IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Fix filter so that check for access on service account is correct (#78907)

Browse Source 
Fix filter so that check for access on service account is in correct place
This commit is contained in:
Karl Persson 2023-11-30 16:32:04 +01:00 committed by GitHub
parent cdad712547
commit 0f0249abea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/services/accesscontrol/resourcepermissions/store.go
View File

@ -393,14 +393,14 @@ func (s *store) getResourcePermissions(sess *db.Session, orgID int64, query GetR
return nil, err
}
filter := "(" + userFilter.Where + " AND NOT u.is_service_account)"
filter := "((" + userFilter.Where + " AND NOT u.is_service_account)"
saFilter, err := accesscontrol.Filter(query.User, "u.id", "serviceaccounts:id:", serviceaccounts.ActionRead)
if err != nil {
return nil, err
}
filter += " OR (" + saFilter.Where + " AND u.is_service_account)"
filter += " OR (" + saFilter.Where + " AND u.is_service_account))"
userQuery += " AND " + filter
args = append(args, userFilter.Args...)