IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-29 20:24:18 -06:00
Code Issues Packages Projects Releases Wiki Activity
d13488a435
grafana/pkg/middleware/auth.go

244 lines
6.1 KiB
Go
Raw Normal View History

macaron transition progress
2014-10-05 14:13:01 -05:00
package middleware
import (
Auth: Allow soft token revocation (#31601) * Add revoked_at field to user auth token to allow soft revokes * Allow soft token revocations * Update token revocations and tests * Return error info on revokedTokenErr * Override session cookie only when no revokedErr nor API request * Display modal on revoked token error * Feedback: Refactor TokenRevokedModal to FC * Add GetUserRevokedTokens into UserTokenService * Backendsrv: adds tests and refactors soft token path * Apply feedback * Write redirect cookie on token revoked error * Update TokenRevokedModal style * Return meaningful error info * Some UI changes * Update backend_srv tests * Minor style fix on backend_srv tests * Replace deprecated method usage to publish events * Fix backend_srv tests * Apply suggestions from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Minor style fix after PR suggestion commit * Apply suggestions from code review Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> * Prettier fixes Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-03-16 11:44:02 -05:00
"errors"
AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705) * API: Add reqSignedIn to router groups * AuthN: Add fall through in context handler * AuthN: Add IsAnonymous field * AuthN: add priority to context aware clients * ContextHandler: Add comment * AuthN: Add a simple priority queue * AuthN: Add Name to client interface * AuthN: register clients with function * AuthN: update mock and fake to implement interface * AuthN: rewrite test without reflection * AuthN: add comment * AuthN: fix queue insert * AuthN: rewrite tests * AuthN: make the queue generic so we can reuse it for hooks * ContextHandler: Add fixme for auth headers * AuthN: remove unused variable * AuthN: use multierror * AuthN: write proper tests for queue * AuthN: Add queue item that can store the value and priority Co-authored-by: Jo <joao.guerreiro@grafana.com>
2023-01-26 03:50:44 -06:00
"net/http"
Worked on login remember cookie, and redirect after login
2015-01-27 05:05:23 -06:00
"net/url"
Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) * Login: Fixes issue where url parameters where modified by golang url code * Add tests * Fix test cases * Update pkg/middleware/auth_test.go Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com> * fixed formatting Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
2020-11-20 12:30:37 -06:00
"regexp"
Auth: Fix POST request failures with anonymous access (#26049) Macaron context.QueryBool() seems to modify the request context that causes the POST and PUT requests to fail with: "http: proxy error: net/http: HTTP/1.x transport connection broken: http: ContentLength=333 with Body length 0"
2020-07-06 07:59:00 -05:00
"strconv"
add Token authentication support Added CRUD methods for Tokens. Extend Auth Handler to check for the presence of a Bearer Authorization header to authenticate against. If there is no header, or the token is not valid, the Auth Handler falls back to looking for a Session.
2015-01-14 02:33:34 -06:00
"strings"
Progress on account and dashboard save/load
2014-11-20 08:19:44 -06:00
chore: remove sqlstore & mockstore dependencies from (most) packages (#57087) * chore: add alias for InitTestDB and Session Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store. * next pass of removing sqlstore imports * last little bit * remove mockstore where possible
2022-10-19 08:02:15 -05:00
"github.com/grafana/grafana/pkg/infra/db"
Move middleware context handler logic to service (#29605) * middleware: Move context handler to own service Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-12-11 04:44:44 -06:00
"github.com/grafana/grafana/pkg/middleware/cookies"
Plugins Catalog: Only allow admins to access plugins catalog (#57101) * feat(plugins-catalog): only allow admins to access plugins catalog routes * add backend check * fix(plugins-catalog): update route role access to include server admins Co-authored-by: Will Browne <will.browne@grafana.com>
2022-11-30 02:41:28 -06:00
"github.com/grafana/grafana/pkg/plugins"
