| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 |
- package sqlstore
- import (
- "bytes"
- "strings"
- m "github.com/grafana/grafana/pkg/models"
- )
- type SqlBuilder struct {
- sql bytes.Buffer
- params []interface{}
- }
- func (sb *SqlBuilder) writeDashboardPermissionFilter(user *m.SignedInUser, permission m.PermissionType) {
- if user.OrgRole == m.ROLE_ADMIN {
- return
- }
- okRoles := []interface{}{user.OrgRole}
- if user.OrgRole == m.ROLE_EDITOR {
- okRoles = append(okRoles, m.ROLE_VIEWER)
- }
- // SELECT dash.id, dash.title, dash.folder_id
- // FROM dashboard AS dash
- // LEFT JOIN dashboard folder on folder.id = dash.folder_id
- // LEFT JOIN dashboard_acl AS da ON
- // da.dashboard_id = dash.id OR
- // da.dashboard_id = dash.folder_id OR
- // (
- // -- include default permissions -->
- // da.org_id = -1 AND (folder.has_acl = 0 OR (dash.has_acl = 0 AND dash.folder_id = 0))
- // )
- // LEFT JOIN team_member as ugm on ugm.team_id = da.team_id
- // WHERE
- // dash.org_id = 5 AND
- // (
- // da.user_id = 8 or
- // ugm.user_id = 8 or
- // da.role in ('Viewer', 'Editor')
- // ) AND
- // da.permission > 1
- //
- sb.sql.WriteString(` AND
- (
- dashboard.has_acl = ` + dialect.BooleanStr(false) + ` OR
- dashboard.id in (
- SELECT distinct d.id AS DashboardId
- FROM dashboard AS d
- LEFT JOIN dashboard_acl as da on d.folder_id = da.dashboard_id or d.id = da.dashboard_id
- LEFT JOIN team_member as ugm on ugm.team_id = da.team_id
- WHERE
- d.has_acl = ` + dialect.BooleanStr(true) + ` AND
- d.org_id = ? AND
- da.permission >= ? AND
- (da.user_id = ? or ugm.user_id = ? or da.role IN (?` + strings.Repeat(",?", len(okRoles)-1) + `))
- )
- )`)
- sb.params = append(sb.params, user.OrgId, permission, user.UserId, user.UserId)
- sb.params = append(sb.params, okRoles...)
- }
|
