folders: changed api urls for dashboard acls

8 years ago · aaf2a897b0
parent c4a1803060
commit aaf2a897b0
6 changed files with 37 additions and 61 deletions
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@ -235,24 +235,24 @@ func (hs *HttpServer) registerRoutes() {
 		// Dashboard
 		r.Group("/dashboards", func() {
 			r.Combo("/db/:slug").Get(wrap(GetDashboard)).Delete(wrap(DeleteDashboard))
-
-			r.Get("/id/:dashboardId/versions", wrap(GetDashboardVersions))
-			r.Get("/id/:dashboardId/versions/:id", wrap(GetDashboardVersion))
-			r.Post("/id/:dashboardId/restore", reqEditorRole, bind(dtos.RestoreDashboardVersionCommand{}), wrap(RestoreDashboardVersion))
+			r.Post("/db", bind(m.SaveDashboardCommand{}), wrap(PostDashboard))

 			r.Post("/calculate-diff", bind(dtos.CalculateDiffOptions{}), wrap(CalculateDashboardDiff))
-
-			r.Post("/db", bind(m.SaveDashboardCommand{}), wrap(PostDashboard))
 			r.Get("/file/:file", GetDashboardFromJsonFile)
 			r.Get("/home", wrap(GetHomeDashboard))
 			r.Get("/tags", GetDashboardTags)
 			r.Post("/import", bind(dtos.ImportDashboardCommand{}), wrap(ImportDashboard))

-			r.Group("/:id/acl", func() {
-				r.Get("/", wrap(GetDashboardAcl))
-				r.Post("/", quota("acl"), bind(m.SetDashboardAclCommand{}), wrap(PostDashboardAcl))
-				r.Delete("/user/:userId", wrap(DeleteDashboardAclByUser))
-				r.Delete("/user-group/:userGroupId", wrap(DeleteDashboardAclByUserGroup))
+			r.Group("/id/:dashboardId", func() {
+				r.Get("/versions", wrap(GetDashboardVersions))
+				r.Get("/versions/:id", wrap(GetDashboardVersion))
+				r.Post("/restore", bind(dtos.RestoreDashboardVersionCommand{}), wrap(RestoreDashboardVersion))
+
+				r.Group("/acl", func() {
+					r.Get("/", wrap(GetDashboardAclList))
+					r.Post("/", bind(m.SetDashboardAclCommand{}), wrap(PostDashboardAcl))
+					r.Delete("/:aclId", wrap(DeleteDashboardAcl))
+				})
 			}, reqSignedIn)
 		})

--- a/pkg/api/dashboard_acl.go
+++ b/pkg/api/dashboard_acl.go
@ -9,8 +9,8 @@ import (
 	"github.com/grafana/grafana/pkg/util"
 )

-func GetDashboardAcl(c *middleware.Context) Response {
-	dashId := c.ParamsInt64(":id")
+func GetDashboardAclList(c *middleware.Context) Response {
+	dashId := c.ParamsInt64(":dashboardId")

 	guardian := guardian.NewDashboardGuardian(dashId, c.OrgId, c.SignedInUser)

@ -52,35 +52,16 @@ func PostDashboardAcl(c *middleware.Context, cmd m.SetDashboardAclCommand) Respo
 	})
 }

-func DeleteDashboardAclByUser(c *middleware.Context) Response {
-	dashId := c.ParamsInt64(":id")
-	userId := c.ParamsInt64(":userId")
-
-	guardian := guardian.NewDashboardGuardian(dashId, c.OrgId, c.SignedInUser)
-	if canSave, err := guardian.CanSave(); err != nil || !canSave {
-		return dashboardGuardianResponse(err)
-	}
-
-	cmd := m.RemoveDashboardAclCommand{DashboardId: dashId, UserId: userId, OrgId: c.OrgId}
-
-	if err := bus.Dispatch(&cmd); err != nil {
-		return ApiError(500, "Failed to delete permission for user", err)
-	}
-
-	return Json(200, "")
-}
-
-func DeleteDashboardAclByUserGroup(c *middleware.Context) Response {
-	dashId := c.ParamsInt64(":id")
-	userGroupId := c.ParamsInt64(":userGroupId")
+func DeleteDashboardAcl(c *middleware.Context) Response {
+	dashId := c.ParamsInt64(":dashboardId")
+	aclId := c.ParamsInt64(":aclId")

 	guardian := guardian.NewDashboardGuardian(dashId, c.OrgId, c.SignedInUser)
 	if canSave, err := guardian.CanSave(); err != nil || !canSave {
 		return dashboardGuardianResponse(err)
 	}

