dashfolders: use canadmin permission in settings menu

pkg/api/dashboard.go

@@ -57,6 +57,7 @@ func GetDashboard(c *middleware.Context) Response {
 
 	canEdit, _ := guardian.CanEdit()
 	canSave, _ := guardian.CanSave()
+	canAdmin, _ := guardian.CanAdmin()
 
 	isStarred, err := isDashboardStarredByUser(c, dash.Id)
 	if err != nil {
@@ -79,6 +80,7 @@ func GetDashboard(c *middleware.Context) Response {
 		CanStar:     c.IsSignedIn,
 		CanSave:     canSave,
 		CanEdit:     canEdit,
+		CanAdmin:    canAdmin,
 		Created:     dash.Created,
 		Updated:     dash.Updated,
 		UpdatedBy:   updater,

pkg/api/dashboard_test.go

@@ -65,6 +65,7 @@ func TestDashboardApiEndpoint(t *testing.T) {
 				Convey("Should not be able to edit or save dashboard", func() {
 					So(dash.Meta.CanEdit, ShouldBeFalse)
 					So(dash.Meta.CanSave, ShouldBeFalse)
+					So(dash.Meta.CanAdmin, ShouldBeFalse)
 				})
 			})
 
@@ -97,6 +98,7 @@ func TestDashboardApiEndpoint(t *testing.T) {
 				Convey("Should be able to view but not save the dashboard", func() {
 					So(dash.Meta.CanEdit, ShouldBeFalse)
 					So(dash.Meta.CanSave, ShouldBeFalse)
+					So(dash.Meta.CanAdmin, ShouldBeFalse)
 				})
 			})
 
@@ -130,6 +132,7 @@ func TestDashboardApiEndpoint(t *testing.T) {
 				Convey("Should be able to edit or save dashboard", func() {
 					So(dash.Meta.CanEdit, ShouldBeTrue)
 					So(dash.Meta.CanSave, ShouldBeTrue)
+					So(dash.Meta.CanAdmin, ShouldBeFalse)
 				})
 			})
 
@@ -299,6 +302,50 @@ func TestDashboardApiEndpoint(t *testing.T) {
 				Convey("Should be able to get dashboard with edit rights", func() {
 					So(dash.Meta.CanEdit, ShouldBeTrue)
 					So(dash.Meta.CanSave, ShouldBeTrue)
+					So(dash.Meta.CanAdmin, ShouldBeFalse)
+				})
+			})
+
+			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/2", "/api/dashboards/:id", role, func(sc *scenarioContext) {
+				CallDeleteDashboard(sc)
+				So(sc.resp.Code, ShouldEqual, 200)
+			})
+
+			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/id/2/versions/1", "/api/dashboards/id/:dashboardId/versions/:id", role, func(sc *scenarioContext) {
+				CallGetDashboardVersion(sc)
+				So(sc.resp.Code, ShouldEqual, 200)
+			})
+
+			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/id/2/versions", "/api/dashboards/id/:dashboardId/versions", role, func(sc *scenarioContext) {
+				CallGetDashboardVersions(sc)
+				So(sc.resp.Code, ShouldEqual, 200)
+			})
+
+			postDashboardScenario("When calling POST on", "/api/dashboards", "/api/dashboards", role, cmd, func(sc *scenarioContext) {
+				CallPostDashboard(sc)
+				So(sc.resp.Code, ShouldEqual, 200)
+			})
+		})
+
+		Convey("When user is an Org Viewer but has an admin permission", func() {
+			role := m.ROLE_VIEWER
+
+			mockResult := []*m.DashboardAclInfoDTO{
+				{Id: 1, OrgId: 1, DashboardId: 2, UserId: 1, Permission: m.PERMISSION_ADMIN},
+			}
+
+			bus.AddHandler("test", func(query *m.GetDashboardAclInfoListQuery) error {
+				query.Result = mockResult
+				return nil
+			})
+
+			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/2", "/api/dashboards/:id", role, func(sc *scenarioContext) {
+				dash := GetDashboardShouldReturn200(sc)
+
+				Convey("Should be able to get dashboard with edit rights", func() {
+					So(dash.Meta.CanEdit, ShouldBeTrue)
+					So(dash.Meta.CanSave, ShouldBeTrue)
+					So(dash.Meta.CanAdmin, ShouldBeTrue)
 				})
 			})
 

pkg/api/dtos/dashboard.go

@@ -13,6 +13,7 @@ type DashboardMeta struct {
 	Type        string    `json:"type,omitempty"`
 	CanSave     bool      `json:"canSave"`
 	CanEdit     bool      `json:"canEdit"`
+	CanAdmin    bool      `json:"canAdmin"`
 	CanStar     bool      `json:"canStar"`
 	Slug        string    `json:"slug"`
 	Expires     time.Time `json:"expires"`

public/app/core/nav_model_srv.ts

@@ -168,11 +168,13 @@ export class NavModelSrv {
         clickHandler: () => dashNavCtrl.openEditView('annotations')
       });
 
-      menu.push({
-        title: 'Permissions...',
-        icon: 'fa fa-fw fa-lock',
-        clickHandler: () => dashNavCtrl.openEditView('permissions')
-      });
+      if (dashboard.meta.canAdmin) {
+        menu.push({
+          title: 'Permissions...',
+          icon: 'fa fa-fw fa-lock',
+          clickHandler: () => dashNavCtrl.openEditView('permissions')
+        });
+      }
 
       if (!dashboard.meta.isHome) {
         menu.push({

public/app/features/dashboard/partials/settings.html

@@ -4,7 +4,7 @@
 	</h2>
 
 	<ul class="gf-tabs">
-		<li class="gf-tabs-item" ng-repeat="tab in ::['General', 'Rows', 'Links', 'Time picker', 'Permissions']">
+		<li class="gf-tabs-item" ng-repeat="tab in ::['General', 'Rows', 'Links', 'Time picker']">
 			<a class="gf-tabs-link" ng-click="editor.index = $index" ng-class="{active: editor.index === $index}">
 				{{::tab}}
 			</a>