diff --git a/pkg/api/dashboard.go b/pkg/api/dashboard.go index ffb0f0098bc..84fc103a2d2 100644 --- a/pkg/api/dashboard.go +++ b/pkg/api/dashboard.go @@ -396,8 +396,9 @@ func (hs *HTTPServer) postDashboard(c *models.ReqContext, cmd models.SaveDashboa cmd.UserId = c.UserID if cmd.FolderUid != "" { folder, err := hs.folderService.Get(ctx, &folder.GetFolderQuery{ - OrgID: c.OrgID, - UID: &cmd.FolderUid, + OrgID: c.OrgID, + UID: &cmd.FolderUid, + SignedInUser: c.SignedInUser, }) if err != nil { if errors.Is(err, dashboards.ErrFolderNotFound) { diff --git a/pkg/api/folder.go b/pkg/api/folder.go index 4373bb2d54f..78544cacedf 100644 --- a/pkg/api/folder.go +++ b/pkg/api/folder.go @@ -68,7 +68,7 @@ func (hs *HTTPServer) GetFolders(c *models.ReqContext) response.Response { // 500: internalServerError func (hs *HTTPServer) GetFolderByUID(c *models.ReqContext) response.Response { uid := web.Params(c.Req)[":uid"] - folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: &uid}) + folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: &uid, SignedInUser: c.SignedInUser}) if err != nil { return apierrors.ToFolderErrorResponse(err) } @@ -94,7 +94,7 @@ func (hs *HTTPServer) GetFolderByID(c *models.ReqContext) response.Response { if err != nil { return response.Error(http.StatusBadRequest, "id is invalid", err) } - folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{ID: &id, OrgID: c.OrgID}) + folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{ID: &id, OrgID: c.OrgID, SignedInUser: c.SignedInUser}) if err != nil { return apierrors.ToFolderErrorResponse(err) } @@ -122,6 +122,7 @@ func (hs *HTTPServer) CreateFolder(c *models.ReqContext) response.Response { return response.Error(http.StatusBadRequest, "bad request data", err) } cmd.OrgID = c.OrgID + cmd.SignedInUser = c.SignedInUser folder, err := hs.folderService.Create(c.Req.Context(), &cmd) if err != nil { diff --git a/pkg/api/folder_permission.go b/pkg/api/folder_permission.go index 555d1a67c8e..09ccd441e11 100644 --- a/pkg/api/folder_permission.go +++ b/pkg/api/folder_permission.go @@ -28,7 +28,7 @@ import ( // 500: internalServerError func (hs *HTTPServer) GetFolderPermissionList(c *models.ReqContext) response.Response { uid := web.Params(c.Req)[":uid"] - folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: &uid}) + folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: &uid, SignedInUser: c.SignedInUser}) if err != nil { return apierrors.ToFolderErrorResponse(err) @@ -90,7 +90,7 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *models.ReqContext) response.Res } uid := web.Params(c.Req)[":uid"] - folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: &uid}) + folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: &uid, SignedInUser: c.SignedInUser}) if err != nil { return apierrors.ToFolderErrorResponse(err) } diff --git a/pkg/services/dashboardimport/service/service.go b/pkg/services/dashboardimport/service/service.go index 0b345d21886..1178654d299 100644 --- a/pkg/services/dashboardimport/service/service.go +++ b/pkg/services/dashboardimport/service/service.go @@ -86,15 +86,20 @@ func (s *ImportDashboardService) ImportDashboard(ctx context.Context, req *dashb // here we need to get FolderId from FolderUID if it present in the request, if both exist, FolderUID would overwrite FolderID if req.FolderUid != "" { folder, err := s.folderService.Get(ctx, &folder.GetFolderQuery{ - OrgID: req.User.OrgID, - UID: &req.FolderUid, + OrgID: req.User.OrgID, + UID: &req.FolderUid, + SignedInUser: req.User, }) if err != nil { return nil, err } req.FolderId = folder.ID } else { - folder, err := s.folderService.Get(ctx, &folder.GetFolderQuery{ID: &req.FolderId, OrgID: req.User.OrgID}) + folder, err := s.folderService.Get(ctx, &folder.GetFolderQuery{ + ID: &req.FolderId, + OrgID: req.User.OrgID, + SignedInUser: req.User, + }) if err != nil { return nil, err } diff --git a/pkg/services/folder/folderimpl/folder.go b/pkg/services/folder/folderimpl/folder.go index 61aa379b549..02f16b4b775 100644 --- a/pkg/services/folder/folderimpl/folder.go +++ b/pkg/services/folder/folderimpl/folder.go @@ -93,13 +93,12 @@ func (s *Service) DBMigration(db db.DB) { } func (s *Service) Get(ctx context.Context, cmd *folder.GetFolderQuery) (*folder.Folder, error) { - user, err := appcontext.User(ctx) - if err != nil { - return nil, err + if cmd.SignedInUser == nil { + return nil, folder.ErrBadRequest.Errorf("missing signed in user") } if s.cfg.IsFeatureToggleEnabled(featuremgmt.FlagNestedFolders) { - if ok, err := s.accessControl.Evaluate(ctx, user, accesscontrol.EvalPermission( + if ok, err := s.accessControl.Evaluate(ctx, cmd.SignedInUser, accesscontrol.EvalPermission( dashboards.ActionFoldersRead, dashboards.ScopeFoldersProvider.GetResourceScopeUID(*cmd.UID), )); !ok { if err != nil { @@ -112,11 +111,11 @@ func (s *Service) Get(ctx context.Context, cmd *folder.GetFolderQuery) (*folder. switch { case cmd.UID != nil: - return s.getFolderByUID(ctx, user, cmd.OrgID, *cmd.UID) + return s.getFolderByUID(ctx, cmd.SignedInUser, cmd.OrgID, *cmd.UID) case cmd.ID != nil: - return s.getFolderByID(ctx, user, *cmd.ID, cmd.OrgID) + return s.getFolderByID(ctx, cmd.SignedInUser, *cmd.ID, cmd.OrgID) case cmd.Title != nil: - return s.getFolderByTitle(ctx, user, cmd.OrgID, *cmd.Title) + return s.getFolderByTitle(ctx, cmd.SignedInUser, cmd.OrgID, *cmd.Title) default: return nil, folder.ErrBadRequest.Errorf("either on of UID, ID, Title fields must be present") } @@ -217,10 +216,10 @@ func (s *Service) Create(ctx context.Context, cmd *folder.CreateFolderCommand) ( dashFolder.SetUid(trimmedUID) - user, err := appcontext.User(ctx) - if err != nil { - return nil, err + if cmd.SignedInUser == nil { + return nil, folder.ErrBadRequest.Errorf("missing signed in user") } + user := cmd.SignedInUser userID := user.UserID if userID == 0 { userID = -1 @@ -433,9 +432,14 @@ func (s *Service) DeleteFolder(ctx context.Context, cmd *folder.DeleteFolderComm } func (s *Service) Move(ctx context.Context, cmd *folder.MoveFolderCommand) (*folder.Folder, error) { + if cmd.SignedInUser == nil { + return nil, folder.ErrBadRequest.Errorf("missing signed in user") + } + foldr, err := s.Get(ctx, &folder.GetFolderQuery{ - UID: &cmd.UID, - OrgID: cmd.OrgID, + UID: &cmd.UID, + OrgID: cmd.OrgID, + SignedInUser: cmd.SignedInUser, }) if err != nil { return nil, err @@ -448,9 +452,14 @@ func (s *Service) Move(ctx context.Context, cmd *folder.MoveFolderCommand) (*fol } func (s *Service) Delete(ctx context.Context, cmd *folder.DeleteFolderCommand) error { + if cmd.SignedInUser == nil { + return folder.ErrBadRequest.Errorf("missing signed in user") + } + _, err := s.Get(ctx, &folder.GetFolderQuery{ - UID: &cmd.UID, - OrgID: cmd.OrgID, + UID: &cmd.UID, + OrgID: cmd.OrgID, + SignedInUser: cmd.SignedInUser, }) if err != nil { return err diff --git a/pkg/services/folder/folderimpl/folder_test.go b/pkg/services/folder/folderimpl/folder_test.go index 19ca8e8ddba..cdf5c53603b 100644 --- a/pkg/services/folder/folderimpl/folder_test.go +++ b/pkg/services/folder/folderimpl/folder_test.go @@ -9,6 +9,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" + "github.com/xorcare/pointer" "github.com/grafana/grafana/pkg/bus" "github.com/grafana/grafana/pkg/infra/appcontext" @@ -88,18 +89,30 @@ func TestIntegrationFolderService(t *testing.T) { dashStore.On("GetFolderByUID", mock.Anything, orgID, folderUID).Return(f, nil) t.Run("When