2017-05-08 21:35:34 +08:00
|
|
|
|
package api
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
2022-03-03 22:05:47 +08:00
|
|
|
|
"context"
|
2021-11-29 17:18:01 +08:00
|
|
|
|
"net/http"
|
2022-01-15 00:55:57 +08:00
|
|
|
|
"strconv"
|
2017-06-22 07:02:03 +08:00
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
|
|
"github.com/grafana/grafana/pkg/api/dtos"
|
2021-01-15 21:43:20 +08:00
|
|
|
|
"github.com/grafana/grafana/pkg/api/response"
|
2024-06-13 12:11:35 +08:00
|
|
|
|
"github.com/grafana/grafana/pkg/apimachinery/identity"
|
2024-01-24 19:39:11 +08:00
|
|
|
|
"github.com/grafana/grafana/pkg/infra/metrics"
|
2022-03-03 22:05:47 +08:00
|
|
|
|
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
2023-01-27 15:50:36 +08:00
|
|
|
|
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
|
2023-01-18 20:52:41 +08:00
|
|
|
|
"github.com/grafana/grafana/pkg/services/dashboards"
|
2023-11-22 21:20:22 +08:00
|
|
|
|
"github.com/grafana/grafana/pkg/services/dashboards/dashboardaccess"
|
2023-08-24 21:37:54 +08:00
|
|
|
|
"github.com/grafana/grafana/pkg/services/org"
|
2021-11-29 17:18:01 +08:00
|
|
|
|
"github.com/grafana/grafana/pkg/web"
|
2017-05-08 21:35:34 +08:00
|
|
|
|
)
|
|
|
|
|
|
|
2025-08-28 05:51:04 +08:00
|
|
|
|
// swagger:route GET /dashboards/uid/{uid}/permissions dashboards permissions getDashboardPermissionsListByUID
|
2022-07-27 21:54:37 +08:00
|
|
|
|
//
|
|
|
|
|
|
// Gets all existing permissions for the given dashboard.
|
|
|
|
|
|
//
|
|
|
|
|
|
// Responses:
|
|
|
|
|
|
// 200: getDashboardPermissionsListResponse
|
|
|
|
|
|
// 401: unauthorisedError
|
|
|
|
|
|
// 403: forbiddenError
|
|
|
|
|
|
// 404: notFoundError
|
|
|
|
|
|
// 500: internalServerError
|
|
|
|
|
|
|
2025-08-28 05:51:04 +08:00
|
|
|
|
// swagger:route GET /dashboards/id/{DashboardID}/permissions dashboards permissions getDashboardPermissionsListByID
|
2022-07-27 21:54:37 +08:00
|
|
|
|
//
|
|
|
|
|
|
// Gets all existing permissions for the given dashboard.
|
|
|
|
|
|
//
|
2025-08-28 05:51:04 +08:00
|
|
|
|
// Please refer to [updated API](#/dashboards/getDashboardPermissionsListByUID) instead
|
2022-07-27 21:54:37 +08:00
|
|
|
|
//
|
|
|
|
|
|
// Deprecated: true
|
|
|
|
|
|
//
|
|
|
|
|
|
// Responses:
|
|
|
|
|
|
// 200: getDashboardPermissionsListResponse
|
|
|
|
|
|
// 401: unauthorisedError
|
|
|
|
|
|
// 403: forbiddenError
|
|
|
|
|
|
// 404: notFoundError
|
|
|
|
|
|
// 500: internalServerError
|
2023-01-27 15:50:36 +08:00
|
|
|
|
func (hs *HTTPServer) GetDashboardPermissionList(c *contextmodel.ReqContext) response.Response {
|
2024-08-30 14:26:15 +08:00
|
|
|
|
ctx, span := tracer.Start(c.Req.Context(), "api.GetDashboardPermissionList")
|
|
|
|
|
|
defer span.End()
|
|
|
|
|
|
c.Req = c.Req.WithContext(ctx)
|
|
|
|
|
|
|
2022-04-21 22:24:03 +08:00
|
|
|
|
var dashID int64
|
|
|
|
|
|
var err error
|
|
|
|
|
|
dashUID := web.Params(c.Req)[":uid"]
|
|
|
|
|
|
if dashUID == "" {
|
|
|
|
|
|
