mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Auth: Unfurl OrgID in pkg/api to allow using identity.Requester interface (#76108)
Unfurl OrgID in pkg/api to allow using identity.Requester interface
This commit is contained in:
Jo
GitHub
@@ -38,7 +38,7 @@ func (hs *HTTPServer) ValidateOrgAlert(c *contextmodel.ReqContext) {
|
||||
return
|
||||
}
|
||||
|
||||
if c.OrgID != res.OrgID {
|
||||
if c.SignedInUser.GetOrgID() != res.OrgID {
|
||||
c.JsonApiErr(403, "You are not allowed to edit/view alert", nil)
|
||||
return
|
||||
}
|
||||
@@ -61,7 +61,7 @@ func (hs *HTTPServer) GetAlertStatesForDashboard(c *contextmodel.ReqContext) res
|
||||
}
|
||||
|
||||
query := alertmodels.GetAlertStatesForDashboardQuery{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
DashboardID: c.QueryInt64("dashboardId"),
|
||||
}
|
||||
|
||||
@@ -109,7 +109,7 @@ func (hs *HTTPServer) GetAlerts(c *contextmodel.ReqContext) response.Response {
|
||||
Tags: dashboardTags,
|
||||
SignedInUser: c.SignedInUser,
|
||||
Limit: 1000,
|
||||
OrgId: c.OrgID,
|
||||
OrgId: c.SignedInUser.GetOrgID(),
|
||||
DashboardIds: dashboardIDs,
|
||||
Type: string(model.DashHitDB),
|
||||
FolderIds: folderIDs,
|
||||
@@ -134,7 +134,7 @@ func (hs *HTTPServer) GetAlerts(c *contextmodel.ReqContext) response.Response {
|
||||
}
|
||||
|
||||
query := alertmodels.GetAlertsQuery{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
DashboardIDs: dashboardIDs,
|
||||
PanelID: c.QueryInt64("panelId"),
|
||||
Limit: c.QueryInt64("limit"),
|
||||
@@ -178,7 +178,7 @@ func (hs *HTTPServer) AlertTest(c *contextmodel.ReqContext) response.Response {
|
||||
return response.Error(400, "The dashboard needs to be saved at least once before you can test an alert rule", nil)
|
||||
}
|
||||
|
||||
res, err := hs.AlertEngine.AlertTest(c.OrgID, dto.Dashboard, dto.PanelId, c.SignedInUser)
|
||||
res, err := hs.AlertEngine.AlertTest(c.SignedInUser.GetOrgID(), dto.Dashboard, dto.PanelId, c.SignedInUser)
|
||||
if err != nil {
|
||||
var validationErr alerting.ValidationError
|
||||
if errors.As(err, &validationErr) {
|
||||
@@ -302,7 +302,7 @@ func (hs *HTTPServer) GetAlertNotifications(c *contextmodel.ReqContext) response
|
||||
}
|
||||
|
||||
func (hs *HTTPServer) getAlertNotificationsInternal(c *contextmodel.ReqContext) ([]*alertmodels.AlertNotification, error) {
|
||||
query := &alertmodels.GetAllAlertNotificationsQuery{OrgID: c.OrgID}
|
||||
query := &alertmodels.GetAllAlertNotificationsQuery{OrgID: c.SignedInUser.GetOrgID()}
|
||||
return hs.AlertNotificationService.GetAllAlertNotifications(c.Req.Context(), query)
|
||||
}
|
||||
|
||||
@@ -324,7 +324,7 @@ func (hs *HTTPServer) GetAlertNotificationByID(c *contextmodel.ReqContext) respo
|
||||
return response.Error(http.StatusBadRequest, "notificationId is invalid", err)
|
||||
}
|
||||
query := &alertmodels.GetAlertNotificationsQuery{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
ID: notificationId,
|
||||
}
|
||||
|
||||
@@ -358,7 +358,7 @@ func (hs *HTTPServer) GetAlertNotificationByID(c *contextmodel.ReqContext) respo
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetAlertNotificationByUID(c *contextmodel.ReqContext) response.Response {
|
||||
query := &alertmodels.GetAlertNotificationsWithUidQuery{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
UID: web.Params(c.Req)[":uid"],
|
||||
}
|
||||
|
||||
@@ -395,7 +395,7 @@ func (hs *HTTPServer) CreateAlertNotification(c *contextmodel.ReqContext) respon
|
||||
if err := web.Bind(c.Req, &cmd); err != nil {
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
cmd.OrgID = c.OrgID
|
||||
cmd.OrgID = c.SignedInUser.GetOrgID()
|
||||
|
||||