Auth: Refactor auth package (#58920) * Auth: move interface to its own file * Auth: move to test package * Auth: move quota consts to auth file * Auth: move service to impl package * Auth: move interfaces and related models to auth package * Auth: Create sub package and type alias to avoid circular dependency
2022-11-18 02:56:06 -06:00
"github.com/grafana/grafana/pkg/services/auth"
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
sqlstore split: dashboard permissions (#49962) * backend/sqlstore split: remove unused GetDashboardPermissionsForUser from sqlstore * remove debugging line * backend/sqlstore: move dashboard permission related functions to dashboard service
2022-06-01 13:16:26 -05:00
"github.com/grafana/grafana/pkg/services/dashboards"
Chore: Remove folders from models pkg (#61853)
2023-01-25 02:14:32 -06:00
"github.com/grafana/grafana/pkg/services/folder"
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
"github.com/grafana/grafana/pkg/services/org"
Chore: Switch over to team.Service instead of sqlstore (#55497) * switch to using team service * trying to fix tests * more tests to fix * add missing teamtest package
2022-09-20 11:58:04 -05:00
"github.com/grafana/grafana/pkg/services/team"
Changed go package path
2015-02-05 03:37:13 -06:00
"github.com/grafana/grafana/pkg/setting"
Chore: replace macaron with web package (#40136) * replace macaron with web package * add web.go
2021-10-11 07:30:59 -05:00
"github.com/grafana/grafana/pkg/web"
macaron transition progress
2014-10-05 14:13:01 -05:00
)
Refactoring of auth middleware, and starting work on account admin
2015-01-15 05:16:54 -06:00
type AuthOptions struct {
Big refactoring for context.User, and how current user info is fetching, now included collaborator role
2015-01-16 07:32:18 -06:00
ReqGrafanaAdmin bool
ReqSignedIn bool
Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516) * Profile: Fixes profile preferences page being available when anonymous access was enabled * Minor change * Renamed property
2021-02-27 11:04:28 -06:00
ReqNoAnonynmous bool
Refactoring of auth middleware, and starting work on account admin
2015-01-15 05:16:54 -06:00
}
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
func accessForbidden(c *contextmodel.ReqContext) {
Refactoring of api routes
2015-01-14 07:25:12 -06:00
if c.IsApiRequest() {
fix(api auth): return 401 for authentication errors and 403 for access denied errors, fixes #2693
2015-09-08 03:46:31 -05:00
c.JsonApiErr(403, "Permission denied", nil)
return
}
redirect "permission denied" requests to "/" (#10773)
2018-02-05 11:17:47 -06:00
c.Redirect(setting.AppSubUrl + "/")
fix(api auth): return 401 for authentication errors and 403 for access denied errors, fixes #2693
2015-09-08 03:46:31 -05:00
}
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
func notAuthorized(c *contextmodel.ReqContext) {
fix(api auth): return 401 for authentication errors and 403 for access denied errors, fixes #2693
2015-09-08 03:46:31 -05:00
if c.IsApiRequest() {
AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705) * API: Add reqSignedIn to router groups * AuthN: Add fall through in context handler * AuthN: Add IsAnonymous field * AuthN: add priority to context aware clients * ContextHandler: Add comment * AuthN: Add a simple priority queue * AuthN: Add Name to client interface * AuthN: register clients with function * AuthN: update mock and fake to implement interface * AuthN: rewrite test without reflection * AuthN: add comment * AuthN: fix queue insert * AuthN: rewrite tests * AuthN: make the queue generic so we can reuse it for hooks * ContextHandler: Add fixme for auth headers * AuthN: remove unused variable * AuthN: use multierror * AuthN: write proper tests for queue * AuthN: Add queue item that can store the value and priority Co-authored-by: Jo <joao.guerreiro@grafana.com>
2023-01-26 03:50:44 -06:00
c.WriteErrOrFallback(http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), c.LookupTokenErr)
Worked on login remember cookie, and redirect after login
2015-01-27 05:05:23 -06:00
return
Refactoring of api routes
2015-01-14 07:25:12 -06:00
}