-	cmd := m.RemoveDashboardAclCommand{DashboardId: dashId, UserGroupId: userGroupId, OrgId: c.OrgId}
-
+	cmd := m.RemoveDashboardAclCommand{OrgId: c.OrgId, AclId: aclId}
 	if err := bus.Dispatch(&cmd); err != nil {
 		return ApiError(500, "Failed to delete permission for user", err)
 	}
--- a/pkg/api/dashboard_acl_test.go
+++ b/pkg/api/dashboard_acl_test.go
@ -42,9 +42,9 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
 		})

 		Convey("When user is org admin", func() {
-			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/1/acl", "/api/dashboards/:id/acl", models.ROLE_ADMIN, func(sc *scenarioContext) {
+			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/id/1/acl", "/api/dashboards/id/:dashboardsId/acl", models.ROLE_ADMIN, func(sc *scenarioContext) {
 				Convey("Should be able to access ACL", func() {
-					sc.handlerFunc = GetDashboardAcl
+					sc.handlerFunc = GetDashboardAclList
 					sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()

 					So(sc.resp.Code, ShouldEqual, 200)
@ -58,18 +58,18 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
 		})

 		Convey("When user is editor and in the ACL", func() {
-			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/1/acl", "/api/dashboards/:id/acl", models.ROLE_EDITOR, func(sc *scenarioContext) {
+			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/id/1/acl", "/api/dashboards/id/:dashboardId/acl", models.ROLE_EDITOR, func(sc *scenarioContext) {
 				mockResult = append(mockResult, &models.DashboardAcl{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_EDIT})

 				Convey("Should be able to access ACL", func() {
-					sc.handlerFunc = GetDashboardAcl
+					sc.handlerFunc = GetDashboardAclList
 					sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()

 					So(sc.resp.Code, ShouldEqual, 200)
 				})
 			})

-			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/1/acl/user/1", "/api/dashboards/:id/acl/user/:userId", models.ROLE_EDITOR, func(sc *scenarioContext) {
+			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/id/1/acl/1", "/api/dashboards/id/:dashboardId/acl/:aclId", models.ROLE_EDITOR, func(sc *scenarioContext) {
 				mockResult = append(mockResult, &models.DashboardAcl{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_EDIT})

 				bus.AddHandler("test3", func(cmd *models.RemoveDashboardAclCommand) error {
@ -77,7 +77,7 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
 				})

 				Convey("Should be able to delete permission", func() {
-					sc.handlerFunc = DeleteDashboardAclByUser
+					sc.handlerFunc = DeleteDashboardAcl
 					sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()

 					So(sc.resp.Code, ShouldEqual, 200)
@ -85,7 +85,7 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
 			})

 			Convey("When user is a member of a user group in the ACL with edit permission", func() {
-				loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/1/acl/user/1", "/api/dashboards/:id/acl/user/:userId", models.ROLE_EDITOR, func(sc *scenarioContext) {
+				loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/id/1/acl/1", "/api/dashboards/id/:dashboardsId/acl/:aclId", models.ROLE_EDITOR, func(sc *scenarioContext) {
 					userGroupResp = append(userGroupResp, &models.UserGroup{Id: 1, OrgId: 1, Name: "UG1"})

 					bus.AddHandler("test3", func(cmd *models.RemoveDashboardAclCommand) error {
@ -93,7 +93,7 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
 					})

 					Convey("Should be able to delete permission", func() {
-						sc.handlerFunc = DeleteDashboardAclByUser
+						sc.handlerFunc = DeleteDashboardAcl
 						sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()

