IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-12 00:25:46 -06:00
Code Issues Packages Projects Releases Wiki Activity

teams: added delete team guard

Browse Source
This commit is contained in:
Leonard Gram 2019-03-11 12:03:15 +01:00
parent 8e7a8282c1
commit 23231e6d51
2 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/api/api.go
View File

@ -155,7 +155,7 @@ func (hs *HTTPServer) registerRoutes() {
// team (admin permission required) // team (admin permission required)
apiRoute.Group("/teams", func(teamsRoute routing.RouteRegister) { apiRoute.Group("/teams", func(teamsRoute routing.RouteRegister) {
teamsRoute.Post("/", bind(m.CreateTeamCommand{}), Wrap(hs.CreateTeam)) teamsRoute.Post("/", bind(m.CreateTeamCommand{}), Wrap(hs.CreateTeam))
teamsRoute.Put("/:teamId", bind(m.UpdateTeamCommand{}), Wrap(hs.UpdateTeam)) teamsRoute.Put("/:teamId", bind(m.UpdateTeamCommand{}), Wrap(UpdateTeam))
teamsRoute.Delete("/:teamId", Wrap(DeleteTeamByID)) teamsRoute.Delete("/:teamId", Wrap(DeleteTeamByID))
teamsRoute.Get("/:teamId/members", Wrap(GetTeamMembers)) teamsRoute.Get("/:teamId/members", Wrap(GetTeamMembers))
teamsRoute.Post("/:teamId/members", bind(m.AddTeamMemberCommand{}), Wrap(AddTeamMember)) teamsRoute.Post("/:teamId/members", bind(m.AddTeamMemberCommand{}), Wrap(AddTeamMember))

16
pkg/api/team.go
View File

@ -38,12 +38,12 @@ func (hs *HTTPServer) CreateTeam(c *m.ReqContext, cmd m.CreateTeamCommand) Respo
} }
// PUT /api/teams/:teamId // PUT /api/teams/:teamId
func (hs *HTTPServer) UpdateTeam(c *m.ReqContext, cmd m.UpdateTeamCommand) Response { func UpdateTeam(c *m.ReqContext, cmd m.UpdateTeamCommand) Response {
cmd.OrgId = c.OrgId cmd.OrgId = c.OrgId
cmd.Id = c.ParamsInt64(":teamId") cmd.Id = c.ParamsInt64(":teamId")
if err := teams.CanUpdateTeam(cmd.OrgId, cmd.Id, c.SignedInUser); err != nil { if err := teams.CanUpdateTeam(cmd.OrgId, cmd.Id, c.SignedInUser); err != nil {
return Error(403, "User not allowed to update team", err) return Error(403, "Not allowed to update team", err)
} }
if err := bus.Dispatch(&cmd); err != nil { if err := bus.Dispatch(&cmd); err != nil {
@ -58,11 +58,19 @@ func (hs *HTTPServer) UpdateTeam(c *m.ReqContext, cmd m.UpdateTeamCommand) Respo
// DELETE /api/teams/:teamId // DELETE /api/teams/:teamId
func DeleteTeamByID(c *m.ReqContext) Response { func DeleteTeamByID(c *m.ReqContext) Response {
if err := bus.Dispatch(&m.DeleteTeamCommand{OrgId: c.OrgId, Id: c.ParamsInt64(":teamId")}); err != nil { orgId := c.OrgId
teamId := c.ParamsInt64(":teamId")
user := c.SignedInUser
if err := teams.CanUpdateTeam(orgId, teamId, user); err != nil {
return Error(403, "Not allowed to delete team", err)
}
if err := bus.Dispatch(&m.DeleteTeamCommand{OrgId: orgId, Id: teamId}); err != nil {
if err == m.ErrTeamNotFound { if err == m.ErrTeamNotFound {
return Error(404, "Failed to delete Team. ID not found", nil) return Error(404, "Failed to delete Team. ID not found", nil)
} }
return Error(500, "Failed to update Team", err) return Error(500, "Failed to delete Team", err)
} }
return Success("Team deleted") return Success("Team deleted")
} }