res, err := hs.AlertNotificationService.CreateAlertNotificationCommand(c.Req.Context(), &cmd)
|
||||
if err != nil {
|
||||
@@ -429,7 +429,7 @@ func (hs *HTTPServer) UpdateAlertNotification(c *contextmodel.ReqContext) respon
|
||||
if err := web.Bind(c.Req, &cmd); err != nil {
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
cmd.OrgID = c.OrgID
|
||||
cmd.OrgID = c.SignedInUser.GetOrgID()
|
||||
|
||||
err := hs.fillWithSecureSettingsData(c.Req.Context(), &cmd)
|
||||
if err != nil {
|
||||
@@ -448,7 +448,7 @@ func (hs *HTTPServer) UpdateAlertNotification(c *contextmodel.ReqContext) respon
|
||||
}
|
||||
|
||||
query := alertmodels.GetAlertNotificationsQuery{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
ID: cmd.ID,
|
||||
}
|
||||
|
||||
@@ -477,7 +477,7 @@ func (hs *HTTPServer) UpdateAlertNotificationByUID(c *contextmodel.ReqContext) r
|
||||
if err := web.Bind(c.Req, &cmd); err != nil {
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
cmd.OrgID = c.OrgID
|
||||
cmd.OrgID = c.SignedInUser.GetOrgID()
|
||||
cmd.UID = web.Params(c.Req)[":uid"]
|
||||
|
||||
err := hs.fillWithSecureSettingsDataByUID(c.Req.Context(), &cmd)
|
||||
@@ -582,7 +582,7 @@ func (hs *HTTPServer) DeleteAlertNotification(c *contextmodel.ReqContext) respon
|
||||
}
|
||||
|
||||
cmd := alertmodels.DeleteAlertNotificationCommand{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
ID: notificationId,
|
||||
}
|
||||
|
||||
@@ -610,7 +610,7 @@ func (hs *HTTPServer) DeleteAlertNotification(c *contextmodel.ReqContext) respon
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) DeleteAlertNotificationByUID(c *contextmodel.ReqContext) response.Response {
|
||||
cmd := alertmodels.DeleteAlertNotificationWithUidCommand{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
UID: web.Params(c.Req)[":uid"],
|
||||
}
|
||||
|
||||
@@ -646,7 +646,7 @@ func (hs *HTTPServer) NotificationTest(c *contextmodel.ReqContext) response.Resp
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
cmd := &alerting.NotificationTestCommand{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
ID: dto.ID,
|
||||
Name: dto.Name,
|
||||
Type: dto.Type,
|
||||
@@ -704,7 +704,7 @@ func (hs *HTTPServer) PauseAlert(legacyAlertingEnabled *bool) func(c *contextmod
|
||||
return response.Error(500, "Get Alert failed", err)
|
||||
}
|
||||
|
||||
guardian, err := guardian.New(c.Req.Context(), res.DashboardID, c.OrgID, c.SignedInUser)
|
||||
guardian, err := guardian.New(c.Req.Context(), res.DashboardID, c.SignedInUser.GetOrgID(), c.SignedInUser)
|
||||
if err != nil {
|
||||
return response.ErrOrFallback(http.StatusInternalServerError, "Error while creating permission guardian", err)
|
||||
}
|
||||
@@ -728,7 +728,7 @@ func (hs *HTTPServer) PauseAlert(legacyAlertingEnabled *bool) func(c *contextmod
|
||||
}
|
||||
|
||||
cmd := alertmodels.PauseAlertCommand{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
AlertIDs: []int64{alertID},
|
||||
Paused: dto.Paused,
|
||||
}
|
||||
|
||||
@@ -33,7 +33,7 @@ func (hs *HTTPServer) GetAnnotations(c *contextmodel.ReqContext) response.Respon
|
||||
query := &annotations.ItemQuery{
|
||||
From: c.QueryInt64("from"),
|
||||
To: c.QueryInt64("to"),
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
UserID: c.QueryInt64("userId"),
|
||||
AlertID: c.QueryInt64("alertId"),
|
||||
DashboardID: c.QueryInt64("dashboardId"),
|
||||
@@ -48,7 +48,7 @@ func (hs *HTTPServer) GetAnnotations(c *contextmodel.ReqContext) response.Respon
|
||||
|
||||
// When dashboard UID present in the request, we ignore dashboard ID
|
||||
if query.DashboardUID != "" {
|
||||
dq := dashboards.GetDashboardQuery{UID: query.DashboardUID, OrgID: c.OrgID}
