IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Fix global role deletion in hosted Grafana (#85980)

Browse Source 
take into account the value of RBACSingleOrganization setting when determining org
This commit is contained in:
Ieva 2024-04-11 18:50:23 +01:00 committed by GitHub
parent 623d4d580e
commit 58059da10b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/services/accesscontrol/middleware.go
View File

@ -269,12 +269,16 @@ func UseGlobalOrgFromRequestData(cfg *setting.Cfg) OrgIDGetter {
}
// UseGlobalOrgFromRequestParams returns global org if `global` flag is set or the org where user is logged in.
func UseGlobalOrgFromRequestParams(c *contextmodel.ReqContext) (int64, error) {
if c.QueryBool("global") {
return GlobalOrgID, nil
}
func UseGlobalOrgFromRequestParams(cfg *setting.Cfg) OrgIDGetter {
return func(c *contextmodel.ReqContext) (int64, error) {
// We only check permissions in the global organization if we are not running a SingleOrganization setup
// That allows Organization Admins to modify global roles and make global assignments, and is intended for use in hosted Grafana.
if c.QueryBool("global") && !cfg.RBACSingleOrganization {
return GlobalOrgID, nil
}
return c.SignedInUser.GetOrgID(), nil
return c.SignedInUser.GetOrgID(), nil
}
}
func getOrgQueryFromRequest(c *contextmodel.ReqContext) (*QueryWithOrg, error) {