2018-02-08 00:54:21 +08:00
|
|
|
package sqlstore
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"bytes"
|
|
|
|
|
"strings"
|
|
|
|
|
|
2020-02-29 20:35:15 +08:00
|
|
|
"github.com/grafana/grafana/pkg/models"
|
2018-02-08 00:54:21 +08:00
|
|
|
)
|
|
|
|
|
|
2020-11-11 13:21:08 +08:00
|
|
|
type SQLBuilder struct {
|
2018-02-08 00:54:21 +08:00
|
|
|
sql bytes.Buffer
|
|
|
|
|
params []interface{}
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-11 13:21:08 +08:00
|
|
|
func (sb *SQLBuilder) Write(sql string, params ...interface{}) {
|
2018-02-16 20:56:04 +08:00
|
|
|
sb.sql.WriteString(sql)
|
|
|
|
|
|
|
|
|
|
if len(params) > 0 {
|
|
|
|
|
sb.params = append(sb.params, params...)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-11 13:21:08 +08:00
|
|
|
func (sb *SQLBuilder) GetSQLString() string {
|
2018-02-16 20:56:04 +08:00
|
|
|
return sb.sql.String()
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-24 21:06:22 +08:00
|
|
|
func (sb *SQLBuilder) GetParams() []interface{} {
|
|
|
|
|
return sb.params
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-11 13:21:08 +08:00
|
|
|
func (sb *SQLBuilder) AddParams(params ...interface{}) {
|
2018-02-16 20:56:04 +08:00
|
|
|
sb.params = append(sb.params, params...)
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-24 21:06:22 +08:00
|
|
|
func (sb *SQLBuilder) WriteDashboardPermissionFilter(user *models.SignedInUser, permission models.PermissionType) {
|
2020-02-29 20:35:15 +08:00
|
|
|
if user.OrgRole == models.ROLE_ADMIN {
|
2018-02-08 00:54:21 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
okRoles := []interface{}{user.OrgRole}
|
|
|
|
|
|
2020-02-29 20:35:15 +08:00
|
|
|
if user.OrgRole == models.ROLE_EDITOR {
|
|
|
|
|
okRoles = append(okRoles, models.ROLE_VIEWER)
|
2018-02-08 00:54:21 +08:00
|
|
|
}
|
|
|
|
|
|
2018-02-13 23:49:00 +08:00
|
|
|
falseStr := dialect.BooleanStr(false)
|
|
|
|
|
|
2018-02-08 00:54:21 +08:00
|
|
|
sb.sql.WriteString(` AND
|
|
|
|
|
(
|
2018-02-13 23:49:00 +08:00
|
|
|
dashboard.id IN (
|
2019-06-05 16:55:50 +08:00
|
|
|
SELECT distinct DashboardId from (
|
|
|
|
|
SELECT d.id AS DashboardId
|
|
|
|
|
FROM dashboard AS d
|
|
|
|
|
LEFT JOIN dashboard_acl AS da ON
|
|
|
|
|
da.dashboard_id = d.id OR
|
|
|
|
|
da.dashboard_id = d.folder_id
|
|
|
|
|
WHERE
|
|
|
|
|
d.org_id = ? AND
|
|
|
|
|
da.permission >= ? AND
|
|
|
|
|
(
|
|
|
|
|
da.user_id = ? OR
|
2022-01-04 20:04:02 +08:00
|
|
|
da.team_id IN (SELECT team_id from team_member AS tm WHERE tm.user_id = ?) OR
|
2019-06-05 16:55:50 +08:00
|
|
|
da.role IN (?` + strings.Repeat(",?", len(okRoles)-1) + `)
|
|
|
|
|
)
|
|
|
|
|
UNION
|
|
|
|
|
SELECT d.id AS DashboardId
|
|
|
|
|
FROM dashboard AS d
|
|
|
|
|
LEFT JOIN dashboard AS folder on folder.id = d.folder_id
|
|
|
|
|
LEFT JOIN dashboard_acl AS da ON
|
|
|
|
|
(
|
|
|
|
|
-- include default permissions -->
|
|
|
|
|
da.org_id = -1 AND (
|
|
|
|
|
(folder.id IS NOT NULL AND folder.has_acl = ` + falseStr + `) OR
|
|
|
|
|
(folder.id IS NULL AND d.has_acl = ` + falseStr + `)
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
WHERE
|
|
|
|
|
d.org_id = ? AND
|
|
|
|
|
da.permission >= ? AND
|
|
|
|
|
(
|
|
|
|
|
da.user_id = ? OR
|
|
|
|
|
da.role IN (?` + strings.Repeat(",?", len(okRoles)-1) + `)
|
|
|
|
|
)
|
|
|
|
|
) AS a
|
2018-02-08 00:54:21 +08:00
|
|
|
)
|
|
|
|
|
)`)
|
|
|
|
|
|
2018-02-09 00:11:01 +08:00
|
|
|
sb.params = append(sb.params, user.OrgId, permission, user.UserId, user.UserId)
|
2018-02-08 00:54:21 +08:00
|
|
|
sb.params = append(sb.params, okRoles...)
|
2019-06-05 16:55:50 +08:00
|
|
|
|
|
|
|
|
sb.params = append(sb.params, user.OrgId, permission, user.UserId)
|
|
|
|
|
sb.params = append(sb.params, okRoles...)
|
2018-02-08 00:54:21 +08:00
|
|
|
}
|
