IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Alerting: update authorization logic to use proper legacy roles when fine-grained access is disabled (#46931)

Browse Source 
* require legacy Editor for post, put, delete endpoints
* require user to be signed in on group level because handler that checks that user has role Editor does not check it is signed in
This commit is contained in:
Yuriy Tseretyan
2022-03-24 17:13:47 -04:00
committed by GitHub
parent 8868848e93
commit 15e4556c2f
10 changed files with 39 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/tests/api/alerting/api_alertmanager_test.go
View File

@@ -101,7 +101,7 @@ func TestAMConfigAccess(t *testing.T) {
desc: "viewer request should fail",
url: "http://viewer:viewer@%s/api/alertmanager/grafana/config/api/v1/alerts",
expStatus: http.StatusForbidden,
expBody: `{"message": "permission denied"}`,
expBody: `{"message": "Permission denied"}`,
},
{
desc: "editor request should succeed",
@@ -171,7 +171,7 @@ func TestAMConfigAccess(t *testing.T) {
desc: "viewer request should fail",
url: "http://viewer:viewer@%s/api/alertmanager/grafana/config/api/v1/alerts",
expStatus: http.StatusForbidden,
expBody: `{"message": "permission denied"}`,
expBody: `{"message": "Permission denied"}`,
},
{
desc: "editor request should succeed",
@@ -234,7 +234,7 @@ func TestAMConfigAccess(t *testing.T) {
desc: "viewer request should fail",
url: "http://viewer:viewer@%s/api/alertmanager/grafana/api/v2/silences",
expStatus: http.StatusForbidden,
expBody: `{"message": "permission denied"}`,
expBody: `{"message": "Permission denied"}`,
},
{
desc: "editor request should succeed",
@@ -340,7 +340,7 @@ func TestAMConfigAccess(t *testing.T) {
desc: "viewer request should fail",
url: "http://viewer:viewer@%s/api/alertmanager/grafana/api/v2/silence/%s",
expStatus: http.StatusForbidden,
expBody: `{"message": "permission denied"}`,
expBody: `{"message": "Permission denied"}`,
},
{
desc: "editor request should succeed",
@@ -615,7 +615,7 @@ func TestRulerAccess(t *testing.T) {
desc: "viewer request should fail",
url: "http://viewer:viewer@%s/api/ruler/grafana/api/v1/rules/default",
expStatus: http.StatusForbidden,
expectedResponse: `{"message": "user does not have permissions to edit the namespace: user does not have permissions to edit the namespace"}`,
expectedResponse: `{"message": "Permission denied"}`,
},
{
desc: "editor request should succeed",