dashboard folders acl work

pkg/api/dashboard_acl.go

@@ -16,15 +16,14 @@ func GetDashboardAcl(c *middleware.Context) Response {
 	}
 
 	guardian := guardian.NewDashboardGuardian(dash, c.SignedInUser)
-
-	canView, err := guardian.CanView(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId)
+	canView, err := guardian.CanView()
 	if err != nil {
 		return ApiError(500, "Failed to get Dashboard ACL", err)
-	} else if !hasPermission {
-		return ApiError(403, "Does not have access to this Dashboard ACL")
+	} else if !canView {
+		return ApiError(403, "Dashboard access denied", nil)
 	}
 
-	query := m.GetDashboardPermissionsQuery{DashboardId: dashboardId}
+	query := m.GetDashboardPermissionsQuery{DashboardId: dash.Id}
 	if err := bus.Dispatch(&query); err != nil {
 		return ApiError(500, "Failed to get Dashboard ACL", err)
 	}
@@ -52,43 +51,43 @@ func PostDashboardAcl(c *middleware.Context, cmd m.AddOrUpdateDashboardPermissio
 }
 
 func DeleteDashboardAclByUser(c *middleware.Context) Response {
-	dashboardId := c.ParamsInt64(":id")
-	userId := c.ParamsInt64(":userId")
-	cmd := m.RemoveDashboardPermissionCommand{DashboardId: dashboardId, UserId: userId, OrgId: c.OrgId}
-
-	hasPermission, err := guardian.CanDeleteFromAcl(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId)
-	if err != nil {
-		return ApiError(500, "Failed to delete from Dashboard ACL", err)
-	}
-
-	if !hasPermission {
-		return Json(403, util.DynMap{"status": "Forbidden", "message": "Does not have access to this Dashboard ACL"})
-	}
-
-	if err := bus.Dispatch(&cmd); err != nil {
-		return ApiError(500, "Failed to delete permission for user", err)
-	}
+	// dashboardId := c.ParamsInt64(":id")
+	// userId := c.ParamsInt64(":userId")
+	// cmd := m.RemoveDashboardPermissionCommand{DashboardId: dashboardId, UserId: userId, OrgId: c.OrgId}
+	//
+	// hasPermission, err := guardian.CanDeleteFromAcl(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId)
+	// if err != nil {
+	// 	return ApiError(500, "Failed to delete from Dashboard ACL", err)
+	// }
+	//
+	// if !hasPermission {
+	// 	return Json(403, util.DynMap{"status": "Forbidden", "message": "Does not have access to this Dashboard ACL"})
+	// }
+	//
+	// if err := bus.Dispatch(&cmd); err != nil {
+	// 	return ApiError(500, "Failed to delete permission for user", err)
+	// }
 
 	return Json(200, "")
 }
 
 func DeleteDashboardAclByUserGroup(c *middleware.Context) Response {
-	dashboardId := c.ParamsInt64(":id")
-	userGroupId := c.ParamsInt64(":userGroupId")
-	cmd := m.RemoveDashboardPermissionCommand{DashboardId: dashboardId, UserGroupId: userGroupId, OrgId: c.OrgId}
-
-	hasPermission, err := guardian.CanDeleteFromAcl(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId)
-	if err != nil {
-		return ApiError(500, "Failed to delete from Dashboard ACL", err)
-	}
-
-	if !hasPermission {
-		return Json(403, util.DynMap{"status": "Forbidden", "message": "Does not have access to this Dashboard ACL"})
-	}
-
-	if err := bus.Dispatch(&cmd); err != nil {
-		return ApiError(500, "Failed to delete permission for user", err)
-	}
+	// dashboardId := c.ParamsInt64(":id")
+	// userGroupId := c.ParamsInt64(":userGroupId")
+	// cmd := m.RemoveDashboardPermissionCommand{DashboardId: dashboardId, UserGroupId: userGroupId, OrgId: c.OrgId}
+	//
+	// hasPermission, err := guardian.CanDeleteFromAcl(dashboardId, c.OrgRole, c.IsGrafanaAdmin, c.OrgId, c.UserId)
+	// if err != nil {
+	// 	return ApiError(500, "Failed to delete from Dashboard ACL", err)
+	// }
+	//
+	// if !hasPermission {
+	// 	return Json(403, util.DynMap{"status": "Forbidden", "message": "Does not have access to this Dashboard ACL"})
+	// }
+	//
+	// if err := bus.Dispatch(&cmd); err != nil {
+	// 	return ApiError(500, "Failed to delete permission for user", err)
+	// }
 
 	return Json(200, "")
 }

pkg/models/dashboard_acl.go

@@ -74,16 +74,21 @@ type AddOrUpdateDashboardPermissionCommand struct {
 
 type RemoveDashboardPermissionCommand struct {
 	DashboardId int64 `json:"dashboardId" binding:"Required"`
-	OrgId       int64 `json:"-"`
 	UserId      int64 `json:"userId"`
 	UserGroupId int64 `json:"userGroupId"`
+
+	OrgId int64 `json:"-"`
 }
 
