diff --git a/pkg/api/alerting_test.go b/pkg/api/alerting_test.go index 0e14648d080..952c97a9e30 100644 --- a/pkg/api/alerting_test.go +++ b/pkg/api/alerting_test.go @@ -11,6 +11,7 @@ import ( "github.com/grafana/grafana/pkg/api/response" "github.com/grafana/grafana/pkg/bus" "github.com/grafana/grafana/pkg/models" + "github.com/grafana/grafana/pkg/services/guardian" "github.com/grafana/grafana/pkg/services/search" "github.com/grafana/grafana/pkg/services/sqlstore/mockstore" "github.com/stretchr/testify/assert" @@ -46,15 +47,9 @@ func setUp(confs ...setUpConf) *HTTPServer { aclMockResp = c.aclMockResp } } - bus.AddHandler("test", func(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { - query.Result = aclMockResp - return nil - }) - - bus.AddHandler("test", func(ctx context.Context, query *models.GetTeamsByUserQuery) error { - query.Result = []*models.TeamDTO{} - return nil - }) + store.ExpectedDashboardAclInfoList = aclMockResp + store.ExpectedTeamsByUser = []*models.TeamDTO{} + guardian.InitLegacyGuardian(store) return hs } diff --git a/pkg/api/annotations_test.go b/pkg/api/annotations_test.go index 1617994b356..975697470ee 100644 --- a/pkg/api/annotations_test.go +++ b/pkg/api/annotations_test.go @@ -17,6 +17,7 @@ import ( "github.com/grafana/grafana/pkg/models" "github.com/grafana/grafana/pkg/services/accesscontrol" "github.com/grafana/grafana/pkg/services/annotations" + "github.com/grafana/grafana/pkg/services/guardian" "github.com/grafana/grafana/pkg/services/sqlstore" "github.com/grafana/grafana/pkg/services/sqlstore/mockstore" ) @@ -536,14 +537,8 @@ func setUpACL() { {Role: &viewerRole, Permission: models.PERMISSION_VIEW}, {Role: &editorRole, Permission: models.PERMISSION_EDIT}, } - - bus.AddHandler("test", func(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { - query.Result = aclMockResp - return nil - }) - - bus.AddHandler("test", func(ctx context.Context, query *models.GetTeamsByUserQuery) error { - query.Result = []*models.TeamDTO{} - return nil - }) + store := mockstore.NewSQLStoreMock() + store.ExpectedDashboardAclInfoList = aclMockResp + store.ExpectedTeamsByUser = []*models.TeamDTO{} + guardian.InitLegacyGuardian(store) } diff --git a/pkg/api/dashboard_permission_test.go b/pkg/api/dashboard_permission_test.go index 940c6cc4fca..9df624fb70b 100644 --- a/pkg/api/dashboard_permission_test.go +++ b/pkg/api/dashboard_permission_test.go @@ -266,24 +266,24 @@ func TestDashboardPermissionAPIEndpoint(t *testing.T) { settings.HiddenUsers = make(map[string]struct{}) }) - guardian.MockDashboardGuardian(&guardian.FakeDashboardGuardian{ - CanAdminValue: true, - CheckPermissionBeforeUpdateValue: true, - GetAclValue: []*models.DashboardAclInfoDTO{ - {OrgId: 1, DashboardId: 1, UserId: 2, UserLogin: "hiddenUser", Permission: models.PERMISSION_VIEW}, - {OrgId: 1, DashboardId: 1, UserId: 3, UserLogin: testUserLogin, Permission: models.PERMISSION_EDIT}, - {OrgId: 1, DashboardId: 1, UserId: 4, UserLogin: "user_1", Permission: models.PERMISSION_ADMIN}, - }, - GetHiddenAclValue: []*models.DashboardAcl{ - {OrgID: 1, DashboardID: 1, UserID: 2, Permission: models.PERMISSION_VIEW}, - }, - }) - mockSQLStore := mockstore.NewSQLStoreMock() var resp []*models.DashboardAclInfoDTO