Auth: Allow soft token revocation (#31601) * Add revoked_at field to user auth token to allow soft revokes * Allow soft token revocations * Update token revocations and tests * Return error info on revokedTokenErr * Override session cookie only when no revokedErr nor API request * Display modal on revoked token error * Feedback: Refactor TokenRevokedModal to FC * Add GetUserRevokedTokens into UserTokenService * Backendsrv: adds tests and refactors soft token path * Apply feedback * Write redirect cookie on token revoked error * Update TokenRevokedModal style * Return meaningful error info * Some UI changes * Update backend_srv tests * Minor style fix on backend_srv tests * Replace deprecated method usage to publish events * Fix backend_srv tests * Apply suggestions from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Minor style fix after PR suggestion commit * Apply suggestions from code review Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> * Prettier fixes Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-03-16 11:44:02 -05:00
writeRedirectCookie(c)
c.Redirect(setting.AppSubUrl + "/login")
}
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
func tokenRevoked(c *contextmodel.ReqContext, err *auth.TokenRevokedError) {
Auth: Allow soft token revocation (#31601) * Add revoked_at field to user auth token to allow soft revokes * Allow soft token revocations * Update token revocations and tests * Return error info on revokedTokenErr * Override session cookie only when no revokedErr nor API request * Display modal on revoked token error * Feedback: Refactor TokenRevokedModal to FC * Add GetUserRevokedTokens into UserTokenService * Backendsrv: adds tests and refactors soft token path * Apply feedback * Write redirect cookie on token revoked error * Update TokenRevokedModal style * Return meaningful error info * Some UI changes * Update backend_srv tests * Minor style fix on backend_srv tests * Replace deprecated method usage to publish events * Fix backend_srv tests * Apply suggestions from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Minor style fix after PR suggestion commit * Apply suggestions from code review Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> * Prettier fixes Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-03-16 11:44:02 -05:00
if c.IsApiRequest() {
c.JSON(401, map[string]interface{}{
"message": "Token revoked",
"error": map[string]interface{}{
"id": "ERR_TOKEN_REVOKED",
"maxConcurrentSessions": err.MaxConcurrentSessions,
},
})
return
}
writeRedirectCookie(c)
c.Redirect(setting.AppSubUrl + "/login")
}
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
func writeRedirectCookie(c *contextmodel.ReqContext) {
API: Fix redirect issues (#22285) * Revert "API: Fix redirect issue when configured to use a subpath (#21652)" (#22671) This reverts commit 0e2d874ecf9277dcc17d562e05271917efc8b595. * Fix redirect validation (#22675) * Chore: Add test for parse of app url and app sub url Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * Fix redirect: prepend subpath only if it's missing (#22676) * Validate redirect in login oauth (#22677) * Fix invalid redirect for authenticated user (#22678) * Login: Use correct path for OAuth logos Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-03-11 04:04:48 -05:00
redirectTo := c.Req.RequestURI
if setting.AppSubUrl != "" && !strings.HasPrefix(redirectTo, setting.AppSubUrl) {
redirectTo = setting.AppSubUrl + c.Req.RequestURI
}
mark redirect_to cookie as http only closes #10829
2018-02-15 03:56:29 -06:00
Auth: Write the redirect cookie if denied - do not write a blank redirect (#57381) * Write the redirect cookie if denied - do not write a blank redirect * Remove redundant code, reverse polarity
2022-10-21 09:53:17 -05:00
if redirectTo == "/" {
return
}
Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) * Login: Fixes issue where url parameters where modified by golang url code * Add tests * Fix test cases * Update pkg/middleware/auth_test.go Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com> * fixed formatting Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
2020-11-20 12:30:37 -06:00
// remove any forceLogin=true params
redirectTo = removeForceLoginParams(redirectTo)
Move middleware context handler logic to service (#29605) * middleware: Move context handler to own service Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-12-11 04:44:44 -06:00
cookies.WriteCookie(c.Resp, "redirect_to", url.QueryEscape(redirectTo), 0, nil)
macaron transition progress
2014-10-05 14:13:01 -05:00
}
Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) * Login: Fixes issue where url parameters where modified by golang url code * Add tests * Fix test cases * Update pkg/middleware/auth_test.go Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com> * fixed formatting Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