dashID, err = strconv.ParseInt(web.Params(c.Req)[":dashboardId"], 10, 64)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return response.Error(http.StatusBadRequest, "dashboardId is invalid", err)
|
|
|
|
|
|
}
|
2022-01-15 00:55:57 +08:00
|
|
|
|
}
|
2017-05-08 21:35:34 +08:00
|
|
|
|
|
2025-04-10 20:42:23 +08:00
|
|
|
|
dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.GetOrgID(), dashID, dashUID)
|
2018-02-12 16:26:09 +08:00
|
|
|
|
if rsp != nil {
|
|
|
|
|
|
return rsp
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-08-24 21:37:54 +08:00
|
|
|
|
acl, err := hs.getDashboardACL(c.Req.Context(), c.SignedInUser, dash)
|
2017-06-23 05:10:43 +08:00
|
|
|
|
if err != nil {
|
2024-02-28 00:39:51 +08:00
|
|
|
|
return response.Error(http.StatusInternalServerError, "Failed to get dashboard permissions", err)
|
2017-05-08 21:35:34 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-01-20 21:58:47 +08:00
|
|
|
|
filteredACLs := make([]*dashboards.DashboardACLInfoDTO, 0, len(acl))
|
2018-02-05 21:28:24 +08:00
|
|
|
|
for _, perm := range acl {
|
2023-01-20 21:58:47 +08:00
|
|
|
|
if perm.UserID > 0 && dtos.IsHiddenUser(perm.UserLogin, c.SignedInUser, hs.Cfg) {
|
2020-11-24 19:10:32 +08:00
|
|
|
|
continue
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2024-01-23 19:36:22 +08:00
|
|
|
|
perm.UserAvatarURL = dtos.GetGravatarUrl(hs.Cfg, perm.UserEmail)
|
2018-04-04 21:50:45 +08:00
|
|
|
|
|
2023-01-20 21:58:47 +08:00
|
|
|
|
if perm.TeamID > 0 {
|
2024-01-23 19:36:22 +08:00
|
|
|
|
perm.TeamAvatarURL = dtos.GetGravatarUrlWithDefault(hs.Cfg, perm.TeamEmail, perm.Team)
|
2018-04-04 21:50:45 +08:00
|
|
|
|
}
|
2018-02-05 21:28:24 +08:00
|
|
|
|
if perm.Slug != "" {
|
2023-01-20 21:58:47 +08:00
|
|
|
|
perm.URL = dashboards.GetDashboardFolderURL(perm.IsFolder, perm.UID, perm.Slug)
|
2018-02-05 21:28:24 +08:00
|
|
|
|
}
|
2020-11-24 19:10:32 +08:00
|
|
|
|
|
2022-07-18 21:14:58 +08:00
|
|
|
|
filteredACLs = append(filteredACLs, perm)
|
2018-02-05 21:28:24 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-07-18 21:14:58 +08:00
|
|
|
|
return response.JSON(http.StatusOK, filteredACLs)
|
2017-05-08 21:35:34 +08:00
|
|
|
|
}
|
2017-05-22 16:36:47 +08:00
|
|
|
|
|
2025-08-28 05:51:04 +08:00
|
|
|
|
// swagger:route POST /dashboards/uid/{uid}/permissions dashboards permissions updateDashboardPermissionsByUID
|
2022-07-27 21:54:37 +08:00
|
|
|
|
//
|
|
|
|
|
|
// Updates permissions for a dashboard.
|
|
|
|
|
|
//
|
|
|
|
|
|
// This operation will remove existing permissions if they’re not included in the request.
|
|
|
|
|
|
//
|
|
|
|
|
|
// Responses:
|
|
|
|
|
|
// 200: okResponse
|
|
|
|
|
|
// 400: badRequestError
|
|
|
|
|
|
// 401: unauthorisedError
|
|
|
|
|
|
// 403: forbiddenError
|
|
|
|
|
|
// 404: notFoundError
|
|
|
|
|
|
// 500: internalServerError
|
|
|
|
|
|
|
2025-08-28 05:51:04 +08:00
|
|
|
|
// swagger:route POST /dashboards/id/{DashboardID}/permissions dashboards permissions updateDashboardPermissionsByID
|
2022-07-27 21:54:37 +08:00
|
|
|
|
//
|
|
|
|
|
|
// Updates permissions for a dashboard.