loggedInUserScenarioWithRole(t, "When calling GET on", "GET", "/api/dashboards/id/1/permissions", "/api/dashboards/id/:dashboardId/permissions", models.ROLE_ADMIN, func(sc *scenarioContext) { setUp() + guardian.MockDashboardGuardian(&guardian.FakeDashboardGuardian{ + CanAdminValue: true, + CheckPermissionBeforeUpdateValue: true, + GetAclValue: []*models.DashboardAclInfoDTO{ + {OrgId: 1, DashboardId: 1, UserId: 2, UserLogin: "hiddenUser", Permission: models.PERMISSION_VIEW}, + {OrgId: 1, DashboardId: 1, UserId: 3, UserLogin: testUserLogin, Permission: models.PERMISSION_EDIT}, + {OrgId: 1, DashboardId: 1, UserId: 4, UserLogin: "user_1", Permission: models.PERMISSION_ADMIN}, + }, + GetHiddenAclValue: []*models.DashboardAcl{ + {OrgID: 1, DashboardID: 1, UserID: 2, Permission: models.PERMISSION_VIEW}, + }, + }) + callGetDashboardPermissions(sc, hs) assert.Equal(t, 200, sc.resp.Code) diff --git a/pkg/api/dashboard_snapshot_test.go b/pkg/api/dashboard_snapshot_test.go index 434714ba131..a6d1bcef985 100644 --- a/pkg/api/dashboard_snapshot_test.go +++ b/pkg/api/dashboard_snapshot_test.go @@ -13,6 +13,7 @@ import ( "github.com/grafana/grafana/pkg/components/simplejson" "github.com/grafana/grafana/pkg/models" "github.com/grafana/grafana/pkg/services/dashboardsnapshots" + "github.com/grafana/grafana/pkg/services/guardian" "github.com/grafana/grafana/pkg/services/sqlstore/mockstore" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -70,6 +71,7 @@ func TestDashboardSnapshotAPIEndpoint_singleSnapshot(t *testing.T) { }) mockSnapshotResult.ExternalDeleteUrl = ts.URL sc.handlerFunc = hs.DeleteDashboardSnapshot + guardian.InitLegacyGuardian(sc.sqlStore) sc.fakeReqWithParams("DELETE", sc.url, map[string]string{"key": "12345"}).exec() assert.Equal(t, 403, sc.resp.Code) diff --git a/pkg/api/dashboard_test.go b/pkg/api/dashboard_test.go index eb8a87e27e0..aed84a37725 100644 --- a/pkg/api/dashboard_test.go +++ b/pkg/api/dashboard_test.go @@ -26,6 +26,7 @@ import ( "github.com/grafana/grafana/pkg/services/dashboards/database" service "github.com/grafana/grafana/pkg/services/dashboards/manager" "github.com/grafana/grafana/pkg/services/featuremgmt" + "github.com/grafana/grafana/pkg/services/guardian" "github.com/grafana/grafana/pkg/services/libraryelements" "github.com/grafana/grafana/pkg/services/live" "github.com/grafana/grafana/pkg/services/provisioning" @@ -132,11 +133,8 @@ func TestDashboardAPIEndpoint(t *testing.T) { {Role: &viewerRole, Permission: models.PERMISSION_VIEW}, {Role: &editorRole, Permission: models.PERMISSION_EDIT}, } - - bus.AddHandler("test", func(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { - query.Result = aclMockResp - return nil - }) + mockSQLStore.ExpectedDashboardAclInfoList = aclMockResp + guardian.InitLegacyGuardian(mockSQLStore) } // This tests two scenarios: @@ -246,10 +244,8 @@ func TestDashboardAPIEndpoint(t *testing.T) { }, } - bus.AddHandler("test", func(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { - query.Result = aclMockResp - return nil - }) + mockSQLStore.ExpectedDashboardAclInfoList = aclMockResp + guardian.InitLegacyGuardian(mockSQLStore) } // This tests six scenarios: @@ -345,10 +341,7 @@ func TestDashboardAPIEndpoint(t *testing.T) { setUpInner := func() { setUp() - bus.AddHandler("test", func(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { - query.Result = mockResult - return nil - }) + mockSQLStore.ExpectedDashboardAclInfoList = mockResult } loggedInUserScenarioWithRole(t, "When calling GET on", "GET", "/api/dashboards/uid/abcdefghi", @@ -404,11 +397,7 @@ func TestDashboardAPIEndpoint(t *testing.T) { mockResult := []*models.DashboardAclInfoDTO{ {OrgId: 1, DashboardId: 2, UserId: 1, Permission: models.PERMISSION_VIEW}, } - - bus.AddHandler("test", func(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { - query.Result = mockResult - return nil - }) + mockSQLStore.ExpectedDashboardAclInfoList = mockResult origCanEdit := setting.ViewersCanEdit t.Cleanup(func() { @@ -446,10 +435,7 @@ func TestDashboardAPIEndpoint(t *testing.T) { mockResult := []*models.DashboardAclInfoDTO{ {OrgId: 1, DashboardId: 2, UserId: 1, Permission: models.PERMISSION_ADMIN}, } - bus.AddHandler("test", func(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { - query.Result = mockResult - return nil - }) + mockSQLStore.ExpectedDashboardAclInfoList = mockResult } loggedInUserScenarioWithRole(t, "When calling GET on", "GET", "/api/dashboards/uid/abcdefghi", "/api/dashboards/uid/:uid", role, func(sc *scenarioContext) { @@ -494,10 +480,7 @@ func TestDashboardAPIEndpoint(t *testing.T) { mockResult := []*models.DashboardAclInfoDTO{ {OrgId: 1, DashboardId: 2, UserId: 1, Permission: models.PERMISSION_VIEW}, } - bus.AddHandler("test", func(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { - query.Result = mockResult - return nil - }) + mockSQLStore.ExpectedDashboardAclInfoList = mockResult } loggedInUserScenarioWithRole(t, "When calling GET on", "GET", "/api/dashboards/uid/abcdefghi", "/api/dashboards/uid/:uid", role, func(sc *scenarioContext) { @@ -744,10 +727,7 @@ func TestDashboardAPIEndpoint(t *testing.T) { sqlmock := mockstore.SQLStoreMock{ExpectedDashboardVersions: dashboardvs} setUp := func() { mockResult := []*models.DashboardAclInfoDTO{} - bus.AddHandler("test", func(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { - query.Result = mockResult - return nil - }) + sqlmock.ExpectedDashboardAclInfoList = mockResult } cmd := dtos.CalculateDiffOptions{ @@ -863,16 +843,13 @@ func TestDashboardAPIEndpoint(t *testing.T) { }) t.Run("Given provisioned dashboard", func(t *testing.T) { + mockSQLStore := mockstore.NewSQLStoreMock() setUp := func() { - bus.AddHandler("test", func(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { - query.Result = []*models.DashboardAclInfoDTO{ - {OrgId: testOrgID, DashboardId: 1, UserId: testUserID, Permission: models.PERMISSION_EDIT}, - } - return nil - }) + mockSQLStore.ExpectedDashboardAclInfoList = []*models.DashboardAclInfoDTO{ + {OrgId: testOrgID, DashboardId: 1, UserId: testUserID, Permission: models.PERMISSION_EDIT}, + } } - mockSQLStore := mockstore.NewSQLStoreMock() dataValue, err := simplejson.NewJson([]byte(`{"id": 1, "editable": true, "style": "dark"}`)) require.NoError(t, err) mockSQLStore.ExpectedDashboard = &models.Dashboard{Id: 1, Data: dataValue} diff --git a/pkg/services/dashboards/manager/dashboard_service_integration_test.go b/pkg/services/dashboards/manager/dashboard_service_integration_test.go index 