get folder by id should return access denied error", func(t *testing.T) { - _, err := service.getFolderByID(context.Background(), usr, folderId, orgID) + _, err := service.Get(context.Background(), &folder.GetFolderQuery{ + ID: &folderId, + OrgID: orgID, + SignedInUser: usr, + }) require.Equal(t, err, dashboards.ErrFolderAccessDenied) }) t.Run("When get folder by id, with id = 0 should return default folder", func(t *testing.T) { - foldr, err := service.getFolderByID(context.Background(), usr, 0, orgID) + foldr, err := service.Get(context.Background(), &folder.GetFolderQuery{ + ID: pointer.Int64(0), + OrgID: orgID, + SignedInUser: usr, + }) require.NoError(t, err) require.Equal(t, foldr, &folder.Folder{ID: 0, Title: "General"}) }) t.Run("When get folder by uid should return access denied error", func(t *testing.T) { - _, err := service.getFolderByUID(context.Background(), usr, orgID, folderUID) + _, err := service.Get(context.Background(), &folder.GetFolderQuery{ + UID: &folderUID, + OrgID: orgID, + SignedInUser: usr, + }) require.Equal(t, err, dashboards.ErrFolderAccessDenied) }) @@ -107,9 +120,10 @@ func TestIntegrationFolderService(t *testing.T) { dashStore.On("ValidateDashboardBeforeSave", mock.Anything, mock.AnythingOfType("*models.Dashboard"), mock.AnythingOfType("bool")).Return(true, nil).Times(2) ctx := appcontext.WithUser(context.Background(), usr) _, err := service.Create(ctx, &folder.CreateFolderCommand{ - OrgID: orgID, - Title: f.Title, - UID: folderUID, + OrgID: orgID, + Title: f.Title, + UID: folderUID, + SignedInUser: usr, }) require.Equal(t, err, dashboards.ErrFolderAccessDenied) }) @@ -141,6 +155,7 @@ func TestIntegrationFolderService(t *testing.T) { UID: folderUID, OrgID: orgID, ForceDeleteRules: false, + SignedInUser: usr, }) require.Error(t, err) require.Equal(t, err, dashboards.ErrFolderAccessDenied) @@ -166,9 +181,10 @@ func TestIntegrationFolderService(t *testing.T) { ctx := appcontext.WithUser(context.Background(), usr) actualFolder, err := service.Create(ctx, &folder.CreateFolderCommand{ - OrgID: orgID, - Title: dash.Title, - UID: "someuid", + OrgID: orgID, + Title: dash.Title, + UID: "someuid", + SignedInUser: usr, }) require.NoError(t, err) require.Equal(t, f, actualFolder) @@ -180,9 +196,10 @@ func TestIntegrationFolderService(t *testing.T) { ctx := appcontext.WithUser(context.Background(), usr) _, err := service.Create(ctx, &folder.CreateFolderCommand{ - OrgID: orgID, - Title: dash.Title, - UID: "general", + OrgID: orgID, + Title: dash.Title, + UID: "general", + SignedInUser: usr, }) require.ErrorIs(t, err, dashboards.ErrFolderInvalidUID) }) @@ -225,6 +242,7 @@ func TestIntegrationFolderService(t *testing.T) { UID: f.UID, OrgID: orgID, ForceDeleteRules: expectedForceDeleteRules, + SignedInUser: usr, }) require.NoError(t, err) require.NotNil(t, actualCmd) @@ -334,7 +352,7 @@ func TestNestedFolderServiceFeatureToggle(t *testing.T) { t.Run("create folder", func(t *testing.T) { folderStore.ExpectedFolder = &folder.Folder{} ctx := appcontext.WithUser(context.Background(), usr) - res, err := folderService.Create(ctx, &folder.CreateFolderCommand{}) + res, err := folderService.Create(ctx, &folder.CreateFolderCommand{SignedInUser: usr}) require.NoError(t, err) require.NotNil(t, res.UID) }) @@ -399,9 +417,10 @@ func TestNestedFolderService(t *testing.T) { ctx = appcontext.WithUser(ctx, usr) _, err := foldersvc.Create(ctx, &folder.CreateFolderCommand{ - OrgID: orgID, - Title: "myFolder", - UID: "myFolder", + OrgID: orgID, + Title: "myFolder", + UID: "myFolder", + SignedInUser: usr, }) require.NoError(t, err) // CreateFolder should not call the folder store create if the feature toggle is not enabled. @@ -418,7 +437,7 @@ func TestNestedFolderService(t *testing.T) { g := guardian.New guardian.MockDashboardGuardian(&guardian.FakeDashboardGuardian{CanSaveValue: true}) - err := foldersvc.DeleteFolder(ctx, &folder.DeleteFolderCommand{UID: "myFolder", OrgID: orgID}) + err := foldersvc.DeleteFolder(ctx, &folder.DeleteFolderCommand{UID: "myFolder", OrgID: orgID, SignedInUser: usr}) require.NoError(t, err) require.NotNil(t, actualCmd) @@ -460,9 +479,10 @@ func TestNestedFolderService(t *testing.T) { dashStore.On("GetFolderByID", mock.Anything, mock.AnythingOfType("int64"), mock.AnythingOfType("int64")).Return(&folder.Folder{}, nil) ctx = appcontext.WithUser(ctx, usr) _, err := foldersvc.Create(ctx, &folder.CreateFolderCommand{ - OrgID: orgID, - Title: "myFolder", - UID: "myFolder", + OrgID: orgID, + Title: "myFolder", + UID: "myFolder", + SignedInUser: usr, }) require.NoError(t, err) // CreateFolder should also call the folder store's create method. @@ -488,9 +508,10 @@ func TestNestedFolderService(t *testing.T) { // the service return success as long as the legacy create succeeds ctx = appcontext.WithUser(ctx, usr) _, err := foldersvc.Create(ctx, &folder.CreateFolderCommand{ - OrgID: orgID, - Title: "myFolder", - UID: "myFolder", + OrgID: orgID, + Title: "myFolder", + UID: "myFolder", + SignedInUser: usr, }) require.Error(t, err, "FAILED") @@ -505,7 +526,7 @@ func TestNestedFolderService(t *testing.T) { t.Run("move, no error", func(t *testing.T) { store.ExpectedError = nil store.ExpectedFolder = &folder.Folder{UID: "myFolder", ParentUID: "newFolder"} - f, err := foldersvc.Move(ctx, &folder.MoveFolderCommand{UID: "myFolder", NewParentUID: "newFolder", OrgID: orgID}) + f, err := foldersvc.Move(ctx, &folder.MoveFolderCommand{UID: "myFolder", NewParentUID: "newFolder", OrgID: orgID, SignedInUser: usr}) require.NoError(t, err) require.NotNil(t, f) }) @@ -520,7 +541,7 @@ func TestNestedFolderService(t *testing.T) { g := guardian.New guardian.MockDashboardGuardian(&guardian.FakeDashboardGuardian{CanSaveValue: true}) - err := foldersvc.DeleteFolder(ctx, &folder.DeleteFolderCommand{UID: "myFolder", OrgID: orgID}) + err := foldersvc.DeleteFolder(ctx, &folder.DeleteFolderCommand{UID: "myFolder", OrgID: orgID, SignedInUser: usr}) require.NoError(t, err) require.NotNil(t, actualCmd) diff --git a/pkg/services/folder/model.go b/pkg/services/folder/model.go index ea736371ef5..87b592c5d97 100644 --- a/pkg/services/folder/model.go +++ b/pkg/services/folder/model.go @@ -4,6 +4,7 @@ import ( "time" "github.com/grafana/grafana/pkg/models" + "github.com/grafana/grafana/pkg/services/user" "github.com/grafana/grafana/pkg/util/errutil" ) @@ -66,6 +67,8 @@ type CreateFolderCommand struct { Title string `json:"title"` Description string `json:"description"` ParentUID string `json:"parent_uid"` + + SignedInUser *user.SignedInUser `json:"-"` } // UpdateFolderCommand captures the information required by the folder service @@ -75,6 +78,8 @@ type UpdateFolderCommand struct { NewUID *string `json:"uid" xorm:"uid"` NewTitle *string `json:"title"` NewDescription *string `json:"description"` + + SignedInUser *user.SignedInUser `json:"-"` } // MoveFolderCommand captures the information required by the folder service @@ -83,6 +88,8 @@ type MoveFolderCommand struct { UID string `json:"uid"` NewParentUID string `json:"new_parent_uid"` OrgID int64 `json:"-"` + + SignedInUser *user.SignedInUser `json:"-"` } // DeleteFolderCommand captures the information required by the folder service @@ -91,6 +98,8 @@ type DeleteFolderCommand struct { UID string `json:"uid" xorm:"uid"` OrgID int64 `json:"orgId" xorm:"org_id"` ForceDeleteRules bool `json:"forceDeleteRules"` + + SignedInUser *user.SignedInUser `json:"-"` } // GetFolderQuery