grafana/pkg/services/sqlstore/sqlbuilder.go

package sqlstore

import (
	"bytes"
	"strings"

	m "github.com/grafana/grafana/pkg/models"
)

type SqlBuilder struct {
	sql    bytes.Buffer
	params []interface{}
}

func (sb *SqlBuilder) writeDashboardPermissionFilter(user *m.SignedInUser, permission m.PermissionType) {

	if user.OrgRole == m.ROLE_ADMIN {
		return
	}

	okRoles := []interface{}{user.OrgRole}

	if user.OrgRole == m.ROLE_EDITOR {
		okRoles = append(okRoles, m.ROLE_VIEWER)
	}

	sb.sql.WriteString(` AND
	(
		dashboard.has_acl = ` + dialect.BooleanStr(false) + ` OR
		dashboard.id in (
			SELECT distinct d.id AS DashboardId
			FROM dashboard AS d
				LEFT JOIN dashboard_acl as da on d.folder_id = da.dashboard_id or d.id = da.dashboard_id
				LEFT JOIN team_member as ugm on ugm.team_id =  da.team_id
			WHERE
				d.has_acl = ` + dialect.BooleanStr(true) + ` AND
				d.org_id = ? AND
				da.permission >= ? AND
				(da.user_id = ? or ugm.user_id = ? or da.role IN (?` + strings.Repeat(",?", len(okRoles)-1) + `))
		)
	)`)

	sb.params = append(sb.params, user.OrgId, permission, user.UserId, user.UserId)
	sb.params = append(sb.params, okRoles...)
}
fix: initial fix for #10822 2018-02-08 00:54:21 +08:00			`package sqlstore`

			`import (`
			`"bytes"`
			`"strings"`

			`m "github.com/grafana/grafana/pkg/models"`
			`)`

			`type SqlBuilder struct {`
			`sql bytes.Buffer`
			`params []interface{}`
			`}`

dashboard and folder search with permissions 2018-02-09 00:11:01 +08:00			`func (sb SqlBuilder) writeDashboardPermissionFilter(user m.SignedInUser, permission m.PermissionType) {`
fix: initial fix for #10822 2018-02-08 00:54:21 +08:00
			`if user.OrgRole == m.ROLE_ADMIN {`
			`return`
			`}`

			`okRoles := []interface{}{user.OrgRole}`

			`if user.OrgRole == m.ROLE_EDITOR {`
			`okRoles = append(okRoles, m.ROLE_VIEWER)`
			`}`

			sb.sql.WriteString(` AND
			`(`
			dashboard.has_acl = ` + dialect.BooleanStr(false) + ` OR
			`dashboard.id in (`
			`SELECT distinct d.id AS DashboardId`
			`FROM dashboard AS d`
			`LEFT JOIN dashboard_acl as da on d.folder_id = da.dashboard_id or d.id = da.dashboard_id`
			`LEFT JOIN team_member as ugm on ugm.team_id = da.team_id`
			`WHERE`
			d.has_acl = ` + dialect.BooleanStr(true) + ` AND
			`d.org_id = ? AND`
			`da.permission >= ? AND`
			(da.user_id = ? or ugm.user_id = ? or da.role IN (?` + strings.Repeat(",?", len(okRoles)-1) + `))
			`)`
			)`)

dashboard and folder search with permissions 2018-02-09 00:11:01 +08:00			`sb.params = append(sb.params, user.OrgId, permission, user.UserId, user.UserId)`
fix: initial fix for #10822 2018-02-08 00:54:21 +08:00			`sb.params = append(sb.params, okRoles...)`
			`}`