2020-11-20 12:30:37 -06:00
var forceLoginParamsRegexp = regexp.MustCompile(`&?forceLogin=true`)
func removeForceLoginParams(str string) string {
return forceLoginParamsRegexp.ReplaceAllString(str, "")
}
Cfg: Move ViewersCanEdit into cfg (#64876) move ViewersCanEdit into cfg
2023-03-16 04:54:01 -05:00
func EnsureEditorOrViewerCanEdit(cfg *setting.Cfg) func(c *contextmodel.ReqContext) {
return func(c *contextmodel.ReqContext) {
if !c.SignedInUser.HasRole(org.RoleEditor) && !cfg.ViewersCanEdit {
accessForbidden(c)
}
Viewers with viewers_can_edit should be able to access /explore (#15787) * fix: Viewers with viewers_can_edit should be able to access /explore #15773 * refactoring initial PR a bit to simplify function and reduce duplication
2019-03-05 05:41:01 -06:00
}
}
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
func CanAdminPlugins(cfg *setting.Cfg) func(c *contextmodel.ReqContext) {
return func(c *contextmodel.ReqContext) {
Plugins Catalog: Only allow admins to access plugins catalog (#57101) * feat(plugins-catalog): only allow admins to access plugins catalog routes * add backend check * fix(plugins-catalog): update route role access to include server admins Co-authored-by: Will Browne <will.browne@grafana.com>
2022-11-30 02:41:28 -06:00
if !plugins.ReqCanAdminPlugins(cfg)(c) {
accessForbidden(c)
return
}
}
}
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
func RoleAuth(roles ...org.RoleType) web.Handler {
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
return func(c *contextmodel.ReqContext) {
Role checking when saving dashboard, making sure that the user has owner or editor role
2015-01-16 08:28:44 -06:00
ok := false
for _, role := range roles {
Big Backend Refatoring: Renamed Account -> Org
2015-02-23 13:07:49 -06:00
if role == c.OrgRole {
Role checking when saving dashboard, making sure that the user has owner or editor role
2015-01-16 08:28:44 -06:00
ok = true
break
}
}
if !ok {
fix(api auth): return 401 for authentication errors and 403 for access denied errors, fixes #2693
2015-09-08 03:46:31 -05:00
accessForbidden(c)
Role checking when saving dashboard, making sure that the user has owner or editor role
2015-01-16 08:28:44 -06:00
}
}
}
Chore: replace macaron with web package (#40136) * replace macaron with web package * add web.go
2021-10-11 07:30:59 -05:00
func Auth(options *AuthOptions) web.Handler {
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
return func(c *contextmodel.ReqContext) {
Auth: Fix POST request failures with anonymous access (#26049) Macaron context.QueryBool() seems to modify the request context that causes the POST and PUT requests to fail with: "http: proxy error: net/http: HTTP/1.x transport connection broken: http: ContentLength=333 with Body length 0"
2020-07-06 07:59:00 -05:00
forceLogin := false
if c.AllowAnonymous {
Snapshots: Fix usage of sign in link from the snapshot page (#31986) Fix redirect to login page from snapshot page when not authenticated. Fixes #28547
2021-03-16 10:46:34 -05:00
forceLogin = shouldForceLogin(c)
Auth: Should redirect to login when anonymous enabled and URL with different org than anonymous specified (#28158) If anonymous access is enabled for an org and there are multiple orgs. When requesting a page that requires user to be logged in and orgId query string is set in the request url to an org not equal the anonymous org, if the user is not logged in should be redirected to the login page. Fixes #26120 Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
2020-10-23 09:34:35 -05:00
if !forceLogin {
orgIDValue := c.Req.URL.Query().Get("orgId")
orgID, err := strconv.ParseInt(orgIDValue, 10, 64)
Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343) * Chore: Add user service method SetUsingOrg * Chore: Add user service method GetSignedInUserWithCacheCtx * Use method GetSignedInUserWithCacheCtx from user service * Fix lint after rebase * Fix lint * Fix lint error * roll back some changes * Roll back changes in api and middleware * Add xorm tags to SignedInUser ID fields
2022-08-11 06:28:55 -05:00
if err == nil && orgID > 0 && orgID != c.OrgID {