|
||||
dq := dashboards.GetDashboardQuery{UID: query.DashboardUID, OrgID: c.SignedInUser.GetOrgID()}
|
||||
dqResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &dq)
|
||||
if err != nil {
|
||||
return response.Error(http.StatusBadRequest, "Invalid dashboard UID in annotation request", err)
|
||||
@@ -73,7 +73,7 @@ func (hs *HTTPServer) GetAnnotations(c *contextmodel.ReqContext) response.Respon
|
||||
if val, ok := dashboardCache[item.DashboardID]; ok {
|
||||
item.DashboardUID = val
|
||||
} else {
|
||||
query := dashboards.GetDashboardQuery{ID: item.DashboardID, OrgID: c.OrgID}
|
||||
query := dashboards.GetDashboardQuery{ID: item.DashboardID, OrgID: c.SignedInUser.GetOrgID()}
|
||||
queryResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &query)
|
||||
if err == nil && queryResult != nil {
|
||||
item.DashboardUID = &queryResult.UID
|
||||
@@ -116,7 +116,7 @@ func (hs *HTTPServer) PostAnnotation(c *contextmodel.ReqContext) response.Respon
|
||||
|
||||
// overwrite dashboardId when dashboardUID is not empty
|
||||
if cmd.DashboardUID != "" {
|
||||
query := dashboards.GetDashboardQuery{OrgID: c.OrgID, UID: cmd.DashboardUID}
|
||||
query := dashboards.GetDashboardQuery{OrgID: c.SignedInUser.GetOrgID(), UID: cmd.DashboardUID}
|
||||
queryResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &query)
|
||||
if err == nil {
|
||||
cmd.DashboardId = queryResult.ID
|
||||
@@ -133,7 +133,7 @@ func (hs *HTTPServer) PostAnnotation(c *contextmodel.ReqContext) response.Respon
|
||||
}
|
||||
|
||||
item := annotations.Item{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
UserID: c.UserID,
|
||||
DashboardID: cmd.DashboardId,
|
||||
PanelID: cmd.PanelId,
|
||||
@@ -215,7 +215,7 @@ func (hs *HTTPServer) PostGraphiteAnnotation(c *contextmodel.ReqContext) respons
|
||||
}
|
||||
|
||||
item := annotations.Item{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
UserID: c.UserID,
|
||||
Epoch: cmd.When * 1000,
|
||||
Text: text,
|
||||
@@ -265,7 +265,7 @@ func (hs *HTTPServer) UpdateAnnotation(c *contextmodel.ReqContext) response.Resp
|
||||
}
|
||||
|
||||
item := annotations.Item{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
UserID: c.UserID,
|
||||
ID: annotationID,
|
||||
Epoch: cmd.Time,
|
||||
@@ -320,7 +320,7 @@ func (hs *HTTPServer) PatchAnnotation(c *contextmodel.ReqContext) response.Respo
|
||||
}
|
||||
|
||||
existing := annotations.Item{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
UserID: c.UserID,
|
||||
ID: annotationID,
|
||||
Epoch: annotation.Time,
|
||||
@@ -373,7 +373,7 @@ func (hs *HTTPServer) MassDeleteAnnotations(c *contextmodel.ReqContext) response
|
||||
}
|
||||
|
||||
if cmd.DashboardUID != "" {
|
||||
query := dashboards.GetDashboardQuery{OrgID: c.OrgID, UID: cmd.DashboardUID}
|
||||
query := dashboards.GetDashboardQuery{OrgID: c.SignedInUser.GetOrgID(), UID: cmd.DashboardUID}
|
||||
queryResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &query)
|
||||
if err == nil {
|
||||
cmd.DashboardId = queryResult.ID
|
||||
@@ -398,13 +398,13 @@ func (hs *HTTPServer) MassDeleteAnnotations(c *contextmodel.ReqContext) response
|
||||
}
|
||||
dashboardId = annotation.DashboardID
|
||||
deleteParams = &annotations.DeleteParams{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
ID: cmd.AnnotationId,
|
||||
}
|
||||
} else {
|
||||
dashboardId = cmd.DashboardId
|
||||
deleteParams = &annotations.DeleteParams{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
DashboardID: cmd.DashboardId,
|
||||
PanelID: cmd.PanelId,
|
||||
}
|
||||
@@ -477,7 +477,7 @@ func (hs *HTTPServer) DeleteAnnotationByID(c *contextmodel.ReqContext) response.
