IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Authz: Check for parent uid instead of id (#100121)

Browse Source 
* Check for parent uid instead of id
This commit is contained in:
Karl Persson 2025-02-05 15:06:38 +01:00 committed by GitHub
parent 6d159b6240
commit 64800f293e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/services/dashboards/service/dashboard_service.go
View File

@ -13,6 +13,7 @@ import (
"github.com/google/uuid"
"github.com/prometheus/client_golang/prometheus"
"go.opentelemetry.io/otel"
"golang.org/x/exp/slices"
"golang.org/x/sync/errgroup"
apierrors "k8s.io/apimachinery/pkg/api/errors"
@ -989,10 +990,8 @@ func (dr *DashboardServiceImpl) setDefaultPermissions(ctx context.Context, dto *
}
metrics.MFolderIDsServiceCount.WithLabelValues(metrics.Dashboard).Inc()
// nolint:staticcheck
inFolder := dash.FolderID > 0
var permissions []accesscontrol.SetResourcePermissionCommand
var permissions []accesscontrol.SetResourcePermissionCommand
if !provisioned && dto.User.IsIdentityType(claims.TypeUser, claims.TypeServiceAccount) {
userID, err := dto.User.GetInternalID()
if err != nil {
@ -1004,7 +1003,7 @@ func (dr *DashboardServiceImpl) setDefaultPermissions(ctx context.Context, dto *
}
}
if !inFolder {
if dash.FolderUID == "" {
permissions = append(permissions, []accesscontrol.SetResourcePermissionCommand{
{BuiltinRole: string(org.RoleEditor), Permission: dashboardaccess.PERMISSION_EDIT.String()},
{BuiltinRole: string(org.RoleViewer), Permission: dashboardaccess.PERMISSION_VIEW.String()},
@ -1025,9 +1024,7 @@ func (dr *DashboardServiceImpl) setDefaultFolderPermissions(ctx context.Context,
return
}
inFolder := f.ParentUID != ""
var permissions []accesscontrol.SetResourcePermissionCommand
if !provisioned && cmd.SignedInUser.IsIdentityType(claims.TypeUser) {
userID, err := cmd.SignedInUser.GetInternalID()
if err != nil {
@ -1039,7 +1036,7 @@ func (dr *DashboardServiceImpl) setDefaultFolderPermissions(ctx context.Context,
}
}
if !inFolder {
if f.ParentUID == "" {
permissions = append(permissions, []accesscontrol.SetResourcePermissionCommand{
{BuiltinRole: string(org.RoleEditor), Permission: dashboardaccess.PERMISSION_EDIT.String()},
{BuiltinRole: string(org.RoleViewer), Permission: dashboardaccess.PERMISSION_VIEW.String()},