Merge pull request grafana#11683 from marefr/11668_default_permissions

Fix for default permissions on folder are not shown as inherited in it's dashboards

pkg/models/dashboard_acl.go

@@ -69,6 +69,7 @@ type DashboardAclInfoDTO struct {
 	Slug           string         `json:"slug"`
 	IsFolder       bool           `json:"isFolder"`
 	Url            string         `json:"url"`
+	Inherited      bool           `json:"inherited"`
 }
 
 func (dto *DashboardAclInfoDTO) hasSameRoleAs(other *DashboardAclInfoDTO) bool {

pkg/services/guardian/guardian.go

@@ -154,12 +154,7 @@ func (g *dashboardGuardianImpl) CheckPermissionBeforeUpdate(permission m.Permiss
 	// validate overridden permissions to be higher
 	for _, a := range acl {
 		for _, existingPerm := range existingPermissions {
-			// handle default permissions
-			if existingPerm.DashboardId == -1 {
-				existingPerm.DashboardId = g.dashId
-			}
-
-			if a.DashboardId == existingPerm.DashboardId {
+			if !existingPerm.Inherited {
 				continue
 			}
 
@@ -187,13 +182,6 @@ func (g *dashboardGuardianImpl) GetAcl() ([]*m.DashboardAclInfoDTO, error) {
 		return nil, err
 	}
 
-	for _, a := range query.Result {
-		// handle default permissions
-		if a.DashboardId == -1 {
-			a.DashboardId = g.dashId
-		}
-	}
-
 	g.acl = query.Result
 	return g.acl, nil
 }

pkg/services/guardian/guardian_test.go

@@ -217,13 +217,13 @@ func (sc *scenarioContext) parentFolderPermissionScenario(pt permissionType, per
 
 	switch pt {
 	case USER:
-		folderPermissionList = []*m.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, UserId: userID, Permission: permission}}
+		folderPermissionList = []*m.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, UserId: userID, Permission: permission, Inherited: true}}
 	case TEAM:
-		folderPermissionList = []*m.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, TeamId: teamID, Permission: permission}}
+		folderPermissionList = []*m.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, TeamId: teamID, Permission: permission, Inherited: true}}
 	case EDITOR:
-		folderPermissionList = []*m.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, Role: &editorRole, Permission: permission}}
+		folderPermissionList = []*m.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, Role: &editorRole, Permission: permission, Inherited: true}}
 	case VIEWER:
-		folderPermissionList = []*m.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, Role: &viewerRole, Permission: permission}}
+		folderPermissionList = []*m.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, Role: &viewerRole, Permission: permission, Inherited: true}}
 	}
 
 	permissionScenario(fmt.Sprintf("and parent folder has %s with permission to %s", pt.String(), permission.String()), childDashboardID, sc, folderPermissionList, func(sc *scenarioContext) {

pkg/services/sqlstore/dashboard_acl.go

@@ -67,7 +67,8 @@ func GetDashboardAclInfoList(query *m.GetDashboardAclInfoListQuery) error {
 		'' as title,
 		'' as slug,
 		'' as uid,` +
-			falseStr + ` AS is_folder
+			falseStr + ` AS is_folder,` +
+			falseStr + ` AS inherited
 		FROM dashboard_acl as da
 		WHERE da.dashboard_id = -1`
 		query.Result = make([]*m.DashboardAclInfoDTO, 0)
@@ -94,7 +95,8 @@ func GetDashboardAclInfoList(query *m.GetDashboardAclInfoListQuery) error {
 				d.title,
 				d.slug,
 				d.uid,
-				d.is_folder
+				d.is_folder,
+				CASE WHEN (da.dashboard_id = -1 AND d.folder_id > 0) OR da.dashboard_id = d.folder_id THEN ` + dialect.BooleanStr(true) + ` ELSE ` + falseStr + ` END AS inherited
 			FROM dashboard as d
 				LEFT JOIN dashboard folder on folder.id = d.folder_id
 				LEFT JOIN dashboard_acl AS da ON

pkg/services/sqlstore/dashboard_acl_test.go

@@ -26,6 +26,22 @@ func TestDashboardAclDataAccess(t *testing.T) {
 			})
 