Auth: Should redirect to login when anonymous enabled and URL with different org than anonymous specified (#28158) If anonymous access is enabled for an org and there are multiple orgs. When requesting a page that requires user to be logged in and orgId query string is set in the request url to an org not equal the anonymous org, if the user is not logged in should be redirected to the login page. Fixes #26120 Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
2020-10-23 09:34:35 -05:00
forceLogin = true
}
}
Auth: Fix POST request failures with anonymous access (#26049) Macaron context.QueryBool() seems to modify the request context that causes the POST and PUT requests to fail with: "http: proxy error: net/http: HTTP/1.x transport connection broken: http: ContentLength=333 with Body length 0"
2020-07-06 07:59:00 -05:00
}
Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516) * Profile: Fixes profile preferences page being available when anonymous access was enabled * Minor change * Renamed property
2021-02-27 11:04:28 -06:00
requireLogin := !c.AllowAnonymous || forceLogin || options.ReqNoAnonynmous
Auth: Add support for forcing authentication in anonymous mode and modify SignIn to use it instead of redirect (#25567) * Forbid additional redirect urls * Optionally force login in anonymous mode * Update LoginCtrl page to ignore redirect parameter * Modify SignIn to set forceLogin query instead of redirect * Pass appUrl to frontend and use URL API for updating url query * Apply suggestions from code review Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix SignIn test Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-06-16 08:33:44 -05:00
if !c.IsSignedIn && options.ReqSignedIn && requireLogin {
Auth: Refactor auth package (#58920) * Auth: move interface to its own file * Auth: move to test package * Auth: move quota consts to auth file * Auth: move service to impl package * Auth: move interfaces and related models to auth package * Auth: Create sub package and type alias to avoid circular dependency
2022-11-18 02:56:06 -06:00
var revokedErr *auth.TokenRevokedError
Chore: Remove untyped data map from macaron context (#39077)
2021-09-13 08:41:03 -05:00
if errors.As(c.LookupTokenErr, &revokedErr) {
Auth: Allow soft token revocation (#31601) * Add revoked_at field to user auth token to allow soft revokes * Allow soft token revocations * Update token revocations and tests * Return error info on revokedTokenErr * Override session cookie only when no revokedErr nor API request * Display modal on revoked token error * Feedback: Refactor TokenRevokedModal to FC * Add GetUserRevokedTokens into UserTokenService * Backendsrv: adds tests and refactors soft token path * Apply feedback * Write redirect cookie on token revoked error * Update TokenRevokedModal style * Return meaningful error info * Some UI changes * Update backend_srv tests * Minor style fix on backend_srv tests * Replace deprecated method usage to publish events * Fix backend_srv tests * Apply suggestions from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Minor style fix after PR suggestion commit * Apply suggestions from code review Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> * Prettier fixes Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-03-16 11:44:02 -05:00
tokenRevoked(c, revokedErr)
return
}
fix(api auth): return 401 for authentication errors and 403 for access denied errors, fixes #2693
2015-09-08 03:46:31 -05:00
notAuthorized(c)
Refactoring of auth middleware, and starting work on account admin
2015-01-15 05:16:54 -06:00
return
}
add Token authentication support Added CRUD methods for Tokens. Extend Auth Handler to check for the presence of a Bearer Authorization header to authenticate against. If there is no header, or the token is not valid, the Auth Handler falls back to looking for a Session.
2015-01-14 02:33:34 -06:00
fix(api auth): return 401 for authentication errors and 403 for access denied errors, fixes #2693
2015-09-08 03:46:31 -05:00
if !c.IsGrafanaAdmin && options.ReqGrafanaAdmin {
accessForbidden(c)
Refactoring of auth middleware, and starting work on account admin
2015-01-15 05:16:54 -06:00
return
add Token authentication support Added CRUD methods for Tokens. Extend Auth Handler to check for the presence of a Bearer Authorization header to authenticate against. If there is no header, or the token is not valid, the Auth Handler falls back to looking for a Session.
2015-01-14 02:33:34 -06:00
}
macaron transition progress
2014-10-05 14:13:01 -05:00
}
}
teams: editors can work with teams.
