| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125 |
- package sqlstore
- import (
- "github.com/grafana/grafana/pkg/bus"
- m "github.com/grafana/grafana/pkg/models"
- )
- func init() {
- bus.AddHandler("sql", UpdateDashboardAcl)
- bus.AddHandler("sql", GetDashboardAclInfoList)
- }
- func UpdateDashboardAcl(cmd *m.UpdateDashboardAclCommand) error {
- return inTransaction(func(sess *DBSession) error {
- // delete existing items
- _, err := sess.Exec("DELETE FROM dashboard_acl WHERE dashboard_id=?", cmd.DashboardId)
- if err != nil {
- return err
- }
- for _, item := range cmd.Items {
- if item.UserId == 0 && item.TeamId == 0 && (item.Role == nil || !item.Role.IsValid()) {
- return m.ErrDashboardAclInfoMissing
- }
- if item.DashboardId == 0 {
- return m.ErrDashboardPermissionDashboardEmpty
- }
- sess.Nullable("user_id", "team_id")
- if _, err := sess.Insert(item); err != nil {
- return err
- }
- }
- // Update dashboard HasAcl flag
- dashboard := m.Dashboard{HasAcl: true}
- _, err = sess.Cols("has_acl").Where("id=?", cmd.DashboardId).Update(&dashboard)
- return err
- })
- }
- // GetDashboardAclInfoList returns a list of permissions for a dashboard. They can be fetched from three
- // different places.
- // 1) Permissions for the dashboard
- // 2) permissions for its parent folder
- // 3) if no specific permissions have been set for the dashboard or its parent folder then get the default permissions
- func GetDashboardAclInfoList(query *m.GetDashboardAclInfoListQuery) error {
- var err error
- falseStr := dialect.BooleanStr(false)
- if query.DashboardId == 0 {
- sql := `SELECT
- da.id,
- da.org_id,
- da.dashboard_id,
- da.user_id,
- da.team_id,
- da.permission,
- da.role,
- da.created,
- da.updated,
- '' as user_login,
- '' as user_email,
- '' as team,
- '' as title,
- '' as slug,
- '' as uid,` +
- falseStr + ` AS is_folder
- FROM dashboard_acl as da
- WHERE da.dashboard_id = -1`
- query.Result = make([]*m.DashboardAclInfoDTO, 0)
- err = x.SQL(sql).Find(&query.Result)
- } else {
- rawSQL := `
- -- get permissions for the dashboard and its parent folder
- SELECT
- da.id,
- da.org_id,
- da.dashboard_id,
- da.user_id,
- da.team_id,
- da.permission,
- da.role,
- da.created,
- da.updated,
- u.login AS user_login,
- u.email AS user_email,
- ug.name AS team,
- ug.email AS team_email,
- d.title,
- d.slug,
- d.uid,
- d.is_folder
- FROM dashboard as d
- LEFT JOIN dashboard folder on folder.id = d.folder_id
- LEFT JOIN dashboard_acl AS da ON
- da.dashboard_id = d.id OR
- da.dashboard_id = d.folder_id OR
- (
- -- include default permissions -->
- da.org_id = -1 AND (
- (folder.id IS NOT NULL AND folder.has_acl = ` + falseStr + `) OR
- (folder.id IS NULL AND d.has_acl = ` + falseStr + `)
- )
- )
- LEFT JOIN ` + dialect.Quote("user") + ` AS u ON u.id = da.user_id
- LEFT JOIN team ug on ug.id = da.team_id
- WHERE d.org_id = ? AND d.id = ? AND da.id IS NOT NULL
- ORDER BY 1 ASC
- `
- query.Result = make([]*m.DashboardAclInfoDTO, 0)
- err = x.SQL(rawSQL, query.OrgId, query.DashboardId).Find(&query.Result)
- }
- for _, p := range query.Result {
- p.PermissionName = p.Permission.String()
- }
- return err
- }
|
