mirror of
https://github.com/grafana/grafana.git
synced 2024-11-26 02:40:26 -06:00
932429a545
* user essentials mob! 🔱 lastFile:pkg/services/libraryelements/writers.go * user essentials mob! 🔱 lastFile:pkg/services/libraryelements/writers.go * user essentials mob! 🔱 lastFile:pkg/services/libraryelements/writers.go * user essentials mob! 🔱 lastFile:pkg/services/libraryelements/writers.go * user essentials mob! 🔱 lastFile:pkg/services/libraryelements/database.go * user essentials mob! 🔱 lastFile:pkg/services/libraryelements/writers.go * user essentials mob! 🔱 lastFile:pkg/services/libraryelements/writers.go * user essentials mob! 🔱 * support filterFolderUIDs in the frontend * move common logic to a variable * fixed FolderLibraryPanelsPage and improved unit test * fix backend lint error * fix formatting error Co-authored-by: Joao Silva <joao.silva@grafana.com> Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com> Co-authored-by: eledobleefe <laura.fernandez@grafana.com> Co-authored-by: joshhunt <josh@trtr.co>
82 lines
1.9 KiB
Go
82 lines
1.9 KiB
Go
package libraryelements
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/grafana/grafana/pkg/models"
|
|
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
|
"github.com/grafana/grafana/pkg/services/dashboards"
|
|
"github.com/grafana/grafana/pkg/services/guardian"
|
|
"github.com/grafana/grafana/pkg/services/org"
|
|
"github.com/grafana/grafana/pkg/services/user"
|
|
)
|
|
|
|
func isGeneralFolder(folderID int64) bool {
|
|
return folderID == 0
|
|
}
|
|
|
|
func isUIDGeneralFolder(folderUID string) bool {
|
|
return folderUID == accesscontrol.GeneralFolderUID
|
|
}
|
|
|
|
func (l *LibraryElementService) requireSupportedElementKind(kindAsInt int64) error {
|
|
kind := models.LibraryElementKind(kindAsInt)
|
|
switch kind {
|
|
case models.PanelElement:
|
|
return nil
|
|
case models.VariableElement:
|
|
return nil
|
|
default:
|
|
return errLibraryElementUnSupportedElementKind
|
|
}
|
|
}
|
|
|
|
func (l *LibraryElementService) requireEditPermissionsOnFolder(ctx context.Context, user *user.SignedInUser, folderID int64) error {
|
|
if isGeneralFolder(folderID) && user.HasRole(org.RoleEditor) {
|
|
return nil
|
|
}
|
|
|
|
if isGeneralFolder(folderID) && user.HasRole(org.RoleViewer) {
|
|
return dashboards.ErrFolderAccessDenied
|
|
}
|
|
folder, err := l.folderService.GetFolderByID(ctx, user, folderID, user.OrgID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
g := guardian.New(ctx, folder.Id, user.OrgID, user)
|
|
|
|
canEdit, err := g.CanEdit()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if !canEdit {
|
|
return dashboards.ErrFolderAccessDenied
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (l *LibraryElementService) requireViewPermissionsOnFolder(ctx context.Context, user *user.SignedInUser, folderID int64) error {
|
|
if isGeneralFolder(folderID) && user.HasRole(org.RoleViewer) {
|
|
return nil
|
|
}
|
|
|
|
folder, err := l.folderService.GetFolderByID(ctx, user, folderID, user.OrgID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
g := guardian.New(ctx, folder.Id, user.OrgID, user)
|
|
|
|
canView, err := g.CanView()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if !canView {
|
|
return dashboards.ErrFolderAccessDenied
|
|
}
|
|
|
|
return nil
|
|
}
|