IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Use ac.parameter for the scope protecting plugins routes (#52389)

Browse Source 
* Fix: Use parameter for the scope protecting /a routes

* Fix: Use parameter for the scope protecting /plugins/resources routes
This commit is contained in:
Gabriel MABILLE
2022-07-19 09:30:54 +02:00
committed by GitHub
parent 11b743ecd9
commit 2617a25fb5
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/api/api.go
View File

@@ -91,7 +91,7 @@ func (hs *HTTPServer) registerRoutes() {
r.Get("/plugins/:id/edit", reqSignedIn, hs.Index) // deprecated
r.Get("/plugins/:id/page/:page", reqSignedIn, hs.Index)
// App Root Page
appPluginIDScope := plugins.ScopeProvider.GetResourceScope(":id")
appPluginIDScope := plugins.ScopeProvider.GetResourceScope(ac.Parameter(":id"))
r.Get("/a/:id/*", authorize(reqSignedIn, ac.EvalPermission(plugins.ActionAppAccess, appPluginIDScope)), hs.Index)
r.Get("/a/:id", authorize(reqSignedIn, ac.EvalPermission(plugins.ActionAppAccess, appPluginIDScope)), hs.Index)
@@ -334,7 +334,7 @@ func (hs *HTTPServer) registerRoutes() {
datasourceRoute.Get("/id/:name", authorize(reqSignedIn, ac.EvalPermission(datasources.ActionIDRead, nameScope)), routing.Wrap(hs.GetDataSourceIdByName))
})
pluginIDScope := plugins.ScopeProvider.GetResourceScope(":pluginId")
pluginIDScope := plugins.ScopeProvider.GetResourceScope(ac.Parameter(":pluginId"))
apiRoute.Get("/plugins", routing.Wrap(hs.GetPluginList))
apiRoute.Get("/plugins/:pluginId/settings", routing.Wrap(hs.GetPluginSettingByID)) // RBAC check performed in handler for App Plugins
apiRoute.Get("/plugins/:pluginId/markdown/:name", routing.Wrap(hs.GetPluginMarkdown))