grafana/pkg/services/sqlstore/dashboard_acl_test.go

package sqlstore

import (
	"testing"

	. "github.com/smartystreets/goconvey/convey"

	m "github.com/grafana/grafana/pkg/models"
)

func TestDashboardAclDataAccess(t *testing.T) {
	Convey("Testing DB", t, func() {
		InitTestDB(t)
		Convey("Given a dashboard folder and a user", func() {
			currentUser := createUser("viewer", "Viewer", false)
			savedFolder := insertTestDashboard("1 test dash folder", 1, 0, true, "prod", "webapp")
			childDash := insertTestDashboard("2 test dash", 1, savedFolder.Id, false, "prod", "webapp")

			Convey("When adding dashboard permission with userId and userGroupId set to 0", func() {
				err := SetDashboardAcl(&m.SetDashboardAclCommand{
					OrgId:       1,
					DashboardId: savedFolder.Id,
					Permission:  m.PERMISSION_EDIT,
				})
				So(err, ShouldEqual, m.ErrDashboardAclInfoMissing)
			})

			Convey("Given dashboard folder permission", func() {
				err := SetDashboardAcl(&m.SetDashboardAclCommand{
					OrgId:       1,
					UserId:      currentUser.Id,
					DashboardId: savedFolder.Id,
					Permission:  m.PERMISSION_EDIT,
				})
				So(err, ShouldBeNil)

				Convey("When reading dashboard acl should include acl for parent folder", func() {
					query := m.GetDashboardAclInfoListQuery{DashboardId: childDash.Id, OrgId: 1}

					err := GetDashboardAclInfoList(&query)
					So(err, ShouldBeNil)

					So(len(query.Result), ShouldEqual, 1)
					So(query.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
				})

				Convey("Given child dashboard permission", func() {
					err := SetDashboardAcl(&m.SetDashboardAclCommand{
						OrgId:       1,
						UserId:      currentUser.Id,
						DashboardId: childDash.Id,
						Permission:  m.PERMISSION_EDIT,
					})
					So(err, ShouldBeNil)

					Convey("When reading dashboard acl should include acl for parent folder and child", func() {
						query := m.GetDashboardAclInfoListQuery{OrgId: 1, DashboardId: childDash.Id}

						err := GetDashboardAclInfoList(&query)
						So(err, ShouldBeNil)

						So(len(query.Result), ShouldEqual, 2)
						So(query.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
						So(query.Result[1].DashboardId, ShouldEqual, childDash.Id)
					})
				})
			})

			Convey("Should be able to add dashboard permission", func() {
				setDashAclCmd := m.SetDashboardAclCommand{
					OrgId:       1,
					UserId:      currentUser.Id,
					DashboardId: savedFolder.Id,
					Permission:  m.PERMISSION_EDIT,
				}

				err := SetDashboardAcl(&setDashAclCmd)
				So(err, ShouldBeNil)

				So(setDashAclCmd.Result.Id, ShouldEqual, 3)

				q1 := &m.GetDashboardAclInfoListQuery{DashboardId: savedFolder.Id, OrgId: 1}
				err = GetDashboardAclInfoList(q1)
				So(err, ShouldBeNil)

				So(q1.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
				So(q1.Result[0].Permission, ShouldEqual, m.PERMISSION_EDIT)
				So(q1.Result[0].PermissionName, ShouldEqual, "Edit")
				So(q1.Result[0].UserId, ShouldEqual, currentUser.Id)
				So(q1.Result[0].UserLogin, ShouldEqual, currentUser.Login)
				So(q1.Result[0].UserEmail, ShouldEqual, currentUser.Email)
				So(q1.Result[0].Id, ShouldEqual, setDashAclCmd.Result.Id)

				Convey("Should update hasAcl field to true for dashboard folder and its children", func() {
					q2 := &m.GetDashboardsQuery{DashboardIds: []int64{savedFolder.Id, childDash.Id}}
					err := GetDashboards(q2)
					So(err, ShouldBeNil)
					So(q2.Result[0].HasAcl, ShouldBeTrue)
					So(q2.Result[1].HasAcl, ShouldBeTrue)
				})

