
ErrTeamMemberNotFound = errors.New("team member not found")
|
|
ErrLastTeamAdmin = errors.New("not allowed to remove last admin")
|
|
ErrNotAllowedToUpdateTeam = errors.New("user not allowed to update team")
|
|
ErrNotAllowedToUpdateTeamInDifferentOrg = errors.New("user not allowed to update team in another org")
|
|
)
|
|
|
|
// Team model
|
|
type Team struct {
|
|
Id int64 `json:"id"`
|
|
OrgId int64 `json:"orgId"`
|
|
Name string `json:"name"`
|
|
Email string `json:"email"`
|
|
|
|
Created time.Time `json:"created"`
|
|
Updated time.Time `json:"updated"`
|
|
}
|
|
|
|
// ---------------------
|
|
// COMMANDS
|
|
|
|
type CreateTeamCommand struct {
|
|
Name string `json:"name" binding:"Required"`
|
|
Email string `json:"email"`
|
|
OrgId int64 `json:"-"`
|
|
|
|
Result Team `json:"-"`
|
|
}
|
|
|
|
type UpdateTeamCommand struct {
|
|
Id int64
|
|
Name string
|
|
Email string
|
|
OrgId int64 `json:"-"`
|
|
}
|
|
|
|
type DeleteTeamCommand struct {
|
|
OrgId int64
|
|
Id int64
|
|
}
|
|
|
|
type GetTeamByIdQuery struct {
|
|
OrgId int64
|
|
Id int64
|
|
SignedInUser *SignedInUser
|
|
HiddenUsers map[string]struct{}
|
|
Result *TeamDTO
|
|
UserIdFilter int64
|
|
}
|
|
|
|
// FilterIgnoreUser is used in a get / search teams query when the caller does not want to filter teams by user ID / membership
|
|
const FilterIgnoreUser int64 = 0
|
|
|
|
type GetTeamsByUserQuery struct {
|
|
OrgId int64
|
|
UserId int64 `json:"userId"`
|
|
Result []*TeamDTO `json:"teams"`
|
|
}
|
|
|
|
type SearchTeamsQuery struct {
|
|
Query string
|
|
Name string
|
|
Limit int
|
|
Page int
|
|
OrgId int64
|
|
UserIdFilter int64
|
|
SignedInUser *SignedInUser
|
|
HiddenUsers map[string]struct{}
|
|
|
|
Result SearchTeamQueryResult
|
|
}
|
|
|
|
type TeamDTO struct {
|
|
Id int64 `json:"id"`
|
|
OrgId int64 `json:"orgId"`
|
|
Name string `json:"name"`
|
|
Email string `json:"email"`
|
|
AvatarUrl string `json:"avatarUrl"`
|
|
MemberCount int64 `json:"memberCount"`
|
|
Permission PermissionType `json:"permission"`
|
|
AccessControl map[string]bool `json:"accessControl"`
|
|
}
|
|
|
|
type SearchTeamQueryResult struct {
|
|
TotalCount int64 `json:"totalCount"`
|
|
Teams []*TeamDTO `json:"teams"`
|
|
Page int `json:"page"`
|
|
PerPage int `json:"perPage"`
|
|
}
|
|
|
|
type IsAdminOfTeamsQuery struct {
|
|
SignedInUser *SignedInUser
|
|
Result bool
|
|
}
|