 //
 // QUERIES
 //
-
 type GetDashboardPermissionsQuery struct {
-	DashboardId int64 `json:"dashboardId" binding:"Required"`
+	DashboardId int64
 	Result      []*DashboardAclInfoDTO
 }
+
+type GetDashboardAclQuery struct {
+	DashboardId int64
+	Result      []*DashboardAcl
+}

pkg/services/guardian/models.go

@@ -1,8 +1,6 @@
 package guardian
 
 import (
-	"fmt"
-
 	"github.com/grafana/grafana/pkg/bus"
 	m "github.com/grafana/grafana/pkg/models"
 )
@@ -22,7 +20,6 @@ func NewDashboardGuardian(dash *m.Dashboard, user *m.SignedInUser) *DashboardGua
 }
 
 func (g *DashboardGuardian) CanSave() (bool, error) {
-	fmt.Printf("user %v, %v", g.user.OrgRole, g.user.HasRole(m.ROLE_EDITOR))
 	if !g.dashboard.HasAcl {
 		return g.user.HasRole(m.ROLE_EDITOR), nil
 	}

pkg/services/sqlstore/dashboard_acl.go

@@ -11,6 +11,7 @@ func init() {
 	bus.AddHandler("sql", AddOrUpdateDashboardPermission)
 	bus.AddHandler("sql", RemoveDashboardPermission)
 	bus.AddHandler("sql", GetDashboardPermissions)
+	bus.AddHandler("sql", GetDashboardAcl)
 }
 
 func AddOrUpdateDashboardPermission(cmd *m.AddOrUpdateDashboardPermissionCommand) error {
@@ -85,6 +86,28 @@ func RemoveDashboardPermission(cmd *m.RemoveDashboardPermissionCommand) error {
 	})
 }
 
+func GetDashboardAcl(query *m.GetDashboardAclQuery) error {
+	rawSQL := `SELECT
+  da.id,
+  da.org_id,
+  da.id,
+  da.dashboard_id,
+  da.user_id,
+  da.user_group_id,
+  da.permissions,
+  da.created,
+  da.updated,
+  FROM` + dialect.Quote("dashboard_acl") + ` as da
+  WHERE dashboard_id IN (
+    SELECT id FROM dashboard where id = ?
+    UNION
+    SELECT parent_id from dashboard where id = ?
+  )`
+
+	query.Result = make([]*m.DashboardAcl, 0)
+	return x.SQL(rawSQL, query.DashboardId).Find(&query.Result)
+}
+
 func GetDashboardPermissions(query *m.GetDashboardPermissionsQuery) error {
 	rawSQL := `SELECT
   da.id,

pkg/services/sqlstore/guardian_test.go

@@ -76,12 +76,12 @@ func createUser(name string, role string, isAdmin bool) m.User {
 	return currentUserCmd.Result
 }
 
-func updateTestDashboardWithAcl(dashId int64, userId int64, permissionType m.PermissionType) {
+func updateTestDashboardWithAcl(dashId int64, userId int64, permission m.PermissionType) {
 	err := AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{
-		OrgId:          1,
-		UserId:         userId,
-		DashboardId:    dashId,
-		PermissionType: permissionType,
+		OrgId:       1,
+		UserId:      userId,
+		DashboardId: dashId,
+		Permissions: permission,
 	})
 	So(err, ShouldBeNil)
 }

pkg/services/sqlstore/user_group_test.go

@@ -94,7 +94,7 @@ func TestUserGroupCommandsAndQueries(t *testing.T) {
 				So(err, ShouldBeNil)
 				err = AddUserGroupMember(&m.AddUserGroupMemberCommand{OrgId: 1, UserGroupId: groupId, UserId: userIds[2]})
 				So(err, ShouldBeNil)
-				err = AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{DashboardId: 1, OrgId: 1, PermissionType: m.PERMISSION_EDIT, UserGroupId: groupId})
+				err = AddOrUpdateDashboardPermission(&m.AddOrUpdateDashboardPermissionCommand{DashboardId: 1, OrgId: 1, Permissions: m.PERMISSION_EDIT, UserGroupId: groupId})
 
 				err = DeleteUserGroup(&m.DeleteUserGroupCommand{Id: groupId})
 				So(err, ShouldBeNil)

pkg/services/sqlstore/user_test.go

@@ -99,7 +99,7 @@ func TestUserDataAccess(t *testing.T) {
 				err = AddOrgUser(&models.AddOrgUserCommand{LoginOrEmail: users[0].Login, Role: models.ROLE_VIEWER, OrgId: users[0].OrgId})
 				So(err, ShouldBeNil)
 
-				err = AddOrUpdateDashboardPermission(&models.AddOrUpdateDashboardPermissionCommand{DashboardId: 1, OrgId: users[0].OrgId, UserId: users[0].Id, PermissionType: models.PERMISSION_EDIT})
+				err = AddOrUpdateDashboardPermission(&models.AddOrUpdateDashboardPermissionCommand{DashboardId: 1, OrgId: users[0].OrgId, UserId: users[0].Id, Permissions: models.PERMISSION_EDIT})
 				So(err, ShouldBeNil)
 
 				err = SavePreferences(&models.SavePreferencesCommand{UserId: users[0].Id, OrgId: users[0].OrgId, HomeDashboardId: 1, Theme: "dark"})