				Convey("Should be able to update an existing permission", func() {
					err := SetDashboardAcl(&m.SetDashboardAclCommand{
						OrgId:       1,
						UserId:      1,
						DashboardId: savedFolder.Id,
						Permission:  m.PERMISSION_ADMIN,
					})

					So(err, ShouldBeNil)

					q3 := &m.GetDashboardAclInfoListQuery{DashboardId: savedFolder.Id, OrgId: 1}
					err = GetDashboardAclInfoList(q3)
					So(err, ShouldBeNil)
					So(len(q3.Result), ShouldEqual, 1)
					So(q3.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
					So(q3.Result[0].Permission, ShouldEqual, m.PERMISSION_ADMIN)
					So(q3.Result[0].UserId, ShouldEqual, 1)

				})

				Convey("Should be able to delete an existing permission", func() {
					err := RemoveDashboardAcl(&m.RemoveDashboardAclCommand{
						OrgId: 1,
						AclId: setDashAclCmd.Result.Id,
					})

					So(err, ShouldBeNil)

					q3 := &m.GetDashboardAclInfoListQuery{DashboardId: savedFolder.Id, OrgId: 1}
					err = GetDashboardAclInfoList(q3)
					So(err, ShouldBeNil)
					So(len(q3.Result), ShouldEqual, 0)
				})
			})

			Convey("Given a user group", func() {
				group1 := m.CreateUserGroupCommand{Name: "group1 name", OrgId: 1}
				err := CreateUserGroup(&group1)
				So(err, ShouldBeNil)

				Convey("Should be able to add a user permission for a user group", func() {
					setDashAclCmd := m.SetDashboardAclCommand{
						OrgId:       1,
						UserGroupId: group1.Result.Id,
						DashboardId: savedFolder.Id,
						Permission:  m.PERMISSION_EDIT,
					}

					err := SetDashboardAcl(&setDashAclCmd)
					So(err, ShouldBeNil)

					q1 := &m.GetDashboardAclInfoListQuery{DashboardId: savedFolder.Id, OrgId: 1}
					err = GetDashboardAclInfoList(q1)
					So(err, ShouldBeNil)
					So(q1.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
					So(q1.Result[0].Permission, ShouldEqual, m.PERMISSION_EDIT)
					So(q1.Result[0].UserGroupId, ShouldEqual, group1.Result.Id)

					Convey("Should be able to delete an existing permission for a user group", func() {
						err := RemoveDashboardAcl(&m.RemoveDashboardAclCommand{
							OrgId: 1,
							AclId: setDashAclCmd.Result.Id,
						})

						So(err, ShouldBeNil)
						q3 := &m.GetDashboardAclInfoListQuery{DashboardId: savedFolder.Id, OrgId: 1}
						err = GetDashboardAclInfoList(q3)
						So(err, ShouldBeNil)
						So(len(q3.Result), ShouldEqual, 0)
					})
				})

				Convey("Should be able to update an existing permission for a user group", func() {
					err := SetDashboardAcl(&m.SetDashboardAclCommand{
						OrgId:       1,
						UserGroupId: group1.Result.Id,
						DashboardId: savedFolder.Id,
						Permission:  m.PERMISSION_ADMIN,
					})
					So(err, ShouldBeNil)

					q3 := &m.GetDashboardAclInfoListQuery{DashboardId: savedFolder.Id, OrgId: 1}
					err = GetDashboardAclInfoList(q3)
					So(err, ShouldBeNil)
					So(len(q3.Result), ShouldEqual, 1)
					So(q3.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
					So(q3.Result[0].Permission, ShouldEqual, m.PERMISSION_ADMIN)
					So(q3.Result[0].UserGroupId, ShouldEqual, group1.Result.Id)
				})

			})
		})
	})
}
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 8 years ago			`package sqlstore`