|
||||
}
|
||||
|
||||
err = hs.annotationsRepo.Delete(c.Req.Context(), &annotations.DeleteParams{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
ID: annotationID,
|
||||
})
|
||||
if err != nil {
|
||||
@@ -496,7 +496,7 @@ func (hs *HTTPServer) canSaveAnnotation(c *contextmodel.ReqContext, annotation *
|
||||
}
|
||||
|
||||
func canEditDashboard(c *contextmodel.ReqContext, dashboardID int64) (bool, error) {
|
||||
guard, err := guardian.New(c.Req.Context(), dashboardID, c.OrgID, c.SignedInUser)
|
||||
guard, err := guardian.New(c.Req.Context(), dashboardID, c.SignedInUser.GetOrgID(), c.SignedInUser)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
@@ -539,7 +539,7 @@ func findAnnotationByID(ctx context.Context, repo annotations.Repository, annota
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetAnnotationTags(c *contextmodel.ReqContext) response.Response {
|
||||
query := &annotations.TagsQuery{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
Tag: c.Query("tag"),
|
||||
Limit: c.QueryInt64("limit"),
|
||||
}
|
||||
|
||||
@@ -52,7 +52,7 @@ func (hs *HTTPServer) GetDashboardPermissionList(c *contextmodel.ReqContext) res
|
||||
}
|
||||
}
|
||||
|
||||
dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.OrgID, dashID, dashUID)
|
||||
dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.SignedInUser.GetOrgID(), dashID, dashUID)
|
||||
if rsp != nil {
|
||||
return rsp
|
||||
}
|
||||
@@ -133,7 +133,7 @@ func (hs *HTTPServer) UpdateDashboardPermissions(c *contextmodel.ReqContext) res
|
||||
}
|
||||
}
|
||||
|
||||
dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.OrgID, dashID, dashUID)
|
||||
dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.SignedInUser.GetOrgID(), dashID, dashUID)
|
||||
if rsp != nil {
|
||||
return rsp
|
||||
}
|
||||
@@ -141,7 +141,7 @@ func (hs *HTTPServer) UpdateDashboardPermissions(c *contextmodel.ReqContext) res
|
||||
items := make([]*dashboards.DashboardACL, 0, len(apiCmd.Items))
|
||||
for _, item := range apiCmd.Items {
|
||||
items = append(items, &dashboards.DashboardACL{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
DashboardID: dashID,
|
||||
UserID: item.UserID,
|
||||
TeamID: item.TeamID,
|
||||
|
||||
@@ -121,7 +121,7 @@ func (hs *HTTPServer) CreateDashboardSnapshot(c *contextmodel.ReqContext) respon
|
||||
|
||||
var snapshotUrl string
|
||||
cmd.ExternalURL = ""
|
||||
cmd.OrgID = c.OrgID
|
||||
cmd.OrgID = c.SignedInUser.GetOrgID()
|
||||
cmd.UserID = c.UserID
|
||||
originalDashboardURL, err := createOriginalDashboardURL(&cmd)
|
||||
if err != nil {
|
||||
@@ -364,7 +364,7 @@ func (hs *HTTPServer) DeleteDashboardSnapshot(c *contextmodel.ReqContext) respon
|
||||
dashboardID := queryResult.Dashboard.Get("id").MustInt64()
|
||||
|
||||
if dashboardID != 0 {
|
||||
g, err := guardian.New(c.Req.Context(), dashboardID, c.OrgID, c.SignedInUser)
|
||||
g, err := guardian.New(c.Req.Context(), dashboardID, c.SignedInUser.GetOrgID(), c.SignedInUser)
