From 06089fcd9240fc0b96df2e842bc5271ba4074134 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Wed, 4 May 2022 15:37:41 +0200
Subject: dashboard/app: open graph pages

Show graph pages to users who have access to the bugs themselves.
---
 dashboard/app/access_test.go | 48 ++++++++++++++++++++++++++++++++++++++++++++
 dashboard/app/graphs.go      | 26 +++++++++---------------
 dashboard/app/templates.html |  2 --
 3 files changed, 58 insertions(+), 18 deletions(-)

diff --git a/dashboard/app/access_test.go b/dashboard/app/access_test.go
index 473a90f15..8bf03c2ba 100644
--- a/dashboard/app/access_test.go
+++ b/dashboard/app/access_test.go
@@ -71,6 +71,22 @@ func TestAccess(t *testing.T) {
 			level: AccessPublic,
 			url:   "/access-public/invalid",
 		},
+		{
+			level: AccessPublic,
+			url:   "/access-public/graph/bugs",
+		},
+		{
+			level: AccessPublic,
+			url:   "/access-public/graph/lifetimes",
+		},
+		{
+			level: AccessPublic,
+			url:   "/access-public/graph/fuzzing",
+		},
+		{
+			level: AccessPublic,
+			url:   "/access-public/graph/crashes",
+		},
 		{
 			level: AccessUser,
 			url:   "/access-user",
@@ -83,6 +99,22 @@ func TestAccess(t *testing.T) {
 			level: AccessUser,
 			url:   "/access-user/invalid",
 		},
+		{
+			level: AccessUser,
+			url:   "/access-user/graph/bugs",
+		},
+		{
+			level: AccessUser,
+			url:   "/access-user/graph/lifetimes",
+		},
+		{
+			level: AccessUser,
+			url:   "/access-user/graph/fuzzing",
+		},
+		{
+			level: AccessUser,
+			url:   "/access-user/graph/crashes",
+		},
 		{
 			level: AccessAdmin,
 			url:   "/access-admin",
@@ -95,6 +127,22 @@ func TestAccess(t *testing.T) {
 			level: AccessAdmin,
 			url:   "/access-admin/invalid",
 		},
+		{
+			level: AccessAdmin,
+			url:   "/access-admin/graph/bugs",
+		},
+		{
+			level: AccessAdmin,
+			url:   "/access-admin/graph/lifetimes",
+		},
+		{
+			level: AccessAdmin,
+			url:   "/access-admin/graph/fuzzing",
+		},
+		{
+			level: AccessAdmin,
+			url:   "/access-admin/graph/crashes",
+		},
 		{
 			// Any references to namespace, reporting, links, etc.
 			level: AccessUser,
diff --git a/dashboard/app/graphs.go b/dashboard/app/graphs.go
index fe0f5edbf..4c31f3857 100644
--- a/dashboard/app/graphs.go
+++ b/dashboard/app/graphs.go
@@ -109,10 +109,6 @@ type uiMultiInput struct {
 
 // nolint: dupl
 func handleKernelHealthGraph(c context.Context, w http.ResponseWriter, r *http.Request) error {
-	accessLevel := accessLevel(c, r)
-	if accessLevel != AccessAdmin {
-		return ErrAccess
-	}
 	hdr, err := commonHeader(c, r, w, "")
 	if err != nil {
 		return err
@@ -130,10 +126,6 @@ func handleKernelHealthGraph(c context.Context, w http.ResponseWriter, r *http.R
 
 // nolint: dupl
 func handleGraphLifetimes(c context.Context, w http.ResponseWriter, r *http.Request) error {
-	accessLevel := accessLevel(c, r)
-	if accessLevel != AccessAdmin {
-		return ErrAccess
-	}
 	hdr, err := commonHeader(c, r, w, "")
 	if err != nil {
 		return err
@@ -303,10 +295,6 @@ func createBugLifetimes(c context.Context, bugs []*Bug, causeBisects map[string]
 }
 
 func handleGraphFuzzing(c context.Context, w http.ResponseWriter, r *http.Request) error {
-	accessLevel := accessLevel(c, r)
-	if accessLevel != AccessAdmin {
-		return ErrAccess
-	}
 	hdr, err := commonHeader(c, r, w, "")
 	if err != nil {
 		return err
@@ -485,10 +473,6 @@ func createMultiInput(r *http.Request, id, caption string) *uiMultiInput {
 }
 
 func handleGraphCrashes(c context.Context, w http.ResponseWriter, r *http.Request) error {
-	accessLevel := accessLevel(c, r)
-	if accessLevel != AccessAdmin {
-		return ErrAccess
-	}
 	hdr, err := commonHeader(c, r, w, "")
 	if err != nil {
 		return err
@@ -508,6 +492,16 @@ func handleGraphCrashes(c context.Context, w http.ResponseWriter, r *http.Reques
 	if err != nil {
 		return err
 	}
+	accessLevel := accessLevel(c, r)
+	nbugs := 0
+	for _, bug := range bugs {
+		if accessLevel < bug.sanitizeAccess(accessLevel) {
+			continue
+		}
+		bugs[nbugs] = bug
+		nbugs++
+	}
+	bugs = bugs[:nbugs]
 	if len(data.Regexps.Vals) == 0 {
 		// If no data is passed, then at least show the graph for important crash types.
 		data.Regexps.Vals = []string{"^KASAN", "^KMSAN", "^KCSAN", "^SYZFAIL"}
diff --git a/dashboard/app/templates.html b/dashboard/app/templates.html
index f0165503d..414fe0c50 100644
--- a/dashboard/app/templates.html
+++ b/dashboard/app/templates.html
@@ -63,7 +63,6 @@ Use of this source code is governed by Apache 2 LICENSE that can be found in the
 						<span style="color:ForestGreen;">🐞</span> Fixed [{{$.Cached.Fixed}}]</a>
 					<a class="navigation_tab{{if eq .URLPath (printf "/%v/invalid" $.Namespace)}}_selected{{end}}" href='/{{$.Namespace}}/invalid'>
 						<span style="color:RoyalBlue;">🐞</span> Invalid [{{$.Cached.Invalid}}]</a>
-					{{if .Admin}}
 					<a class="navigation_tab{{if eq .URLPath (printf "/%v/graph/bugs" $.Namespace)}}_selected{{end}}" href='/{{$.Namespace}}/graph/bugs'>
 						<span style="color:DarkOrange;">📈</span> Kernel Health</a>
 					<a class="navigation_tab{{if eq .URLPath (printf "/%v/graph/lifetimes" $.Namespace)}}_selected{{end}}" href='/{{$.Namespace}}/graph/lifetimes'>
@@ -72,7 +71,6 @@ Use of this source code is governed by Apache 2 LICENSE that can be found in the
 					  <span style="color:DarkOrange;">📈</span> Fuzzing</a>
 					<a class="navigation_tab{{if eq .URLPath (printf "/%v/graph/crashes" $.Namespace)}}_selected{{end}}" href='/{{$.Namespace}}/graph/crashes'>
 						<span style="color:DarkOrange;">📈</span> Crashes</a> 
-					{{end}}
 				</td>
 			</tr>
 		</table>
-- 
cgit mrf-deployment