			`import (`
			`"testing"`

			`. "github.com/smartystreets/goconvey/convey"`

			`m "github.com/grafana/grafana/pkg/models"`
			`)`

			`func TestDashboardAclDataAccess(t *testing.T) {`
			`Convey("Testing DB", t, func() {`
			`InitTestDB(t)`
WIP: get Dashboard Permissions The guardian class checks if the user is allowed to get the permissions for a dashboard. 8 years ago			`Convey("Given a dashboard folder and a user", func() {`
			`currentUser := createUser("viewer", "Viewer", false)`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 8 years ago			`savedFolder := insertTestDashboard("1 test dash folder", 1, 0, true, "prod", "webapp")`
			`childDash := insertTestDashboard("2 test dash", 1, savedFolder.Id, false, "prod", "webapp")`

WIP: remove permissions when deleting global user 8 years ago			`Convey("When adding dashboard permission with userId and userGroupId set to 0", func() {`
refactoring renaming dashboard folder operations 8 years ago			`err := SetDashboardAcl(&m.SetDashboardAclCommand{`
refactoring dashoard folder guardian 8 years ago			`OrgId: 1,`
			`DashboardId: savedFolder.Id,`
dashboard acl work 8 years ago			`Permission: m.PERMISSION_EDIT,`
WIP: remove permissions when deleting global user 8 years ago			`})`
refactoring: renaming 8 years ago			`So(err, ShouldEqual, m.ErrDashboardAclInfoMissing)`
WIP: remove permissions when deleting global user 8 years ago			`})`

refactoring dashboad folder acl checks 8 years ago			`Convey("Given dashboard folder permission", func() {`
refactoring renaming dashboard folder operations 8 years ago			`err := SetDashboardAcl(&m.SetDashboardAclCommand{`
refactoring dashboad folder acl checks 8 years ago			`OrgId: 1,`
			`UserId: currentUser.Id,`
			`DashboardId: savedFolder.Id,`
dashboard acl work 8 years ago			`Permission: m.PERMISSION_EDIT,`
refactoring dashboad folder acl checks 8 years ago			`})`
			`So(err, ShouldBeNil)`

			`Convey("When reading dashboard acl should include acl for parent folder", func() {`
acl fixes 8 years ago			`query := m.GetDashboardAclInfoListQuery{DashboardId: childDash.Id, OrgId: 1}`
refactoring dashboad folder acl checks 8 years ago
acl fixes 8 years ago			`err := GetDashboardAclInfoList(&query)`
refactoring dashboad folder acl checks 8 years ago			`So(err, ShouldBeNil)`

			`So(len(query.Result), ShouldEqual, 1)`
			`So(query.Result[0].DashboardId, ShouldEqual, savedFolder.Id)`
			`})`

			`Convey("Given child dashboard permission", func() {`
refactoring renaming dashboard folder operations 8 years ago			`err := SetDashboardAcl(&m.SetDashboardAclCommand{`
refactoring dashboad folder acl checks 8 years ago			`OrgId: 1,`
			`UserId: currentUser.Id,`
			`DashboardId: childDash.Id,`
dashboard acl work 8 years ago			`Permission: m.PERMISSION_EDIT,`
refactoring dashboad folder acl checks 8 years ago			`})`
			`So(err, ShouldBeNil)`

			`Convey("When reading dashboard acl should include acl for parent folder and child", func() {`
acl fixes 8 years ago			`query := m.GetDashboardAclInfoListQuery{OrgId: 1, DashboardId: childDash.Id}`
refactoring dashboad folder acl checks 8 years ago
acl fixes 8 years ago			`err := GetDashboardAclInfoList(&query)`
refactoring dashboad folder acl checks 8 years ago			`So(err, ShouldBeNil)`

			`So(len(query.Result), ShouldEqual, 2)`
			`So(query.Result[0].DashboardId, ShouldEqual, savedFolder.Id)`
			`So(query.Result[1].DashboardId, ShouldEqual, childDash.Id)`
			`})`
			`})`
			`})`

WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 8 years ago			`Convey("Should be able to add dashboard permission", func() {`
dashboard acl work 8 years ago			`setDashAclCmd := m.SetDashboardAclCommand{`
refactoring dashoard folder guardian 8 years ago			`OrgId: 1,`
			`UserId: currentUser.Id,`
			`DashboardId: savedFolder.Id,`
dashboard acl work 8 years ago			`Permission: m.PERMISSION_EDIT,`
			`}`