|
|
|
|
|
|
//
|
2025-08-28 05:51:04 +08:00
|
|
|
|
// Please refer to [updated API](#/dashboards/updateDashboardPermissionsByUID) instead
|
2022-07-27 21:54:37 +08:00
|
|
|
|
//
|
|
|
|
|
|
// This operation will remove existing permissions if they’re not included in the request.
|
|
|
|
|
|
//
|
|
|
|
|
|
// Deprecated: true
|
|
|
|
|
|
//
|
|
|
|
|
|
// Responses:
|
|
|
|
|
|
// 200: okResponse
|
|
|
|
|
|
// 400: badRequestError
|
|
|
|
|
|
// 401: unauthorisedError
|
|
|
|
|
|
// 403: forbiddenError
|
|
|
|
|
|
// 404: notFoundError
|
|
|
|
|
|
// 500: internalServerError
|
2023-01-27 15:50:36 +08:00
|
|
|
|
func (hs *HTTPServer) UpdateDashboardPermissions(c *contextmodel.ReqContext) response.Response {
|
2024-08-30 14:26:15 +08:00
|
|
|
|
ctx, span := tracer.Start(c.Req.Context(), "api.UpdateDashboardPermissions")
|
|
|
|
|
|
defer span.End()
|
|
|
|
|
|
c.Req = c.Req.WithContext(ctx)
|
|
|
|
|
|
|
2022-04-21 22:24:03 +08:00
|
|
|
|
var dashID int64
|
|
|
|
|
|
var err error
|
2022-07-18 21:14:58 +08:00
|
|
|
|
apiCmd := dtos.UpdateDashboardACLCommand{}
|
2021-11-29 17:18:01 +08:00
|
|
|
|
if err := web.Bind(c.Req, &apiCmd); err != nil {
|
|
|
|
|
|
return response.Error(http.StatusBadRequest, "bad request data", err)
|
|
|
|
|
|
}
|
2020-11-18 22:36:41 +08:00
|
|
|
|
if err := validatePermissionsUpdate(apiCmd); err != nil {
|
2024-02-28 00:39:51 +08:00
|
|
|
|
return response.Error(http.StatusBadRequest, err.Error(), err)
|
2020-11-18 22:36:41 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-04-21 22:24:03 +08:00
|
|
|
|
dashUID := web.Params(c.Req)[":uid"]
|
|
|
|
|
|
if dashUID == "" {
|
|
|
|
|
|
dashID, err = strconv.ParseInt(web.Params(c.Req)[":dashboardId"], 10, 64)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return response.Error(http.StatusBadRequest, "dashboardId is invalid", err)
|
|
|
|
|
|
}
|
2022-01-15 00:55:57 +08:00
|
|
|
|
}
|
2017-06-20 01:47:44 +08:00
|
|
|
|
|
2025-04-10 20:42:23 +08:00
|
|
|
|
dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.GetOrgID(), dashID, dashUID)
|
2018-02-12 16:26:09 +08:00
|
|
|
|
if rsp != nil {
|
|
|
|
|
|
return rsp
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-01-20 21:58:47 +08:00
|
|
|
|
items := make([]*dashboards.DashboardACL, 0, len(apiCmd.Items))
|
2017-06-22 07:02:03 +08:00
|
|
|
|
for _, item := range apiCmd.Items {
|
2023-01-20 21:58:47 +08:00
|
|
|
|
items = append(items, &dashboards.DashboardACL{
|
2025-04-10 20:42:23 +08:00
|
|
|
|
OrgID: c.GetOrgID(),
|
2020-11-18 00:09:14 +08:00
|
|
|
|
DashboardID: dashID,
|
|
|
|
|
|
UserID: item.UserID,
|
|
|
|
|
|
TeamID: item.TeamID,
|
2017-06-22 07:02:03 +08:00
|
|
|
|
Role: item.Role,
|
|
|
|
|
|
Permission: item.Permission,
|
|
|
|
|
|
Created: time.Now(),
|
|
|
|
|
|
Updated: time.Now(),
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-08-24 21:37:54 +08:00
|
|
|
|
acl, err := hs.getDashboardACL(c.Req.Context(), c.SignedInUser, dash)
|
2020-11-24 19:10:32 +08:00
|
|
|
|
if err != nil {
|
2023-08-24 21:37:54 +08:00
|
|
|
|
return response.Error(http.StatusInternalServerError, "Error while checking dashboard permissions", err)
|
2020-11-24 19:10:32 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-08-24 21:37:54 +08:00
|
|
|
|
items = append(items, hs.filterHiddenACL(c.SignedInUser, acl)...)