 						So(sc.resp.Code, ShouldEqual, 200)
@ -103,24 +103,24 @@ func TestDashboardAclApiEndpoint(t *testing.T) {
 		})

 		Convey("When user is editor and not in the ACL", func() {
-			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/1/acl", "/api/dashboards/:id/acl", models.ROLE_EDITOR, func(sc *scenarioContext) {
+			loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/id/1/acl", "/api/dashboards/id/:dashboardsId/acl", models.ROLE_EDITOR, func(sc *scenarioContext) {

 				Convey("Should not be able to access ACL", func() {
-					sc.handlerFunc = GetDashboardAcl
+					sc.handlerFunc = GetDashboardAclList
 					sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()

 					So(sc.resp.Code, ShouldEqual, 403)
 				})
 			})

-			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/1/acl/user/1", "/api/dashboards/:id/acl/user/:userId", models.ROLE_EDITOR, func(sc *scenarioContext) {
+			loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/id/1/acl/user/1", "/api/dashboards/id/:dashboardsId/acl/user/:userId", models.ROLE_EDITOR, func(sc *scenarioContext) {
 				mockResult = append(mockResult, &models.DashboardAcl{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permissions: models.PERMISSION_VIEW})
 				bus.AddHandler("test3", func(cmd *models.RemoveDashboardAclCommand) error {
 					return nil
 				})

 				Convey("Should be not be able to delete permission", func() {
-					sc.handlerFunc = DeleteDashboardAclByUser
+					sc.handlerFunc = DeleteDashboardAcl
 					sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()

 					So(sc.resp.Code, ShouldEqual, 403)
--- a/pkg/models/dashboard_acl.go
+++ b/pkg/models/dashboard_acl.go
@ -73,11 +73,8 @@ type SetDashboardAclCommand struct {
 }

 type RemoveDashboardAclCommand struct {
-	DashboardId int64 `json:"dashboardId" binding:"Required"`
-	UserId      int64 `json:"userId"`
-	UserGroupId int64 `json:"userGroupId"`
-
-	OrgId int64 `json:"-"`
+	AclId int64
+	OrgId int64
 }

 //
--- a/pkg/services/sqlstore/dashboard_acl.go
+++ b/pkg/services/sqlstore/dashboard_acl.go
@ -76,8 +76,8 @@ func SetDashboardAcl(cmd *m.SetDashboardAclCommand) error {

 func RemoveDashboardAcl(cmd *m.RemoveDashboardAclCommand) error {
 	return inTransaction(func(sess *DBSession) error {
-		var rawSQL = "DELETE FROM " + dialect.Quote("dashboard_acl") + " WHERE dashboard_id =? and (user_group_id=? or user_id=?)"
-		_, err := sess.Exec(rawSQL, cmd.DashboardId, cmd.UserGroupId, cmd.UserId)
+		var rawSQL = "DELETE FROM " + dialect.Quote("dashboard_acl") + " WHERE org_id =? and id=?"
+		_, err := sess.Exec(rawSQL, cmd.OrgId, cmd.AclId)
 		if err != nil {
 			return err
 		}
--- a/pkg/services/sqlstore/dashboard_acl_test.go
+++ b/pkg/services/sqlstore/dashboard_acl_test.go
@ -114,9 +114,8 @@ func TestDashboardAclDataAccess(t *testing.T) {

 				Convey("Should be able to delete an existing permission", func() {
 					err := RemoveDashboardAcl(&m.RemoveDashboardAclCommand{
-						OrgId:       1,
-						UserId:      1,
-						DashboardId: savedFolder.Id,
+						OrgId: 1,
+						AclId: 1,
 					})
 					So(err, ShouldBeNil)

@ -170,9 +169,8 @@ func TestDashboardAclDataAccess(t *testing.T) {

 				Convey("Should be able to delete an existing permission for a user group", func() {
 					err := RemoveDashboardAcl(&m.RemoveDashboardAclCommand{
-						OrgId:       1,
-						UserGroupId: group1.Result.Id,
-						DashboardId: savedFolder.Id,
+						OrgId: 1,
+						AclId: 1,
 					})
 					So(err, ShouldBeNil)