			`err := SetDashboardAcl(&setDashAclCmd)`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 8 years ago			`So(err, ShouldBeNil)`

dashboard acl work 8 years ago			`So(setDashAclCmd.Result.Id, ShouldEqual, 3)`

acl fixes 8 years ago			`q1 := &m.GetDashboardAclInfoListQuery{DashboardId: savedFolder.Id, OrgId: 1}`
refactoring more renaming 8 years ago			`err = GetDashboardAclInfoList(q1)`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 8 years ago			`So(err, ShouldBeNil)`
dashboard acl work 8 years ago
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 8 years ago			`So(q1.Result[0].DashboardId, ShouldEqual, savedFolder.Id)`
dashboard acl work 8 years ago			`So(q1.Result[0].Permission, ShouldEqual, m.PERMISSION_EDIT)`
refactoring dashoard folder guardian 8 years ago			`So(q1.Result[0].PermissionName, ShouldEqual, "Edit")`
WIP: get Dashboard Permissions The guardian class checks if the user is allowed to get the permissions for a dashboard. 8 years ago			`So(q1.Result[0].UserId, ShouldEqual, currentUser.Id)`
			`So(q1.Result[0].UserLogin, ShouldEqual, currentUser.Login)`
			`So(q1.Result[0].UserEmail, ShouldEqual, currentUser.Email)`
dashboard acl work 8 years ago			`So(q1.Result[0].Id, ShouldEqual, setDashAclCmd.Result.Id)`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 8 years ago
			`Convey("Should update hasAcl field to true for dashboard folder and its children", func() {`
			`q2 := &m.GetDashboardsQuery{DashboardIds: []int64{savedFolder.Id, childDash.Id}}`
			`err := GetDashboards(q2)`
			`So(err, ShouldBeNil)`
			`So(q2.Result[0].HasAcl, ShouldBeTrue)`
			`So(q2.Result[1].HasAcl, ShouldBeTrue)`
			`})`

			`Convey("Should be able to update an existing permission", func() {`
refactoring renaming dashboard folder operations 8 years ago			`err := SetDashboardAcl(&m.SetDashboardAclCommand{`
refactoring dashoard folder guardian 8 years ago			`OrgId: 1,`
			`UserId: 1,`
			`DashboardId: savedFolder.Id,`
dashboard acl work 8 years ago			`Permission: m.PERMISSION_ADMIN,`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 8 years ago			`})`
dashboard acl work 8 years ago
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 8 years ago			`So(err, ShouldBeNil)`

acl fixes 8 years ago			`q3 := &m.GetDashboardAclInfoListQuery{DashboardId: savedFolder.Id, OrgId: 1}`
refactoring more renaming 8 years ago			`err = GetDashboardAclInfoList(q3)`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 8 years ago			`So(err, ShouldBeNil)`
WIP: Can remove dashboard permission - sql 8 years ago			`So(len(q3.Result), ShouldEqual, 1)`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 8 years ago			`So(q3.Result[0].DashboardId, ShouldEqual, savedFolder.Id)`
dashboard acl work 8 years ago			`So(q3.Result[0].Permission, ShouldEqual, m.PERMISSION_ADMIN)`
WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 8 years ago			`So(q3.Result[0].UserId, ShouldEqual, 1)`

			`})`
WIP: Can remove dashboard permission - sql 8 years ago
			`Convey("Should be able to delete an existing permission", func() {`
refactoring renaming dashboard folder operations 8 years ago			`err := RemoveDashboardAcl(&m.RemoveDashboardAclCommand{`
folders: changed api urls for dashboard acls 8 years ago			`OrgId: 1,`
dashboard acl work 8 years ago			`AclId: setDashAclCmd.Result.Id,`
WIP: Can remove dashboard permission - sql 8 years ago			`})`
dashboard acl work 8 years ago
WIP: Can remove dashboard permission - sql 8 years ago			`So(err, ShouldBeNil)`

acl fixes 8 years ago			`q3 := &m.GetDashboardAclInfoListQuery{DashboardId: savedFolder.Id, OrgId: 1}`
refactoring more renaming 8 years ago			`err = GetDashboardAclInfoList(q3)`
WIP: Can remove dashboard permission - sql 8 years ago			`So(err, ShouldBeNil)`
			`So(len(q3.Result), ShouldEqual, 0)`
			`})`
			`})`

