From 10fbabfb2ea7aa7b7793a54ce17b69258e277a83 Mon Sep 17 00:00:00 2001 From: Leonard Gram Date: Mon, 17 Feb 2020 15:32:20 +0100 Subject: [PATCH] =?UTF-8?q?Sqlstore:=20guard=20against=20getting=20a=20das?= =?UTF-8?q?hboard=20without=20specifying=20identi=E2=80=A6=20(#22246)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Sqlstore: guard against getting a dashboard without specifying identifier * Sqlstore: linting --- pkg/models/dashboards.go | 1 + pkg/services/sqlstore/dashboard.go | 4 ++++ pkg/services/sqlstore/dashboard_test.go | 9 +++++++++ 3 files changed, 14 insertions(+) diff --git a/pkg/models/dashboards.go b/pkg/models/dashboards.go index 60677c9b6f6..82cc43b25ff 100644 --- a/pkg/models/dashboards.go +++ b/pkg/models/dashboards.go @@ -32,6 +32,7 @@ var ( ErrDashboardUidToLong = errors.New("uid to long. max 40 characters") ErrDashboardCannotSaveProvisionedDashboard = errors.New("Cannot save provisioned dashboard") ErrDashboardCannotDeleteProvisionedDashboard = errors.New("provisioned dashboard cannot be deleted") + ErrDashboardIdentifierNotSet = errors.New("Unique identfier needed to be able to get a dashboard") RootFolderName = "General" ) diff --git a/pkg/services/sqlstore/dashboard.go b/pkg/services/sqlstore/dashboard.go index edba569da18..0206269c135 100644 --- a/pkg/services/sqlstore/dashboard.go +++ b/pkg/services/sqlstore/dashboard.go @@ -169,6 +169,10 @@ func generateNewDashboardUid(sess *DBSession, orgId int64) (string, error) { } func GetDashboard(query *models.GetDashboardQuery) error { + if query.Id == 0 && len(query.Slug) == 0 && len(query.Uid) == 0 { + return models.ErrDashboardIdentifierNotSet + } + dashboard := models.Dashboard{Slug: query.Slug, OrgId: query.OrgId, Id: query.Id, Uid: query.Uid} has, err := x.Get(&dashboard) diff --git a/pkg/services/sqlstore/dashboard_test.go b/pkg/services/sqlstore/dashboard_test.go index e2c88f70c1b..2c1e59dabae 100644 --- a/pkg/services/sqlstore/dashboard_test.go +++ b/pkg/services/sqlstore/dashboard_test.go @@ -88,6 +88,15 @@ func TestDashboardDataAccess(t *testing.T) { So(query.Result.IsFolder, ShouldBeFalse) }) + Convey("Shouldn't be able to get a dashboard with just an OrgID", func() { + query := m.GetDashboardQuery{ + OrgId: 1, + } + + err := GetDashboard(&query) + So(err, ShouldEqual, m.ErrDashboardIdentifierNotSet) + }) + Convey("Should be able to delete dashboard", func() { dash := insertTestDashboard("delete me", 1, 0, false, "delete this")