2019-03-06 03:27:38 -06:00
Security: Sync security changes on main (#45083) * * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>
2022-02-09 06:44:38 -06:00
// AdminOrEditorAndFeatureEnabled creates a middleware that allows
// access if the signed in user is either an Org Admin or if they
// are an Org Editor and the feature flag is enabled.
teams: better names for api permissions.
2019-03-14 04:02:46 -05:00
// Intended for when feature flags open up access to APIs that
// are otherwise only available to admins.
Security: Sync security changes on main (#45083) * * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>
2022-02-09 06:44:38 -06:00
func AdminOrEditorAndFeatureEnabled(enabled bool) web.Handler {
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
return func(c *contextmodel.ReqContext) {
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
if c.OrgRole == org.RoleAdmin {
teams: viewers and editors can view teams
2019-03-13 04:38:09 -05:00
return
teams: editors can work with teams.
2019-03-06 03:27:38 -06:00
}
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
if c.OrgRole == org.RoleEditor && enabled {
Security: Sync security changes on main (#45083) * * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>
2022-02-09 06:44:38 -06:00
return
teams: editors can work with teams.
2019-03-06 03:27:38 -06:00
}
Security: Sync security changes on main (#45083) * * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>
2022-02-09 06:44:38 -06:00
accessForbidden(c)
teams: editors can work with teams.
2019-03-06 03:27:38 -06:00
}
}
Snapshot: Fix http api (#18830) (cherry picked from commit be2e2330f5c1f92082841d7eb13c5583143963a4)
2019-09-02 08:15:46 -05:00
Snapshots: Disallow anonymous user to create snapshots (#31263)
2021-02-17 02:51:50 -06:00
// SnapshotPublicModeOrSignedIn creates a middleware that allows access
// if snapshot public mode is enabled or if user is signed in.
Chore: replace macaron with web package (#40136) * replace macaron with web package * add web.go
2021-10-11 07:30:59 -05:00
func SnapshotPublicModeOrSignedIn(cfg *setting.Cfg) web.Handler {
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
return func(c *contextmodel.ReqContext) {
Move middleware context handler logic to service (#29605) * middleware: Move context handler to own service Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-12-11 04:44:44 -06:00
if cfg.SnapshotPublicMode {
Snapshot: Fix http api (#18830) (cherry picked from commit be2e2330f5c1f92082841d7eb13c5583143963a4)
2019-09-02 08:15:46 -05:00
return
}
Snapshots: Disallow anonymous user to create snapshots (#31263)
2021-02-17 02:51:50 -06:00
if !c.IsSignedIn {
notAuthorized(c)
return
Snapshot: Fix http api (#18830) (cherry picked from commit be2e2330f5c1f92082841d7eb13c5583143963a4)
2019-09-02 08:15:46 -05:00
}
}
}
Snapshots: Fix usage of sign in link from the snapshot page (#31986) Fix redirect to login page from snapshot page when not authenticated. Fixes #28547
2021-03-16 10:46:34 -05:00
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
func ReqNotSignedIn(c *contextmodel.ReqContext) {
Login: Require user to not be signed in to get request password email (#35421)
2021-06-14 11:02:05 -05:00
if c.IsSignedIn {
c.Redirect(setting.AppSubUrl + "/")
}
}
Snapshots: Fix usage of sign in link from the snapshot page (#31986) Fix redirect to login page from snapshot page when not authenticated. Fixes #28547
2021-03-16 10:46:34 -05:00
// NoAuth creates a middleware that doesn't require any authentication.
// If forceLogin param is set it will redirect the user to the login page.
Chore: replace macaron with web package (#40136) * replace macaron with web package * add web.go
2021-10-11 07:30:59 -05:00
func NoAuth() web.Handler {
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
return func(c *contextmodel.ReqContext) {
Snapshots: Fix usage of sign in link from the snapshot page (#31986) Fix redirect to login page from snapshot page when not authenticated. Fixes #28547
2021-03-16 10:46:34 -05:00
if shouldForceLogin(c) {
notAuthorized(c)
return
}
}
}
// shouldForceLogin checks if user should be enforced to login.
