IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Authz: Remove use of SignedInUser copy for permission evaluation (#78448)

Browse Source 
* remove use of SignedInUserCopies

* add extra safety to not cross assign permissions

unwind circular dependency

dashboardacl->dashboardaccess

fix missing import

* correctly set teams for permissions

* fix missing inits

* nit: check err

* exit early for api keys
This commit is contained in:
Jo
2023-11-22 14:20:22 +01:00
committed by GitHub
parent 392a4342a8
commit 0de66a8099
44 changed files with 422 additions and 337 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/services/accesscontrol/ossaccesscontrol/permissions_services.go
View File

@@ -12,6 +12,7 @@ import (
"github.com/grafana/grafana/pkg/services/accesscontrol/resourcepermissions"
"github.com/grafana/grafana/pkg/services/auth/identity"
"github.com/grafana/grafana/pkg/services/dashboards"
"github.com/grafana/grafana/pkg/services/dashboards/dashboardaccess"
"github.com/grafana/grafana/pkg/services/featuremgmt"
"github.com/grafana/grafana/pkg/services/folder"
"github.com/grafana/grafana/pkg/services/libraryelements"
@@ -87,7 +88,7 @@ func ProvideTeamPermissions(
case "Member":
return teamimpl.AddOrUpdateTeamMemberHook(session, user.ID, orgID, teamId, user.IsExternal, 0)
case "Admin":
return teamimpl.AddOrUpdateTeamMemberHook(session, user.ID, orgID, teamId, user.IsExternal, dashboards.PERMISSION_ADMIN)
return teamimpl.AddOrUpdateTeamMemberHook(session, user.ID, orgID, teamId, user.IsExternal, dashboardaccess.PERMISSION_ADMIN)
case "":
return teamimpl.RemoveTeamMemberHook(session, &team.RemoveTeamMemberCommand{
OrgID: orgID,