4bee3f2a03a..2bb0d4d571c 100644 --- a/pkg/services/dashboards/manager/dashboard_service_integration_test.go +++ b/pkg/services/dashboards/manager/dashboard_service_integration_test.go @@ -812,6 +812,7 @@ func permissionScenario(t *testing.T, desc string, canSave bool, fn permissionSc t.Run(desc, func(t *testing.T) { sqlStore := sqlstore.InitTestDB(t) + guardian.InitLegacyGuardian(sqlStore) savedFolder := saveTestFolder(t, "Saved folder", testOrgID, sqlStore) savedDashInFolder := saveTestDashboard(t, "Saved dash in folder", testOrgID, savedFolder.Id, sqlStore) diff --git a/pkg/services/guardian/accesscontrol_guardian.go b/pkg/services/guardian/accesscontrol_guardian.go index 9ba5a1989b0..f7c80b4ed53 100644 --- a/pkg/services/guardian/accesscontrol_guardian.go +++ b/pkg/services/guardian/accesscontrol_guardian.go @@ -22,7 +22,7 @@ var _ DashboardGuardian = new(AccessControlDashboardGuardian) func NewAccessControlDashboardGuardian( ctx context.Context, dashboardId int64, user *models.SignedInUser, - store *sqlstore.SQLStore, ac accesscontrol.AccessControl, permissionsServices accesscontrol.PermissionsServices, + store sqlstore.Store, ac accesscontrol.AccessControl, permissionsServices accesscontrol.PermissionsServices, ) *AccessControlDashboardGuardian { return &AccessControlDashboardGuardian{ ctx: ctx, @@ -41,7 +41,7 @@ type AccessControlDashboardGuardian struct { dashboardID int64 dashboard *models.Dashboard user *models.SignedInUser - store *sqlstore.SQLStore + store sqlstore.Store ac accesscontrol.AccessControl permissionServices accesscontrol.PermissionsServices } diff --git a/pkg/services/guardian/guardian.go b/pkg/services/guardian/guardian.go index 1722827021e..5b624bf73e9 100644 --- a/pkg/services/guardian/guardian.go +++ b/pkg/services/guardian/guardian.go @@ -4,9 +4,9 @@ import ( "context" "errors" - "github.com/grafana/grafana/pkg/bus" "github.com/grafana/grafana/pkg/infra/log" "github.com/grafana/grafana/pkg/models" + "github.com/grafana/grafana/pkg/services/sqlstore" "github.com/grafana/grafana/pkg/setting" ) @@ -43,17 +43,23 @@ type dashboardGuardianImpl struct { teams []*models.TeamDTO log log.Logger ctx context.Context + store sqlstore.Store } // New factory for creating a new dashboard guardian instance // When using access control this function is replaced on startup and the AccessControlDashboardGuardian is returned var New = func(ctx context.Context, dashId int64, orgId int64, user *models.SignedInUser) DashboardGuardian { + panic("no guardian factory implementation provided") +} + +func newDashboardGuardian(ctx context.Context, dashId int64, orgId int64, user *models.SignedInUser, store sqlstore.Store) *dashboardGuardianImpl { return &dashboardGuardianImpl{ user: user, dashId: dashId, orgId: orgId, log: log.New("dashboard.permissions"), ctx: ctx, + store: store, } } @@ -146,7 +152,7 @@ func (g *dashboardGuardianImpl) checkAcl(permission models.PermissionType, acl [ } // load teams - teams, err := g.getTeams(g.ctx) + teams, err := g.getTeams() if err != nil { return false, err } @@ -216,10 +222,9 @@ func (g *dashboardGuardianImpl) GetAcl() ([]*models.DashboardAclInfoDTO, error) } query := models.GetDashboardAclInfoListQuery{DashboardID: g.dashId, OrgID: g.orgId} - if err := bus.Dispatch(g.ctx, &query); err != nil { + if err := g.store.GetDashboardAclInfoList(g.ctx, &query); err != nil { return nil, err } - g.acl = query.Result return g.acl, nil } @@ -260,14 +265,13 @@ func (g *dashboardGuardianImpl) GetACLWithoutDuplicates() ([]*models.DashboardAc return result, nil } -func (g *dashboardGuardianImpl) getTeams(ctx context.Context) ([]*models.TeamDTO, error) { +func (g *dashboardGuardianImpl) getTeams() ([]*models.TeamDTO, error) { if g.teams != nil { return g.teams, nil } query := models.GetTeamsByUserQuery{OrgId: g.orgId, UserId: g.user.UserId} - // TODO: Use bus.Dispatch(g.Ctx, &query) when GetTeamsByUserQuery supports context. - err := bus.Dispatch(ctx, &query) + err := g.store.GetTeamsByUser(g.ctx, &query) g.teams = query.Result return query.Result, err diff --git a/pkg/services/guardian/guardian_test.go b/pkg/services/guardian/guardian_test.go index eed53fcb4b9..cc557ad5d58 100644 --- a/pkg/services/guardian/guardian_test.go +++ b/pkg/services/guardian/guardian_test.go @@ -7,8 +7,8 @@ import ( "runtime" "testing" - "github.com/grafana/grafana/pkg/bus" "github.com/grafana/grafana/pkg/models" + "github.com/grafana/grafana/pkg/services/sqlstore/mockstore" "github.com/grafana/grafana/pkg/setting" "github.com/stretchr/testify/require" @@ -682,16 +682,12 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsWithOverrideShou func TestGuardianGetHiddenACL(t *testing.T) { t.Run("Get hidden ACL tests", func(t *testing.T) { - bus.ClearBusHandlers() - - bus.AddHandler("test", func(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { - query.Result = []*models.DashboardAclInfoDTO{ - {Inherited: false, UserId: 1, UserLogin: "user1", Permission: models.PERMISSION_EDIT}, - {Inherited: false, UserId: 2, UserLogin: "user2", Permission: models.PERMISSION_ADMIN}, - {Inherited: true, UserId: 3, UserLogin: "user3", Permission: models.PERMISSION_VIEW}, - } - return nil - }) + store := mockstore.NewSQLStoreMock() + store.ExpectedDashboardAclInfoList = []*models.DashboardAclInfoDTO{ + {Inherited: false, UserId: 1, UserLogin: "user1", Permission: models.PERMISSION_EDIT}, + {Inherited: false, UserId: 2, UserLogin: "user2", Permission: models.PERMISSION_ADMIN}, + {Inherited: true, UserId: 3, UserLogin: "user3", Permission: models.PERMISSION_VIEW}, + } cfg := setting.NewCfg() cfg.HiddenUsers = map[string]struct{}{"user2": {}} @@ -702,7 +698,7 @@ func TestGuardianGetHiddenACL(t *testing.T) { UserId: 1, Login: "user1", } - g := New(context.Background(), dashboardID, orgID, user) + g := newDashboardGuardian(context.Background(), dashboardID, orgID, user, store) hiddenACL, err := g.GetHiddenACL(cfg) require.NoError(t, err) @@ -718,7 +714,7 @@ func TestGuardianGetHiddenACL(t *testing.T) { Login: "user1", IsGrafanaAdmin: true, } - g := New(context.Background(), dashboardID, orgID, user) + g := newDashboardGuardian(context.Background(), dashboardID, orgID, user, store) hiddenACL, err := g.GetHiddenACL(cfg) require.NoError(t, err) @@ -730,21 +726,18 @@ func TestGuardianGetHiddenACL(t *testing.T) { func TestGuardianGetAclWithoutDuplicates(t *testing.T) { t.Run("Get hidden ACL tests", func(t *testing.T) { - t.Cleanup(bus.ClearBusHandlers) - - bus.AddHandler("test", func(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { - query.Result = []*models.DashboardAclInfoDTO{ - {Inherited: true, UserId: 3, UserLogin: "user3", Permission: models.PERMISSION_EDIT}, - {Inherited: false, UserId: 3, UserLogin: "user3", Permission: models.PERMISSION_VIEW}, - {Inherited: false, UserId: 2, UserLogin: "user2", Permission: models.PERMISSION_ADMIN}, - {Inherited: true, UserId: 4, UserLogin: "user4", Permission: models.PERMISSION_ADMIN}, - {Inherited: false, UserId: 4, UserLogin: "user4", Permission: models.PERMISSION_ADMIN}, - {Inherited: false, UserId: 5, UserLogin: "user5", Permission: models.PERMISSION_EDIT}, - {Inherited: true, UserId: 6, UserLogin: "user6", Permission: models.PERMISSION_VIEW}, - {Inherited: false, UserId: 6, UserLogin: "user6", Permission: models.PERMISSION_EDIT}, - } - return nil - }) + store := mockstore.NewSQLStoreMock() + + store.ExpectedDashboardAclInfoList = []*models.DashboardAclInfoDTO{ + {Inherited: true, UserId: 3, UserLogin: "user3", Permission: models.PERMISSION_EDIT}, + {Inherited: false, UserId: 3, UserLogin: "user3", Permission: models.PERMISSION_VIEW}, + {Inherited: false, UserId: 2, UserLogin: "user2", Permission: models.PERMISSION_ADMIN}, + {Inherited: true, UserId: 4, UserLogin: "user4", Permission: models.PERMISSION_ADMIN}, + {Inherited: false, UserId: 4, UserLogin: "user4", Permission: models.PERMISSION_ADMIN}, + {Inherited: false, UserId: 5, UserLogin: "user5", Permission: models.PERMISSION_EDIT}, + {Inherited: true, UserId: 6, UserLogin: "user6", Permission: models.PERMISSION_VIEW}, + {Inherited: false, UserId: 6, UserLogin: "user6", Permission: models.PERMISSION_EDIT}, + } t.Run("Should get acl without duplicates", func(t *testing.T) { user := &models.SignedInUser{ @@ -752,7 +745,7 @@ func TestGuardianGetAclWithoutDuplicates(t *testing.T) { UserId: 1, Login: "user1", } - g := New(context.Background(), dashboardID, orgID, user) + g := newDashboardGuardian(context.Background(), dashboardID, orgID, user, store) acl, err := g.GetACLWithoutDuplicates() require.NoError(t, err) diff --git a/pkg/services/guardian/guardian_util_test.go b/pkg/services/guardian/guardian_util_test.go index cc6806d37b6..8ff76b40c06 100644 --- a/pkg/services/guardian/guardian_util_test.go +++ b/pkg/services/guardian/guardian_util_test.go @@ -7,8 +7,8 @@ import ( "strings" "testing" - "github.com/grafana/grafana/pkg/bus" "github.com/grafana/grafana/pkg/models" + "github.com/grafana/grafana/pkg/services/sqlstore/mockstore" "github.com/stretchr/testify/assert" ) @@ -36,7 +36,8 @@ func orgRoleScenario(desc string, t *testing.T, role models.RoleType, fn scenari OrgId: orgID, OrgRole: role, } - guard := New(context.Background(), dashboardID, orgID, user) + store := mockstore.NewSQLStoreMock() + guard := newDashboardGuardian(context.Background(), dashboardID, orgID, user, store) sc := &scenarioContext{ t: t, @@ -57,7 +58,8 @@ func apiKeyScenario(desc string, t *testing.T, role models.RoleType, fn scenario OrgRole: role, ApiKeyId: 10, } - guard := New(context.Background(), dashboardID, orgID, user) + store := mockstore.NewSQLStoreMock() + guard := newDashboardGuardian(context.Background(), dashboardID, orgID, user, store) sc := &scenarioContext{ t: t, orgRoleScenario: desc, @@ -73,20 +75,8 @@ func apiKeyScenario(desc string, t *testing.T, role models.RoleType, fn scenario func permissionScenario(desc string, dashboardID int64, sc *scenarioContext, permissions []*models.DashboardAclInfoDTO, fn scenarioFunc) { sc.t.Run(desc, func(t *testing.T) { - bus.ClearBusHandlers() - - bus.AddHandler("test", func(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { - if query.OrgID != sc.givenUser.OrgId { - sc.reportFailure("Invalid organization id for GetDashboardAclInfoListQuery", sc.givenUser.OrgId, query.OrgID) - } - if query.DashboardID != sc.givenDashboardID { - sc.reportFailure("Invalid dashboard id for GetDashboardAclInfoListQuery", sc.givenDashboardID, query.DashboardID) - } - - query.Result = permissions - return nil - }) - + store := mockstore.NewSQLStoreMock() + store.ExpectedDashboardAclInfoList = permissions teams := []*models.TeamDTO{} for _, p := range permissions { @@ -94,21 +84,10 @@ func permissionScenario(desc string, dashboardID int64, sc *scenarioContext, teams = append(teams, &models.TeamDTO{Id: p.TeamId}) } } - - bus.AddHandler("test", func(ctx context.Context, query *models.GetTeamsByUserQuery) error { - if query.OrgId != sc.givenUser.OrgId { - sc.reportFailure("Invalid organization id for GetTeamsByUserQuery", sc.givenUser.OrgId, query.OrgId) - } - if query.UserId != sc.givenUser.UserId { - sc.reportFailure("Invalid user id for GetTeamsByUserQuery", sc.givenUser.UserId, query.UserId) - } - - query.Result = teams - return nil - }) + store.ExpectedTeamsByUser = teams sc.permissionScenario = desc - sc.g = New(context.Background(), dashboardID, sc.givenUser.OrgId, sc.givenUser) + sc.g = newDashboardGuardian(context.Background(), dashboardID, sc.givenUser.OrgId, sc.givenUser, store) sc.givenDashboardID = dashboardID sc.givenPermissions = permissions sc.givenTeams = teams diff --git a/pkg/services/guardian/provider.go b/pkg/services/guardian/provider.go index d72b402cad5..5acccdf7774 100644 --- a/pkg/services/guardian/provider.go +++ b/pkg/services/guardian/provider.go @@ -14,9 +14,21 @@ type Provider struct{} func ProvideService(store *sqlstore.SQLStore, ac accesscontrol.AccessControl, permissionsServices accesscontrol.PermissionsServices, features featuremgmt.FeatureToggles) *Provider { if features.IsEnabled(featuremgmt.FlagAccesscontrol) { // TODO: Fix this hack, see https://github.com/grafana/grafana-enterprise/issues/2935 - New = func(ctx context.Context, dashId int64, orgId int64, user *models.SignedInUser) DashboardGuardian { - return NewAccessControlDashboardGuardian(ctx, dashId, user, store, ac, permissionsServices) - } + InitAcessControlGuardian(store, ac, permissionsServices) + } else { + InitLegacyGuardian(store) } return &Provider{} } + +func InitLegacyGuardian(store sqlstore.Store) { + New = func(ctx context.Context, dashId int64, orgId int64, user *models.SignedInUser) DashboardGuardian { + return newDashboardGuardian(ctx, dashId, orgId, user, store) + } +} + +func InitAcessControlGuardian(store sqlstore.Store, ac accesscontrol.AccessControl, permissionsServices accesscontrol.PermissionsServices) { + New = func(ctx context.Context, dashId int64, orgId int64, user *models.SignedInUser) DashboardGuardian { + return