is used for all folder Get requests. Only one of UID, ID, or @@ -102,6 +111,8 @@ type GetFolderQuery struct { ID *int64 Title *string OrgID int64 + + SignedInUser *user.SignedInUser `json:"-"` } // GetParentsQuery captures the information required by the folder service to diff --git a/pkg/services/libraryelements/api.go b/pkg/services/libraryelements/api.go index d499390b593..d6afb11f1a2 100644 --- a/pkg/services/libraryelements/api.go +++ b/pkg/services/libraryelements/api.go @@ -48,7 +48,7 @@ func (l *LibraryElementService) createHandler(c *models.ReqContext) response.Res if *cmd.FolderUID == "" { cmd.FolderID = 0 } else { - folder, err := l.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: cmd.FolderUID}) + folder, err := l.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: cmd.FolderUID, SignedInUser: c.SignedInUser}) if err != nil || folder == nil { return response.Error(http.StatusBadRequest, "failed to get folder", err) } @@ -62,7 +62,7 @@ func (l *LibraryElementService) createHandler(c *models.ReqContext) response.Res } if element.FolderID != 0 { - folder, err := l.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, ID: &element.FolderID}) + folder, err := l.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, ID: &element.FolderID, SignedInUser: c.SignedInUser}) if err != nil { return response.Error(http.StatusInternalServerError, "failed to get folder", err) } @@ -176,7 +176,7 @@ func (l *LibraryElementService) patchHandler(c *models.ReqContext) response.Resp if *cmd.FolderUID == "" { cmd.FolderID = 0 } else { - folder, err := l.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: cmd.FolderUID}) + folder, err := l.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: cmd.FolderUID, SignedInUser: c.SignedInUser}) if err != nil || folder == nil { return response.Error(http.StatusBadRequest, "failed to get folder", err) } @@ -190,7 +190,7 @@ func (l *LibraryElementService) patchHandler(c *models.ReqContext) response.Resp } if element.FolderID != 0 { - folder, err := l.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, ID: &element.FolderID}) + folder, err := l.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, ID: &element.FolderID, SignedInUser: c.SignedInUser}) if err != nil { return response.Error(http.StatusInternalServerError, "failed to get folder", err) } diff --git a/pkg/services/libraryelements/guard.go b/pkg/services/libraryelements/guard.go index 958ded662d6..e216507e84a 100644 --- a/pkg/services/libraryelements/guard.go +++ b/pkg/services/libraryelements/guard.go @@ -40,7 +40,7 @@ func (l *LibraryElementService) requireEditPermissionsOnFolder(ctx context.Conte if isGeneralFolder(folderID) && user.HasRole(org.RoleViewer) { return dashboards.ErrFolderAccessDenied } - folder, err := l.folderService.Get(ctx, &folder.GetFolderQuery{ID: &folderID, OrgID: user.OrgID}) + folder, err := l.folderService.Get(ctx, &folder.GetFolderQuery{ID: &folderID, OrgID: user.OrgID, SignedInUser: user}) if err != nil { return err } @@ -63,7 +63,7 @@ func (l *LibraryElementService) requireViewPermissionsOnFolder(ctx context.Conte return nil } - folder, err := l.folderService.Get(ctx, &folder.GetFolderQuery{ID: &folderID, OrgID: user.OrgID}) + folder, err := l.folderService.Get(ctx, &folder.GetFolderQuery{ID: &folderID, OrgID: user.OrgID, SignedInUser: user}) if err != nil { return err } diff --git a/pkg/services/libraryelements/libraryelements_test.go b/pkg/services/libraryelements/libraryelements_test.go index 0a273577558..49e02f71790 100644 --- a/pkg/services/libraryelements/libraryelements_test.go +++ b/pkg/services/libraryelements/libraryelements_test.go @@ -321,7 +321,7 @@ func createFolderWithACL(t *testing.T, sqlStore db.DB, title string, user user.S t.Logf("Creating folder with title and UID %q", title) ctx := appcontext.WithUser(context.Background(), &user) folder, err := s.Create(ctx, &folder.CreateFolderCommand{ - OrgID: user.OrgID, Title: title, UID: title, + OrgID: user.OrgID, Title: title, UID: title, SignedInUser: &user, }) require.NoError(t, err) diff --git a/pkg/services/librarypanels/librarypanels_test.go b/pkg/services/librarypanels/librarypanels_test.go index 202f09eae26..356ea61e045 100644 --- a/pkg/services/librarypanels/librarypanels_test.go +++ b/pkg/services/librarypanels/librarypanels_test.go @@ -728,7 +728,7 @@ func createFolderWithACL(t *testing.T, sqlStore db.DB, title string, user *user. t.Logf("Creating folder with title and UID %q", title) ctx := appcontext.WithUser(context.Background(), user) - folder, err := s.Create(ctx, &folder.CreateFolderCommand{OrgID: user.OrgID, Title: title, UID: title}) + folder, err := s.Create(ctx, &folder.CreateFolderCommand{OrgID: user.OrgID, Title: title, UID: title, SignedInUser: user}) require.NoError(t, err) updateFolderACL(t, dashboardStore, folder.ID, items) diff --git a/pkg/services/ngalert/store/alert_rule.go b/pkg/services/ngalert/store/alert_rule.go index 581d09594fe..6f0df1ca244 100644 --- a/pkg/services/ngalert/store/alert_rule.go +++ b/pkg/services/ngalert/store/alert_rule.go @@ -368,7 +368,7 @@ func (st DBstore) GetUserVisibleNamespaces(ctx context.Context, orgID int64, use // GetNamespaceByTitle is a handler for retrieving a namespace by its title. Alerting rules follow a Grafana folder-like structure which we call namespaces. func (st DBstore) GetNamespaceByTitle(ctx context.Context, namespace string, orgID int64, user *user.SignedInUser, withCanSave bool) (*folder.Folder, error) { - folder, err := st.FolderService.Get(ctx, &folder.GetFolderQuery{OrgID: orgID, Title: &namespace}) + folder, err := st.FolderService.Get(ctx, &folder.GetFolderQuery{OrgID: orgID, Title: &namespace, SignedInUser: user}) if err != nil { return nil, err } @@ -389,7 +389,7 @@ func (st DBstore) GetNamespaceByTitle(ctx context.Context, namespace string, org // GetNamespaceByUID is a handler for retrieving a namespace by its UID. Alerting rules follow a Grafana folder-like structure which we call namespaces. func (st DBstore) GetNamespaceByUID(ctx context.Context, uid string, orgID int64, user *user.SignedInUser) (*folder.Folder, error) { - folder, err := st.FolderService.Get(ctx, &folder.GetFolderQuery{OrgID: orgID, Title: &uid}) + folder, err := st.FolderService.Get(ctx, &folder.GetFolderQuery{OrgID: orgID, Title: &uid, SignedInUser: user}) if err != nil { return nil, err } diff --git a/pkg/services/ngalert/tests/util.go b/pkg/services/ngalert/tests/util.go index b0db8636df4..0adc53b6e95 100644 --- a/pkg/services/ngalert/tests/util.go +++ b/pkg/services/ngalert/tests/util.go @@ -130,10 +130,10 @@ func CreateTestAlertRuleWithLabels(t testing.TB, ctx context.Context, dbstore *s } ctx = appcontext.WithUser(ctx, user) - _, err := dbstore.FolderService.Create(ctx, &folder.CreateFolderCommand{OrgID: orgID, Title: "FOLDER-" + util.GenerateShortUID(), UID: folderUID}) + _, err := dbstore.FolderService.Create(ctx, &folder.CreateFolderCommand{OrgID: orgID, Title: "FOLDER-" + util.GenerateShortUID(), UID: folderUID, SignedInUser: user}) // var foldr *folder.Folder if errors.Is(err, dashboards.ErrFolderWithSameUIDExists) || errors.Is(err, dashboards.ErrFolderVersionMismatch) { - _, err = dbstore.FolderService.Get(ctx, &folder.GetFolderQuery{OrgID: orgID, UID: &folderUID}) + _, err = dbstore.FolderService.Get(ctx, &folder.GetFolderQuery{OrgID: orgID, UID: &folderUID, SignedInUser: user}) } require.NoError(t, err)