// Returns true if forceLogin parameter is set.
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
func shouldForceLogin(c *contextmodel.ReqContext) bool {
Snapshots: Fix usage of sign in link from the snapshot page (#31986) Fix redirect to login page from snapshot page when not authenticated. Fixes #28547
2021-03-16 10:46:34 -05:00
forceLogin := false
forceLoginParam, err := strconv.ParseBool(c.Req.URL.Query().Get("forceLogin"))
if err == nil {
forceLogin = forceLoginParam
}
return forceLogin
}
AccessControl: Protect org users lookup (#38981) * Move legacy accesscontrol to middleware layer * Remove bus usage for this endpoint * Add tests for legacy accesscontrol * Fix tests for org user and remove one more bus usage * Added test for FolderAdmin as suggested in the review
2021-09-17 02:19:36 -05:00
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 01:50:36 -06:00
func OrgAdminDashOrFolderAdminOrTeamAdmin(ss db.DB, ds dashboards.DashboardService, ts team.Service) func(c *contextmodel.ReqContext) {
return func(c *contextmodel.ReqContext) {
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
if c.OrgRole == org.RoleAdmin {
Chore: Remove x from health, alert notification, dashboard, stats, user (#45265) * Chore: Remove x from health * Chore: Remove x from dashboard and user * Chore: Remove x from alert notification * Chore: Remove x from stats * Fix: Update func signature in stats test * Refactor: Remove x from GetDashboardTags * Chore: Remove x from dashboard * Chore: Remove x from Stats * Fix: Update refs of HasAdminPermissionInFolders * Fix: Adjust funcs in tests to be sqlStore methods * Fix: Fix database folder test sqlstore methods
2022-02-17 09:59:09 -06:00
return
}
AccessControl: Protect org users lookup (#38981) * Move legacy accesscontrol to middleware layer * Remove bus usage for this endpoint * Add tests for legacy accesscontrol * Fix tests for org user and remove one more bus usage * Added test for FolderAdmin as suggested in the review
2021-09-17 02:19:36 -05:00
Chore: Remove folders from models pkg (#61853)
2023-01-25 02:14:32 -06:00
hasAdminPermissionInDashOrFoldersQuery := folder.HasAdminPermissionInDashboardsOrFoldersQuery{SignedInUser: c.SignedInUser}
hasAdminPermissionInDashOrFoldersQueryResult, err := ds.HasAdminPermissionInDashboardsOrFolders(c.Req.Context(), &hasAdminPermissionInDashOrFoldersQuery)
if err != nil {
Chore: Remove x from health, alert notification, dashboard, stats, user (#45265) * Chore: Remove x from health * Chore: Remove x from dashboard and user * Chore: Remove x from alert notification * Chore: Remove x from stats * Fix: Update func signature in stats test * Refactor: Remove x from GetDashboardTags * Chore: Remove x from dashboard * Chore: Remove x from Stats * Fix: Update refs of HasAdminPermissionInFolders * Fix: Adjust funcs in tests to be sqlStore methods * Fix: Fix database folder test sqlstore methods
2022-02-17 09:59:09 -06:00
c.JsonApiErr(500, "Failed to check if user is a folder admin", err)
}
AccessControl: Protect org users lookup (#38981) * Move legacy accesscontrol to middleware layer * Remove bus usage for this endpoint * Add tests for legacy accesscontrol * Fix tests for org user and remove one more bus usage * Added test for FolderAdmin as suggested in the review
2021-09-17 02:19:36 -05:00
Chore: Remove folders from models pkg (#61853)
2023-01-25 02:14:32 -06:00
if hasAdminPermissionInDashOrFoldersQueryResult {
Chore: Remove x from health, alert notification, dashboard, stats, user (#45265) * Chore: Remove x from health * Chore: Remove x from dashboard and user * Chore: Remove x from alert notification * Chore: Remove x from stats * Fix: Update func signature in stats test * Refactor: Remove x from GetDashboardTags * Chore: Remove x from dashboard * Chore: Remove x from Stats * Fix: Update refs of HasAdminPermissionInFolders * Fix: Adjust funcs in tests to be sqlStore methods * Fix: Fix database folder test sqlstore methods