NewAccessControlDashboardGuardian(ctx, dashId, user, store, ac, permissionsServices) + } +} diff --git a/pkg/services/libraryelements/libraryelements_test.go b/pkg/services/libraryelements/libraryelements_test.go index d27aace6675..b45b7209060 100644 --- a/pkg/services/libraryelements/libraryelements_test.go +++ b/pkg/services/libraryelements/libraryelements_test.go @@ -21,7 +21,9 @@ import ( "github.com/grafana/grafana/pkg/services/dashboards/database" dashboardservice "github.com/grafana/grafana/pkg/services/dashboards/manager" "github.com/grafana/grafana/pkg/services/featuremgmt" + "github.com/grafana/grafana/pkg/services/guardian" "github.com/grafana/grafana/pkg/services/sqlstore" + "github.com/grafana/grafana/pkg/services/sqlstore/mockstore" "github.com/grafana/grafana/pkg/setting" "github.com/grafana/grafana/pkg/web" ) @@ -286,6 +288,8 @@ func validateAndUnMarshalArrayResponse(t *testing.T, resp response.Response) lib func scenarioWithPanel(t *testing.T, desc string, fn func(t *testing.T, sc scenarioContext)) { t.Helper() + store := mockstore.NewSQLStoreMock() + guardian.InitLegacyGuardian(store) testScenario(t, desc, func(t *testing.T, sc scenarioContext) { command := getCreatePanelCommand(sc.folder.Id, "Text - Library Panel") @@ -311,6 +315,7 @@ func testScenario(t *testing.T, desc string, fn func(t *testing.T, sc scenarioCo orgID := int64(1) role := models.ROLE_ADMIN sqlStore := sqlstore.InitTestDB(t) + guardian.InitLegacyGuardian(sqlStore) dashboardStore := database.ProvideDashboardStore(sqlStore) dashboardService := dashboardservice.ProvideDashboardService( setting.NewCfg(), dashboardStore, nil, diff --git a/pkg/services/librarypanels/librarypanels_test.go b/pkg/services/librarypanels/librarypanels_test.go index e76c6aa5382..17c4861e2b2 100644 --- a/pkg/services/librarypanels/librarypanels_test.go +++ b/pkg/services/librarypanels/librarypanels_test.go @@ -19,8 +19,10 @@ import ( "github.com/grafana/grafana/pkg/services/dashboards/database" dashboardservice "github.com/grafana/grafana/pkg/services/dashboards/manager" "github.com/grafana/grafana/pkg/services/featuremgmt" + "github.com/grafana/grafana/pkg/services/guardian" "github.com/grafana/grafana/pkg/services/libraryelements" "github.com/grafana/grafana/pkg/services/sqlstore" + "github.com/grafana/grafana/pkg/services/sqlstore/mockstore" "github.com/grafana/grafana/pkg/setting" ) @@ -1477,6 +1479,8 @@ func updateFolderACL(t *testing.T, dashboardStore *database.DashboardStore, fold } func scenarioWithLibraryPanel(t *testing.T, desc string, fn func(t *testing.T, sc scenarioContext)) { + store := mockstore.NewSQLStoreMock() + guardian.InitLegacyGuardian(store) t.Helper() testScenario(t, desc, func(t *testing.T, sc scenarioContext) { diff --git a/pkg/services/sqlstore/mockstore/mockstore.go b/pkg/services/sqlstore/mockstore/mockstore.go index 63e221be0b0..baff080ba55 100644 --- a/pkg/services/sqlstore/mockstore/mockstore.go +++ b/pkg/services/sqlstore/mockstore/mockstore.go @@ -380,6 +380,7 @@ func (m *SQLStoreMock) DeleteExpiredVersions(ctx context.Context, cmd *models.De } func (m SQLStoreMock) GetDashboardAclInfoList(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error { + query.Result = m.ExpectedDashboardAclInfoList return m.ExpectedError }