 			Convey("Given dashboard folder with default permissions", func() {
+				Convey("When reading folder acl should include default acl", func() {
+					query := m.GetDashboardAclInfoListQuery{DashboardId: savedFolder.Id, OrgId: 1}
+
+					err := GetDashboardAclInfoList(&query)
+					So(err, ShouldBeNil)
+
+					So(len(query.Result), ShouldEqual, 2)
+					defaultPermissionsId := -1
+					So(query.Result[0].DashboardId, ShouldEqual, defaultPermissionsId)
+					So(*query.Result[0].Role, ShouldEqual, m.ROLE_VIEWER)
+					So(query.Result[0].Inherited, ShouldBeFalse)
+					So(query.Result[1].DashboardId, ShouldEqual, defaultPermissionsId)
+					So(*query.Result[1].Role, ShouldEqual, m.ROLE_EDITOR)
+					So(query.Result[1].Inherited, ShouldBeFalse)
+				})
+
 				Convey("When reading dashboard acl should include acl for parent folder", func() {
 					query := m.GetDashboardAclInfoListQuery{DashboardId: childDash.Id, OrgId: 1}
 
@@ -36,8 +52,10 @@ func TestDashboardAclDataAccess(t *testing.T) {
 					defaultPermissionsId := -1
 					So(query.Result[0].DashboardId, ShouldEqual, defaultPermissionsId)
 					So(*query.Result[0].Role, ShouldEqual, m.ROLE_VIEWER)
+					So(query.Result[0].Inherited, ShouldBeTrue)
 					So(query.Result[1].DashboardId, ShouldEqual, defaultPermissionsId)
 					So(*query.Result[1].Role, ShouldEqual, m.ROLE_EDITOR)
+					So(query.Result[1].Inherited, ShouldBeTrue)
 				})
 			})
 
@@ -94,7 +112,9 @@ func TestDashboardAclDataAccess(t *testing.T) {
 
 						So(len(query.Result), ShouldEqual, 2)
 						So(query.Result[0].DashboardId, ShouldEqual, savedFolder.Id)
+						So(query.Result[0].Inherited, ShouldBeTrue)
 						So(query.Result[1].DashboardId, ShouldEqual, childDash.Id)
+						So(query.Result[1].Inherited, ShouldBeFalse)
 					})
 				})
 			})
@@ -118,9 +138,12 @@ func TestDashboardAclDataAccess(t *testing.T) {
 					So(len(query.Result), ShouldEqual, 3)
 					So(query.Result[0].DashboardId, ShouldEqual, defaultPermissionsId)
 					So(*query.Result[0].Role, ShouldEqual, m.ROLE_VIEWER)
+					So(query.Result[0].Inherited, ShouldBeTrue)
 					So(query.Result[1].DashboardId, ShouldEqual, defaultPermissionsId)
 					So(*query.Result[1].Role, ShouldEqual, m.ROLE_EDITOR)
+					So(query.Result[1].Inherited, ShouldBeTrue)
 					So(query.Result[2].DashboardId, ShouldEqual, childDash.Id)
+					So(query.Result[2].Inherited, ShouldBeFalse)
 				})
 			})
 
@@ -209,8 +232,10 @@ func TestDashboardAclDataAccess(t *testing.T) {
 				defaultPermissionsId := -1
 				So(query.Result[0].DashboardId, ShouldEqual, defaultPermissionsId)
 				So(*query.Result[0].Role, ShouldEqual, m.ROLE_VIEWER)
+				So(query.Result[0].Inherited, ShouldBeFalse)
 				So(query.Result[1].DashboardId, ShouldEqual, defaultPermissionsId)
 				So(*query.Result[1].Role, ShouldEqual, m.ROLE_EDITOR)
+				So(query.Result[1].Inherited, ShouldBeFalse)
 			})
 		})
 	})

public/app/core/components/Permissions/PermissionsListItem.tsx

@@ -41,7 +41,7 @@ export default observer(({ item, removeItem, permissionChanged, itemIndex, folde
     permissionChanged(itemIndex, permissionOption.value, permissionOption.label);
   };
 
-  const inheritedFromRoot = item.dashboardId === -1 && folderInfo && folderInfo.id === 0;
+  const inheritedFromRoot = item.dashboardId === -1 && !item.inherited;
 
   return (
     <tr className={setClassNameHelper(item.inherited)}>

public/app/stores/PermissionsStore/PermissionsStore.jest.ts

@@ -16,6 +16,7 @@ describe('PermissionsStore', () => {
           permissionName: 'View',
           teamId: 1,
           team: 'MyTestTeam',
+          inherited: true,
         },
         {
           id: 5,

public/app/stores/PermissionsStore/PermissionsStore.ts

@@ -224,8 +224,6 @@ const prepareServerResponse = (response, dashboardId: number, isFolder: boolean,
 };
 
 const prepareItem = (item, dashboardId: number, isFolder: boolean, isInRoot: boolean) => {
-  item.inherited = !isFolder && !isInRoot && dashboardId !== item.dashboardId;
-
   item.sortRank = 0;
   if (item.userId > 0) {
     item.name = item.userLogin;