|
|
|
|
|
|
|
|
|
|
|
|
if err := hs.updateDashboardAccessControl(c.Req.Context(), dash.OrgID, dash.UID, false, items, acl); err != nil {
|
|
|
|
|
|
return response.Error(http.StatusInternalServerError, "Failed to update permissions", err)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return response.Success("Dashboard permissions updated")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-11-22 21:20:22 +08:00
|
|
|
|
var dashboardPermissionMap = map[string]dashboardaccess.PermissionType{
|
|
|
|
|
|
"View": dashboardaccess.PERMISSION_VIEW,
|
|
|
|
|
|
"Edit": dashboardaccess.PERMISSION_EDIT,
|
|
|
|
|
|
"Admin": dashboardaccess.PERMISSION_ADMIN,
|
2023-08-24 21:37:54 +08:00
|
|
|
|
}
|
2018-02-27 03:15:57 +08:00
|
|
|
|
|
2023-08-24 21:37:54 +08:00
|
|
|
|
func (hs *HTTPServer) getDashboardACL(ctx context.Context, user identity.Requester, dashboard *dashboards.Dashboard) ([]*dashboards.DashboardACLInfoDTO, error) {
|
2024-08-30 14:26:15 +08:00
|
|
|
|
ctx, span := tracer.Start(ctx, "api.getDashboardACL")
|
|
|
|
|
|
defer span.End()
|
|
|
|
|
|
|
2023-08-24 21:37:54 +08:00
|
|
|
|
permissions, err := hs.dashboardPermissionsService.GetPermissions(ctx, user, dashboard.UID)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
acl := make([]*dashboards.DashboardACLInfoDTO, 0, len(permissions))
|
|
|
|
|
|
for _, p := range permissions {
|
|
|
|
|
|
if !p.IsManaged {
|
|
|
|
|
|
continue
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var role *org.RoleType
|
|
|
|
|
|
if p.BuiltInRole != "" {
|
|
|
|
|
|
tmp := org.RoleType(p.BuiltInRole)
|
|
|
|
|
|
role = &tmp
|
2018-01-18 21:30:04 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-08-24 21:37:54 +08:00
|
|
|
|
permission := dashboardPermissionMap[hs.dashboardPermissionsService.MapActions(p)]
|
|
|
|
|
|
|
2024-01-24 19:39:11 +08:00
|
|
|
|
metrics.MFolderIDsAPICount.WithLabelValues(metrics.GetDashboardACL).Inc()
|
2023-08-24 21:37:54 +08:00
|
|
|
|
acl = append(acl, &dashboards.DashboardACLInfoDTO{
|
|
|
|
|
|
OrgID: dashboard.OrgID,
|
|
|
|
|
|
DashboardID: dashboard.ID,
|
2023-11-15 23:28:50 +08:00
|
|
|
|
FolderID: dashboard.FolderID, // nolint:staticcheck
|
2023-08-24 21:37:54 +08:00
|
|
|
|
Created: p.Created,
|
|
|
|
|
|
Updated: p.Updated,
|
2024-10-31 23:17:13 +08:00
|
|
|
|
UserID: p.UserID,
|
2023-08-24 21:37:54 +08:00
|
|
|
|
UserLogin: p.UserLogin,
|
|
|
|
|
|
UserEmail: p.UserEmail,
|
2024-10-31 23:17:13 +08:00
|
|
|
|
TeamID: p.TeamID,
|
2023-08-24 21:37:54 +08:00
|
|
|
|
TeamEmail: p.TeamEmail,
|
|
|
|
|
|
Team: p.Team,
|
|
|
|
|
|
Role: role,
|
|
|
|
|
|
Permission: permission,
|
|
|
|
|
|
PermissionName: permission.String(),
|
|
|
|
|
|
UID: dashboard.UID,
|
|
|
|
|
|
Title: dashboard.Title,
|
|
|
|
|
|
Slug: dashboard.Slug,
|
|
|
|
|
|
IsFolder: dashboard.IsFolder,
|
|
|
|
|
|
URL: dashboard.GetURL(),
|
|
|
|
|
|
Inherited: false,
|
|
|
|
|
|
})
|
2018-01-18 21:30:04 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-08-24 21:37:54 +08:00
|
|
|
|
