RBAC: Fix global role deletion in hosted Grafana (#85980)

take into account the value of RBACSingleOrganization setting when determining org
This commit is contained in:
Ieva 2024-04-11 18:50:23 +01:00 committed by GitHub
parent 623d4d580e
commit 58059da10b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -269,12 +269,16 @@ func UseGlobalOrgFromRequestData(cfg *setting.Cfg) OrgIDGetter {
}
// UseGlobalOrgFromRequestParams returns global org if `global` flag is set or the org where user is logged in.
func UseGlobalOrgFromRequestParams(c *contextmodel.ReqContext) (int64, error) {
if c.QueryBool("global") {
return GlobalOrgID, nil
}
func UseGlobalOrgFromRequestParams(cfg *setting.Cfg) OrgIDGetter {
return func(c *contextmodel.ReqContext) (int64, error) {
// We only check permissions in the global organization if we are not running a SingleOrganization setup
// That allows Organization Admins to modify global roles and make global assignments, and is intended for use in hosted Grafana.
if c.QueryBool("global") && !cfg.RBACSingleOrganization {
return GlobalOrgID, nil
}
return c.SignedInUser.GetOrgID(), nil
return c.SignedInUser.GetOrgID(), nil
}
}
func getOrgQueryFromRequest(c *contextmodel.ReqContext) (*QueryWithOrg, error) {