2022-02-17 09:59:09 -06:00
return
}
AccessControl: Protect org users lookup (#38981) * Move legacy accesscontrol to middleware layer * Remove bus usage for this endpoint * Add tests for legacy accesscontrol * Fix tests for org user and remove one more bus usage * Added test for FolderAdmin as suggested in the review
2021-09-17 02:19:36 -05:00
Chore: Move team models to models pkg (#61262) * Chore: Move team models to models pkg * Fix ACL tests * More ACL tests * Change Id to ID in conflict user command test * Remove team from models * Fix ac test lint
2023-01-11 07:20:09 -06:00
isAdminOfTeamsQuery := team.IsAdminOfTeamsQuery{SignedInUser: c.SignedInUser}
isAdminOfTeamsQueryResult, err := ts.IsAdminOfTeams(c.Req.Context(), &isAdminOfTeamsQuery)
if err != nil {
Chore: Remove x from health, alert notification, dashboard, stats, user (#45265) * Chore: Remove x from health * Chore: Remove x from dashboard and user * Chore: Remove x from alert notification * Chore: Remove x from stats * Fix: Update func signature in stats test * Refactor: Remove x from GetDashboardTags * Chore: Remove x from dashboard * Chore: Remove x from Stats * Fix: Update refs of HasAdminPermissionInFolders * Fix: Adjust funcs in tests to be sqlStore methods * Fix: Fix database folder test sqlstore methods
2022-02-17 09:59:09 -06:00
c.JsonApiErr(500, "Failed to check if user is a team admin", err)
}
AccessControl: Protect org users lookup (#38981) * Move legacy accesscontrol to middleware layer * Remove bus usage for this endpoint * Add tests for legacy accesscontrol * Fix tests for org user and remove one more bus usage * Added test for FolderAdmin as suggested in the review
2021-09-17 02:19:36 -05:00
Chore: Move team models to models pkg (#61262) * Chore: Move team models to models pkg * Fix ACL tests * More ACL tests * Change Id to ID in conflict user command test * Remove team from models * Fix ac test lint
2023-01-11 07:20:09 -06:00
if isAdminOfTeamsQueryResult {
Chore: Remove x from health, alert notification, dashboard, stats, user (#45265) * Chore: Remove x from health * Chore: Remove x from dashboard and user * Chore: Remove x from alert notification * Chore: Remove x from stats * Fix: Update func signature in stats test * Refactor: Remove x from GetDashboardTags * Chore: Remove x from dashboard * Chore: Remove x from Stats * Fix: Update refs of HasAdminPermissionInFolders * Fix: Adjust funcs in tests to be sqlStore methods * Fix: Fix database folder test sqlstore methods
2022-02-17 09:59:09 -06:00
return
}
AccessControl: Protect org users lookup (#38981) * Move legacy accesscontrol to middleware layer * Remove bus usage for this endpoint * Add tests for legacy accesscontrol * Fix tests for org user and remove one more bus usage * Added test for FolderAdmin as suggested in the review
2021-09-17 02:19:36 -05:00
Chore: Remove x from health, alert notification, dashboard, stats, user (#45265) * Chore: Remove x from health * Chore: Remove x from dashboard and user * Chore: Remove x from alert notification * Chore: Remove x from stats * Fix: Update func signature in stats test * Refactor: Remove x from GetDashboardTags * Chore: Remove x from dashboard * Chore: Remove x from Stats * Fix: Update refs of HasAdminPermissionInFolders * Fix: Adjust funcs in tests to be sqlStore methods * Fix: Fix database folder test sqlstore methods
2022-02-17 09:59:09 -06:00
accessForbidden(c)
}
AccessControl: Protect org users lookup (#38981) * Move legacy accesscontrol to middleware layer * Remove bus usage for this endpoint * Add tests for legacy accesscontrol * Fix tests for org user and remove one more bus usage * Added test for FolderAdmin as suggested in the review
2021-09-17 02:19:36 -05:00
}
Reference in New Issue Copy Permalink