return acl, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (hs *HTTPServer) filterHiddenACL(user identity.Requester, acl []*dashboards.DashboardACLInfoDTO) []*dashboards.DashboardACL {
|
|
|
|
|
|
var hiddenACL []*dashboards.DashboardACL
|
|
|
|
|
|
|
|
|
|
|
|
if user.GetIsGrafanaAdmin() {
|
|
|
|
|
|
return hiddenACL
|
2022-03-03 22:05:47 +08:00
|
|
|
|
}
|
2023-08-24 21:37:54 +08:00
|
|
|
|
|
|
|
|
|
|
for _, item := range acl {
|
|
|
|
|
|
if item.Inherited || item.UserLogin == user.GetLogin() {
|
|
|
|
|
|
continue
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if _, hidden := hs.Cfg.HiddenUsers[item.UserLogin]; hidden {
|
|
|
|
|
|
hiddenACL = append(hiddenACL, &dashboards.DashboardACL{
|
|
|
|
|
|
OrgID: item.OrgID,
|
|
|
|
|
|
DashboardID: item.DashboardID,
|
|
|
|
|
|
UserID: item.UserID,
|
|
|
|
|
|
TeamID: item.TeamID,
|
|
|
|
|
|
Role: item.Role,
|
|
|
|
|
|
Permission: item.Permission,
|
|
|
|
|
|
Created: item.Created,
|
|
|
|
|
|
Updated: item.Updated,
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
2017-06-10 03:56:13 +08:00
|
|
|
|
}
|
2023-08-24 21:37:54 +08:00
|
|
|
|
|
|
|
|
|
|
return hiddenACL
|
2017-06-10 03:56:13 +08:00
|
|
|
|
}
|
2020-11-18 22:36:41 +08:00
|
|
|
|
|
2022-03-03 22:05:47 +08:00
|
|
|
|
// updateDashboardAccessControl is used for api backward compatibility
|
2023-01-20 21:58:47 +08:00
|
|
|
|
func (hs *HTTPServer) updateDashboardAccessControl(ctx context.Context, orgID int64, uid string, isFolder bool, items []*dashboards.DashboardACL, old []*dashboards.DashboardACLInfoDTO) error {
|
2024-08-30 14:26:15 +08:00
|
|
|
|
ctx, span := tracer.Start(ctx, "api.updateDashboardAccessControl")
|
|
|
|
|
|
defer span.End()
|
|
|
|
|
|
|
2022-03-03 22:05:47 +08:00
|
|
|
|
commands := []accesscontrol.SetResourcePermissionCommand{}
|
|
|
|
|
|
for _, item := range items {
|
|
|
|
|
|
permissions := item.Permission.String()
|
|
|
|
|
|
role := ""
|
|
|
|
|
|
if item.Role != nil {
|
|
|
|
|
|
role = string(*item.Role)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
commands = append(commands, accesscontrol.SetResourcePermissionCommand{
|
|
|
|
|
|
UserID: item.UserID,
|
|
|
|
|
|
TeamID: item.TeamID,
|
|
|
|
|
|
BuiltinRole: role,
|
|
|
|
|
|
Permission: permissions,
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
for _, o := range old {
|
|
|
|
|
|
shouldRemove := true
|
|
|
|
|
|
for _, item := range items {
|
2023-01-20 21:58:47 +08:00
|
|
|
|
if item.UserID != 0 && item.UserID == o.UserID {
|
2022-03-03 22:05:47 +08:00
|
|
|
|
shouldRemove = false
|
|
|
|
|
|
break
|
|
|
|
|
|
}
|
2023-01-20 21:58:47 +08:00
|
|
|
|
if item.TeamID != 0 && item.TeamID == o.TeamID {
|
2022-03-03 22:05:47 +08:00
|
|
|
|
shouldRemove = false
|
|
|
|
|
|
break
|
|
|
|
|
|
}
|
|
|
|
|
|
if item.Role != nil && o.Role != nil && *item.Role == *o.Role {
|
|
|
|
|
|
shouldRemove = false
|
|
|
|
|
|
break
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
if shouldRemove {
|
|
|
|
|
|
role := ""
|
|
|
|
|
|
if o.Role != nil {
|
|
|
|
|
|
role = string(*o.Role)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
commands = append(commands, accesscontrol.SetResourcePermissionCommand{