			`Convey("Given a user group", func() {`
			`group1 := m.CreateUserGroupCommand{Name: "group1 name", OrgId: 1}`
			`err := CreateUserGroup(&group1)`
			`So(err, ShouldBeNil)`

			`Convey("Should be able to add a user permission for a user group", func() {`
dashboard acl work 8 years ago			`setDashAclCmd := m.SetDashboardAclCommand{`
refactoring dashoard folder guardian 8 years ago			`OrgId: 1,`
			`UserGroupId: group1.Result.Id,`
			`DashboardId: savedFolder.Id,`
dashboard acl work 8 years ago			`Permission: m.PERMISSION_EDIT,`
			`}`

			`err := SetDashboardAcl(&setDashAclCmd)`
WIP: Can remove dashboard permission - sql 8 years ago			`So(err, ShouldBeNil)`

acl fixes 8 years ago			`q1 := &m.GetDashboardAclInfoListQuery{DashboardId: savedFolder.Id, OrgId: 1}`
refactoring more renaming 8 years ago			`err = GetDashboardAclInfoList(q1)`
WIP: Can remove dashboard permission - sql 8 years ago			`So(err, ShouldBeNil)`
			`So(q1.Result[0].DashboardId, ShouldEqual, savedFolder.Id)`
dashboard acl work 8 years ago			`So(q1.Result[0].Permission, ShouldEqual, m.PERMISSION_EDIT)`
WIP: Can remove dashboard permission - sql 8 years ago			`So(q1.Result[0].UserGroupId, ShouldEqual, group1.Result.Id)`
dashboard acl work 8 years ago
			`Convey("Should be able to delete an existing permission for a user group", func() {`
			`err := RemoveDashboardAcl(&m.RemoveDashboardAclCommand{`
			`OrgId: 1,`
			`AclId: setDashAclCmd.Result.Id,`
			`})`

			`So(err, ShouldBeNil)`
acl fixes 8 years ago			`q3 := &m.GetDashboardAclInfoListQuery{DashboardId: savedFolder.Id, OrgId: 1}`
dashboard acl work 8 years ago			`err = GetDashboardAclInfoList(q3)`
			`So(err, ShouldBeNil)`
			`So(len(q3.Result), ShouldEqual, 0)`
			`})`
WIP: Can remove dashboard permission - sql 8 years ago			`})`

			`Convey("Should be able to update an existing permission for a user group", func() {`
refactoring renaming dashboard folder operations 8 years ago			`err := SetDashboardAcl(&m.SetDashboardAclCommand{`
refactoring dashoard folder guardian 8 years ago			`OrgId: 1,`
			`UserGroupId: group1.Result.Id,`
			`DashboardId: savedFolder.Id,`
dashboard acl work 8 years ago			`Permission: m.PERMISSION_ADMIN,`
WIP: Can remove dashboard permission - sql 8 years ago			`})`
			`So(err, ShouldBeNil)`

acl fixes 8 years ago			`q3 := &m.GetDashboardAclInfoListQuery{DashboardId: savedFolder.Id, OrgId: 1}`
refactoring more renaming 8 years ago			`err = GetDashboardAclInfoList(q3)`
WIP: Can remove dashboard permission - sql 8 years ago			`So(err, ShouldBeNil)`
			`So(len(q3.Result), ShouldEqual, 1)`
			`So(q3.Result[0].DashboardId, ShouldEqual, savedFolder.Id)`
dashboard acl work 8 years ago			`So(q3.Result[0].Permission, ShouldEqual, m.PERMISSION_ADMIN)`
WIP: Can remove dashboard permission - sql 8 years ago			`So(q3.Result[0].UserGroupId, ShouldEqual, group1.Result.Id)`
			`})`

WIP: Add or update Dashboard ACL SQL Integration Tests for the guardian class too. 8 years ago			`})`
			`})`
			`})`
			`}`