(cherry picked from commit 2425828a0b)
This commit is contained in:
Karl Persson
GitHub
@@ -128,14 +128,14 @@ func (s *AccessControlStore) setResourcePermissions(
|
||||
var permissions []accesscontrol.ResourcePermission
|
||||
|
||||
for action := range missing {
|
||||
p, err := createResourcePermission(sess, role.ID, action, cmd.Resource, cmd.ResourceID)
|
||||
p, err := s.createResourcePermission(sess, role.ID, action, cmd.Resource, cmd.ResourceID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
permissions = append(permissions, *p)
|
||||
}
|
||||
|
||||
keptPermissions, err := getManagedPermissions(sess, cmd.ResourceID, keep)
|
||||
keptPermissions, err := s.getManagedPermissions(sess, cmd.ResourceID, keep)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -187,14 +187,14 @@ func (s *AccessControlStore) GetResourcesPermissions(ctx context.Context, orgID
|
||||
|
||||
err := s.sql.WithDbSession(ctx, func(sess *sqlstore.DBSession) error {
|
||||
var err error
|
||||
result, err = getResourcesPermissions(sess, orgID, query, false)
|
||||
result, err = s.getResourcesPermissions(sess, orgID, query, false)
|
||||
return err
|
||||
})
|
||||
|
||||
return result, err
|
||||
}
|
||||
|
||||
func createResourcePermission(sess *sqlstore.DBSession, roleID int64, action, resource string, resourceID string) (*accesscontrol.ResourcePermission, error) {
|
||||
func (s *AccessControlStore) createResourcePermission(sess *sqlstore.DBSession, roleID int64, action, resource string, resourceID string) (*accesscontrol.ResourcePermission, error) {
|
||||
permission := managedPermission(action, resource, resourceID)
|
||||
permission.RoleID = roleID
|
||||
permission.Created = time.Now()
|
||||
@@ -220,7 +220,7 @@ func createResourcePermission(sess *sqlstore.DBSession, roleID int64, action, re
|
||||
LEFT JOIN team_role tr ON r.id = tr.role_id
|
||||
LEFT JOIN team t ON tr.team_id = t.id
|
||||
LEFT JOIN user_role ur ON r.id = ur.role_id
|
||||
LEFT JOIN user u ON ur.user_id = u.id
|
||||
LEFT JOIN ` + s.sql.Dialect.Quote("user") + ` u ON ur.user_id = u.id
|
||||
WHERE p.id = ?
|
||||
`
|
||||
|
||||
@@ -232,7 +232,7 @@ func createResourcePermission(sess *sqlstore.DBSession, roleID int64, action, re
|
||||
return p, nil
|
||||
}
|
||||
|
||||
func getResourcesPermissions(sess *sqlstore.DBSession, orgID int64, query accesscontrol.GetResourcesPermissionsQuery, managed bool) ([]accesscontrol.ResourcePermission, error) {
|
||||
func (s *AccessControlStore) getResourcesPermissions(sess *sqlstore.DBSession, orgID int64, query accesscontrol.GetResourcesPermissionsQuery, managed bool) ([]accesscontrol.ResourcePermission, error) {
|
||||
result := make([]accesscontrol.ResourcePermission, 0)
|
||||
|
||||
if len(query.Actions) == 0 {
|
||||
@@ -284,16 +284,16 @@ func getResourcesPermissions(sess *sqlstore.DBSession, orgID int64, query access
|
||||
INNER JOIN role r ON p.role_id = r.id
|
||||
`
|
||||
userFrom := rawFrom + `
|
||||
INNER JOIN user_role ur ON r.id = ur.role_id
|
||||
INNER JOIN user u ON ur.user_id = u.id
|
||||
INNER JOIN user_role ur ON r.id = ur.role_id AND (ur.org_id = 0 OR ur.org_id = ?)
|
||||
INNER JOIN ` + s.sql.Dialect.Quote("user") + ` u ON ur.user_id = u.id
|
||||
`
|
||||
teamFrom := rawFrom + `
|
||||
INNER JOIN team_role tr ON r.id = tr.role_id
|
||||
INNER JOIN team_role tr ON r.id = tr.role_id AND (tr.org_id = 0 OR tr.org_id = ?)
|
||||
INNER JOIN team t ON tr.team_id = t.id
|
||||
`
|
||||
|
||||
builtinFrom := rawFrom + `
|
||||
INNER JOIN builtin_role br ON r.id = br.role_id
|
||||
INNER JOIN builtin_role br ON r.id = br.role_id AND (br.org_id = 0 OR br.org_id = ?)
|
||||
`
|
||||
where := `
|
||||
WHERE (r.org_id = ? OR r.org_id = 0)
|
||||
@@ -306,6 +306,7 @@ func getResourcesPermissions(sess *sqlstore.DBSession, orgID int64, query access
|
||||
}
|
||||
|
||||
args := []interface{}{
|
||||
orgID,
|
||||
orgID,
|
||||
getResourceAllScope(query.Resource),
|
||||
getResourceAllIDScope(query.Resource),
|
||||
@@ -448,12 +449,12 @@ func (s *AccessControlStore) getOrCreateManagedRole(sess *sqlstore.DBSession, or
|
||||
return &role, nil
|
||||
}
|
||||
|
||||
func getManagedPermissions(sess *sqlstore.DBSession, resourceID string, ids []int64) ([]accesscontrol.ResourcePermission, error) {
|
||||
func (s *AccessControlStore) getManagedPermissions(sess *sqlstore.DBSession, resourceID string, ids []int64) ([]accesscontrol.ResourcePermission, error) {
|
||||
var result []accesscontrol.ResourcePermission
|
||||
|
||||
if len(ids) == 0 {
|
||||
return result, nil
|
||||
}
|
||||
|
||||
rawSql := `
|
||||
SELECT
|
||||
p.*,
|
||||
@@ -470,7 +471,7 @@ func getManagedPermissions(sess *sqlstore.DBSession, resourceID string, ids []in
|
||||
LEFT JOIN team_role tr ON r.id = tr.role_id
|
||||
LEFT JOIN team t ON tr.team_id = t.id
|
||||
LEFT JOIN user_role ur ON r.id = ur.role_id
|
||||
LEFT JOIN user u ON ur.user_id = u.id
|
||||
LEFT JOIN ` + s.sql.Dialect.Quote("user") + ` u ON ur.user_id = u.id
|
||||
WHERE p.id IN (?` + strings.Repeat(",?", len(ids)-1) + `)
|
||||
`
|
||||
|
||||
|
||||
Reference in New Issue
Block a user