Access control: Using RBAC to filter users in list view that you have read access to (#47963)

* Add SQL filter for global user search * Remove scope requirements from endpoints Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2025-02-25 18:55:37 -06:00 · 2022-05-13 09:26:34 +02:00
parent a51c2774b8
commit 555867135b
6 changed files with 57 additions and 11 deletions
--- a/pkg/services/comments/handlers.go
+++ b/pkg/services/comments/handlers.go
@@ -146,7 +146,13 @@ func (s *Service) Get(ctx context.Context, orgID int64, signedInUser *models.Sig
 	}

 	// NOTE: probably replace with comment and user table join.
-	query := &models.SearchUsersQuery{Query: "", Filters: []models.Filter{NewIDFilter(userIds)}, Page: 0, Limit: len(userIds)}
+	query := &models.SearchUsersQuery{
+		Query:        "",
+		Page:         0,
+		Limit:        len(userIds),
+		SignedInUser: signedInUser,
+		Filters:      []models.Filter{NewIDFilter(userIds)},
+	}
 	if err := s.sqlStore.SearchUsers(ctx, query); err != nil {
 		return nil, err
 	}