dashboard: only admin permission added to dashboard in folder.

pkg/api/dashboard.go

@@ -279,7 +279,8 @@ func (hs *HTTPServer) PostDashboard(c *m.ReqContext, cmd m.SaveDashboardCommand)
 
 	if hs.Cfg.EditorsCanOwn && newDashboard {
 		aclService := dashboards.NewAclService()
-		err := aclService.MakeUserAdmin(cmd.OrgId, cmd.UserId, dashboard.Id)
+		inFolder := cmd.FolderId > 0
+		err := aclService.MakeUserAdmin(cmd.OrgId, cmd.UserId, dashboard.Id, !inFolder)
 		if err != nil {
 			hs.log.Error("Could not make user admin", "dashboard", cmd.Result.Title, "user", c.SignedInUser.UserId, "error", err)
 			return Error(500, "Failed to make user admin of dashboard", err)

pkg/api/folder.go

@@ -63,7 +63,7 @@ func (hs *HTTPServer) CreateFolder(c *m.ReqContext, cmd m.CreateFolderCommand) R
 
 	if hs.Cfg.EditorsCanOwn {
 		aclService := dashboards.NewAclService()
-		if err := aclService.MakeUserAdmin(c.OrgId, c.SignedInUser.UserId, cmd.Result.Id); err != nil {
+		if err := aclService.MakeUserAdmin(c.OrgId, c.SignedInUser.UserId, cmd.Result.Id, true); err != nil {
 			hs.log.Error("Could not make user admin", "folder", cmd.Result.Title, "user", c.SignedInUser.UserId, "error", err)
 			return Error(500, "Failed to make user admin of folder", err)
 		}

pkg/services/dashboards/acl_service.go

@@ -18,7 +18,7 @@ type AclService struct {
 	log log.Logger
 }
 
-func (as *AclService) MakeUserAdmin(orgId int64, userId int64, dashboardId int64) error {
+func (as *AclService) MakeUserAdmin(orgId int64, userId int64, dashboardId int64, setViewAndEditPermissions bool) error {
 	rtEditor := models.ROLE_EDITOR
 	rtViewer := models.ROLE_VIEWER
 
@@ -31,22 +31,27 @@ func (as *AclService) MakeUserAdmin(orgId int64, userId int64, dashboardId int64
 			Created:     time.Now(),
 			Updated:     time.Now(),
 		},
-		{
-			OrgId:       orgId,
-			DashboardId: dashboardId,
-			Role:        &rtEditor,
-			Permission:  models.PERMISSION_EDIT,
-			Created:     time.Now(),
-			Updated:     time.Now(),
-		},
-		{
-			OrgId:       orgId,
-			DashboardId: dashboardId,
-			Role:        &rtViewer,
-			Permission:  models.PERMISSION_VIEW,
-			Created:     time.Now(),
-			Updated:     time.Now(),
-		},
+	}
+
+	if setViewAndEditPermissions {
+		items = append(items,
+			&models.DashboardAcl{
+				OrgId:       orgId,
+				DashboardId: dashboardId,
+				Role:        &rtEditor,
+				Permission:  models.PERMISSION_EDIT,
+				Created:     time.Now(),
+				Updated:     time.Now(),
+			},
+			&models.DashboardAcl{
+				OrgId:       orgId,
+				DashboardId: dashboardId,
+				Role:        &rtViewer,
+				Permission:  models.PERMISSION_VIEW,
+				Created:     time.Now(),
+				Updated:     time.Now(),
+			},
+		)
 	}
 
 	aclCmd := &models.UpdateDashboardAclCommand{