mirror of https://github.com/grafana/grafana.git
66 lines
1.7 KiB
Go
66 lines
1.7 KiB
Go
package sqlstore
|
|
|
|
import (
|
|
"bytes"
|
|
"strings"
|
|
|
|
m "github.com/grafana/grafana/pkg/models"
|
|
)
|
|
|
|
type SqlBuilder struct {
|
|
sql bytes.Buffer
|
|
params []interface{}
|
|
}
|
|
|
|
func (sb *SqlBuilder) writeDashboardPermissionFilter(user *m.SignedInUser, permission m.PermissionType) {
|
|
|
|
if user.OrgRole == m.ROLE_ADMIN {
|
|
return
|
|
}
|
|
|
|
okRoles := []interface{}{user.OrgRole}
|
|
|
|
if user.OrgRole == m.ROLE_EDITOR {
|
|
okRoles = append(okRoles, m.ROLE_VIEWER)
|
|
}
|
|
|
|
// SELECT dash.id, dash.title, dash.folder_id
|
|
// FROM dashboard AS dash
|
|
// LEFT JOIN dashboard folder on folder.id = dash.folder_id
|
|
// LEFT JOIN dashboard_acl AS da ON
|
|
// da.dashboard_id = dash.id OR
|
|
// da.dashboard_id = dash.folder_id OR
|
|
// (
|
|
// -- include default permissions -->
|
|
// da.org_id = -1 AND (folder.has_acl = 0 OR (dash.has_acl = 0 AND dash.folder_id = 0))
|
|
// )
|
|
// LEFT JOIN team_member as ugm on ugm.team_id = da.team_id
|
|
// WHERE
|
|
// dash.org_id = 5 AND
|
|
// (
|
|
// da.user_id = 8 or
|
|
// ugm.user_id = 8 or
|
|
// da.role in ('Viewer', 'Editor')
|
|
// ) AND
|
|
// da.permission > 1
|
|
//
|
|
sb.sql.WriteString(` AND
|
|
(
|
|
dashboard.has_acl = ` + dialect.BooleanStr(false) + ` OR
|
|
dashboard.id in (
|
|
SELECT distinct d.id AS DashboardId
|
|
FROM dashboard AS d
|
|
LEFT JOIN dashboard_acl as da on d.folder_id = da.dashboard_id or d.id = da.dashboard_id
|
|
LEFT JOIN team_member as ugm on ugm.team_id = da.team_id
|
|
WHERE
|
|
d.has_acl = ` + dialect.BooleanStr(true) + ` AND
|
|
d.org_id = ? AND
|
|
da.permission >= ? AND
|
|
(da.user_id = ? or ugm.user_id = ? or da.role IN (?` + strings.Repeat(",?", len(okRoles)-1) + `))
|
|
)
|
|
)`)
|
|
|
|
sb.params = append(sb.params, user.OrgId, permission, user.UserId, user.UserId)
|
|
sb.params = append(sb.params, okRoles...)
|
|
}
|