1package models
2
3import (
4	"errors"
5	"time"
6)
7
8type PermissionType int
9
10const (
11	PERMISSION_VIEW PermissionType = 1 << iota
12	PERMISSION_EDIT
13	PERMISSION_ADMIN
14)
15
16func (p PermissionType) String() string {
17	names := map[int]string{
18		int(PERMISSION_VIEW):  "View",
19		int(PERMISSION_EDIT):  "Edit",
20		int(PERMISSION_ADMIN): "Admin",
21	}
22	return names[int(p)]
23}
24
25// Typed errors
26var (
27	ErrDashboardAclInfoMissing              = errors.New("user id and team id cannot both be empty for a dashboard permission")
28	ErrDashboardPermissionDashboardEmpty    = errors.New("dashboard id must be greater than zero for a dashboard permission")
29	ErrFolderAclInfoMissing                 = errors.New("user id and team id cannot both be empty for a folder permission")
30	ErrFolderPermissionFolderEmpty          = errors.New("folder id must be greater than zero for a folder permission")
31	ErrPermissionsWithRoleNotAllowed        = errors.New("permissions cannot have both a user and team")
32	ErrPermissionsWithUserAndTeamNotAllowed = errors.New("team and user permissions cannot have an associated role")
33)
34
35// Dashboard ACL model
36type DashboardAcl struct {
37	// nolint:stylecheck
38	Id          int64
39	OrgID       int64 `xorm:"org_id"`
40	DashboardID int64 `xorm:"dashboard_id"`
41
42	UserID     int64     `xorm:"user_id"`
43	TeamID     int64     `xorm:"team_id"`
44	Role       *RoleType // pointer to be nullable
45	Permission PermissionType
46
47	Created time.Time
48	Updated time.Time
49}
50
51type DashboardAclInfoDTO struct {
52	OrgId       int64 `json:"-"`
53	DashboardId int64 `json:"dashboardId,omitempty"`
54	FolderId    int64 `json:"folderId,omitempty"`
55
56	Created time.Time `json:"created"`
57	Updated time.Time `json:"updated"`
58
59	UserId         int64          `json:"userId"`
60	UserLogin      string         `json:"userLogin"`
61	UserEmail      string         `json:"userEmail"`
62	UserAvatarUrl  string         `json:"userAvatarUrl"`
63	TeamId         int64          `json:"teamId"`
64	TeamEmail      string         `json:"teamEmail"`
65	TeamAvatarUrl  string         `json:"teamAvatarUrl"`
66	Team           string         `json:"team"`
67	Role           *RoleType      `json:"role,omitempty"`
68	Permission     PermissionType `json:"permission"`
69	PermissionName string         `json:"permissionName"`
70	Uid            string         `json:"uid"`
71	Title          string         `json:"title"`
72	Slug           string         `json:"slug"`
73	IsFolder       bool           `json:"isFolder"`
74	Url            string         `json:"url"`
75	Inherited      bool           `json:"inherited"`
76}
77
78func (dto *DashboardAclInfoDTO) hasSameRoleAs(other *DashboardAclInfoDTO) bool {
79	if dto.Role == nil || other.Role == nil {
80		return false
81	}
82
83	return dto.UserId <= 0 && dto.TeamId <= 0 && dto.UserId == other.UserId && dto.TeamId == other.TeamId && *dto.Role == *other.Role
84}
85
86func (dto *DashboardAclInfoDTO) hasSameUserAs(other *DashboardAclInfoDTO) bool {
87	return dto.UserId > 0 && dto.UserId == other.UserId
88}
89
90func (dto *DashboardAclInfoDTO) hasSameTeamAs(other *DashboardAclInfoDTO) bool {
91	return dto.TeamId > 0 && dto.TeamId == other.TeamId
92}
93
94// IsDuplicateOf returns true if other item has same role, same user or same team
95func (dto *DashboardAclInfoDTO) IsDuplicateOf(other *DashboardAclInfoDTO) bool {
96	return dto.hasSameRoleAs(other) || dto.hasSameUserAs(other) || dto.hasSameTeamAs(other)
97}
98
99//
100// QUERIES
101//
102type GetDashboardAclInfoListQuery struct {
103	DashboardID int64
104	OrgID       int64
105	Result      []*DashboardAclInfoDTO
106}
107