|
2023-01-20 21:58:47 +08:00
|
|
|
|
UserID: o.UserID,
|
|
|
|
|
|
TeamID: o.TeamID,
|
2022-03-03 22:05:47 +08:00
|
|
|
|
BuiltinRole: role,
|
|
|
|
|
|
Permission: "",
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if isFolder {
|
2022-05-10 21:48:47 +08:00
|
|
|
|
if _, err := hs.folderPermissionsService.SetPermissions(ctx, orgID, uid, commands...); err != nil {
|
|
|
|
|
|
return err
|
|
|
|
|
|
}
|
|
|
|
|
|
return nil
|
2022-03-03 22:05:47 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-05-10 21:48:47 +08:00
|
|
|
|
if _, err := hs.dashboardPermissionsService.SetPermissions(ctx, orgID, uid, commands...); err != nil {
|
|
|
|
|
|
return err
|
|
|
|
|
|
}
|
|
|
|
|
|
return nil
|
2022-03-03 22:05:47 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-07-18 21:14:58 +08:00
|
|
|
|
func validatePermissionsUpdate(apiCmd dtos.UpdateDashboardACLCommand) error {
|
2020-11-18 22:36:41 +08:00
|
|
|
|
for _, item := range apiCmd.Items {
|
2021-10-14 02:16:58 +08:00
|
|
|
|
if item.UserID > 0 && item.TeamID > 0 {
|
2023-11-22 21:20:22 +08:00
|
|
|
|
return dashboardaccess.ErrPermissionsWithUserAndTeamNotAllowed
|
2021-10-14 02:16:58 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-11-18 23:16:58 +08:00
|
|
|
|
if (item.UserID > 0 || item.TeamID > 0) && item.Role != nil {
|
2023-11-22 21:20:22 +08:00
|
|
|
|
return dashboardaccess.ErrPermissionsWithRoleNotAllowed
|
2020-11-18 22:36:41 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return nil
|
|
|
|
|
|
}
|
2022-07-27 21:54:37 +08:00
|
|
|
|
|
|
|
|
|
|
// swagger:parameters getDashboardPermissionsListByUID
|
|
|
|
|
|
type GetDashboardPermissionsListByUIDParams struct {
|
|
|
|
|
|
// in:path
|
|
|
|
|
|
// required:true
|
|
|
|
|
|
UID string `json:"uid"`
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// swagger:parameters getDashboardPermissionsListByID
|
|
|
|
|
|
type GetDashboardPermissionsListByIDParams struct {
|
|
|
|
|
|
// in:path
|
|
|
|
|
|
DashboardID int64
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// swagger:parameters updateDashboardPermissionsByID
|
|
|
|
|
|
type UpdateDashboardPermissionsByIDParams struct {
|
|
|
|
|
|
// in:body
|
|
|
|
|
|
// required:true
|
|
|
|
|
|
Body dtos.UpdateDashboardACLCommand
|
|
|
|
|
|
// in:path
|
|
|
|
|
|
DashboardID int64
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// swagger:parameters updateDashboardPermissionsByUID
|
|
|
|
|
|
type UpdateDashboardPermissionsByUIDParams struct {
|
|
|
|
|
|
// in:body
|
|
|
|
|
|
// required:true
|
|
|
|
|
|
Body dtos.UpdateDashboardACLCommand
|
|
|
|
|
|
// in:path
|
|
|
|
|
|
// required:true
|
|
|
|
|
|
// description: The dashboard UID
|
|
|
|
|
|
UID string `json:"uid"`
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// swagger:response getDashboardPermissionsListResponse
|
|
|
|
|
|
type GetDashboardPermissionsResponse struct {
|
|
|
|
|
|
// in: body
|
2023-01-20 21:58:47 +08:00
|
|
|
|
Body []*dashboards.DashboardACLInfoDTO `json:"body"`
|
2022-07-27 21:54:37 +08:00
|
|
|
|
}
|
