IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-03 12:11:09 -06:00
Code Issues Packages Projects Releases Wiki Activity

Folders: Forbid performing operations on folders via dashboards HTTP API (#81264)

Browse Source 
* Forbid creating folders via dashboard api

* Update delete endpoint

* Update docs
This commit is contained in:
Tania 2024-02-04 01:16:19 +01:00 committed by GitHub
parent bd0fd21852
commit 14a36b4040
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/sources/developers/http_api/dashboard.md
View File

@ -37,6 +37,8 @@ The uid can have a maximum length of 40 characters.
Creates a new dashboard or updates an existing dashboard. When updating existing dashboards, if you do not define the `folderId` or the `folderUid` property, then the dashboard(s) are moved to the root level. (You need to define only one property, not both).
> **Note:** This endpoint is not intended for creating folders, use `POST /api/folders` for that.
**Required permissions**
See note in the [introduction]({{< ref "#dashboard-api" >}}) for an explanation.

9
pkg/api/dashboard.go
View File

@ -303,6 +303,10 @@ func (hs *HTTPServer) deleteDashboard(c *contextmodel.ReqContext) response.Respo
return dashboardGuardianResponse(err)
}
if dash.IsFolder {
return response.Error(http.StatusBadRequest, "Use folders endpoint for deleting folders.", nil)
}
namespaceID, userIDStr := c.SignedInUser.GetNamespacedID()
// disconnect all library elements for this dashboard
@ -356,6 +360,7 @@ func (hs *HTTPServer) deleteDashboard(c *contextmodel.ReqContext) response.Respo
// Create / Update dashboard
//
// Creates a new dashboard or updates an existing dashboard.
// Note: This endpoint is not intended for creating folders, use `POST /api/folders` for that.
//
// Responses:
// 200: postDashboardResponse
@ -375,6 +380,10 @@ func (hs *HTTPServer) PostDashboard(c *contextmodel.ReqContext) response.Respons
}
func (hs *HTTPServer) postDashboard(c *contextmodel.ReqContext, cmd dashboards.SaveDashboardCommand) response.Response {
if cmd.IsFolder {
return response.Error(http.StatusBadRequest, "Use folders endpoint for saving folders.", nil)
}
ctx := c.Req.Context()
var err error

2
public/api-merged.json
View File

@ -3015,7 +3015,7 @@
},
"/dashboards/db": {
"post": {
"description": "Creates a new dashboard or updates an existing dashboard.",
"description": "Creates a new dashboard or updates an existing dashboard.\nNote: This endpoint is not intended for creating folders, use `POST /api/folders` for that.",
"tags": [
"dashboards"
],

2
public/openapi3.json
View File

@ -16107,7 +16107,7 @@
},
"/dashboards/db": {
"post": {
"description": "Creates a new dashboard or updates an existing dashboard.",
"description": "Creates a new dashboard or updates an existing dashboard.\nNote: This endpoint is not intended for creating folders, use `POST /api/folders` for that.",
"operationId": "postDashboard",
"requestBody": {
"content": {