IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Do not set permissions on data sources with wildcard UID in OSS (#87220)

Browse Source 
do not set permissions on DS with wildcard UID
This commit is contained in:
Ieva 2024-05-02 11:18:29 +01:00 committed by GitHub
parent b5a084611f
commit 28dd1ddd8e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/services/accesscontrol/ossaccesscontrol/permissions_services.go
View File

@ -322,8 +322,8 @@ func (e DatasourcePermissionsService) SetBuiltInRolePermission(ctx context.Conte
func (e DatasourcePermissionsService) SetPermissions(ctx context.Context, orgID int64, resourceID string, commands ...accesscontrol.SetResourcePermissionCommand) ([]accesscontrol.ResourcePermission, error) { func (e DatasourcePermissionsService) SetPermissions(ctx context.Context, orgID int64, resourceID string, commands ...accesscontrol.SetResourcePermissionCommand) ([]accesscontrol.ResourcePermission, error) {
var dbCommands []resourcepermissions.SetResourcePermissionsCommand var dbCommands []resourcepermissions.SetResourcePermissionsCommand
for _, cmd := range commands { for _, cmd := range commands {
// Only set query permissions for built-in roles // Only set query permissions for built-in roles; do not set permissions for data sources with * as UID, as this would grant wildcard permissions
if cmd.Permission != "Query" || cmd.BuiltinRole == "" { if cmd.Permission != "Query" || cmd.BuiltinRole == "" || resourceID == "*" {
continue continue
} }
actions := DatasourceQueryActions actions := DatasourceQueryActions