|
||||
if err != nil {
|
||||
if !errors.Is(err, dashboards.ErrDashboardNotFound) {
|
||||
return response.Err(err)
|
||||
@@ -417,7 +417,7 @@ func (hs *HTTPServer) SearchDashboardSnapshots(c *contextmodel.ReqContext) respo
|
||||
searchQuery := dashboardsnapshots.GetDashboardSnapshotsQuery{
|
||||
Name: query,
|
||||
Limit: limit,
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
SignedInUser: c.SignedInUser,
|
||||
}
|
||||
|
||||
|
||||
@@ -40,7 +40,7 @@ var secretsPluginError datasources.ErrDatasourceSecretsPluginUserFriendly
|
||||
// 403: forbiddenError
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetDataSources(c *contextmodel.ReqContext) response.Response {
|
||||
query := datasources.GetDataSourcesQuery{OrgID: c.OrgID, DataSourceLimit: hs.Cfg.DataSourceLimit}
|
||||
query := datasources.GetDataSourcesQuery{OrgID: c.SignedInUser.GetOrgID(), DataSourceLimit: hs.Cfg.DataSourceLimit}
|
||||
|
||||
dataSources, err := hs.DataSourcesService.GetDataSources(c.Req.Context(), &query)
|
||||
if err != nil {
|
||||
@@ -112,7 +112,7 @@ func (hs *HTTPServer) GetDataSourceById(c *contextmodel.ReqContext) response.Res
|
||||
}
|
||||
query := datasources.GetDataSourceQuery{
|
||||
ID: id,
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
}
|
||||
|
||||
dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query)
|
||||
@@ -129,7 +129,7 @@ func (hs *HTTPServer) GetDataSourceById(c *contextmodel.ReqContext) response.Res
|
||||
dto := hs.convertModelToDtos(c.Req.Context(), dataSource)
|
||||
|
||||
// Add accesscontrol metadata
|
||||
dto.AccessControl = hs.getAccessControlMetadata(c, c.OrgID, datasources.ScopePrefix, dto.UID)
|
||||
dto.AccessControl = hs.getAccessControlMetadata(c, c.SignedInUser.GetOrgID(), datasources.ScopePrefix, dto.UID)
|
||||
|
||||
return response.JSON(http.StatusOK, &dto)
|
||||
}
|
||||
@@ -161,7 +161,7 @@ func (hs *HTTPServer) DeleteDataSourceById(c *contextmodel.ReqContext) response.
|
||||
return response.Error(400, "Missing valid datasource id", nil)
|
||||
}
|
||||
|
||||
ds, err := hs.getRawDataSourceById(c.Req.Context(), id, c.OrgID)
|
||||
ds, err := hs.getRawDataSourceById(c.Req.Context(), id, c.SignedInUser.GetOrgID())
|
||||
if err != nil {
|
||||
if errors.Is(err, datasources.ErrDataSourceNotFound) {
|
||||
return response.Error(404, "Data source not found", nil)
|
||||
@@ -173,7 +173,7 @@ func (hs *HTTPServer) DeleteDataSourceById(c *contextmodel.ReqContext) response.
|
||||
return response.Error(403, "Cannot delete read-only data source", nil)
|
||||
}
|
||||
|
||||
cmd := &datasources.DeleteDataSourceCommand{ID: id, OrgID: c.OrgID, Name: ds.Name}
|
||||
cmd := &datasources.DeleteDataSourceCommand{ID: id, OrgID: c.SignedInUser.GetOrgID(), Name: ds.Name}
|
||||
|
||||
err = hs.DataSourcesService.DeleteDataSource(c.Req.Context(), cmd)
|
||||
if err != nil {
|
||||
@@ -183,7 +183,7 @@ func (hs *HTTPServer) DeleteDataSourceById(c *contextmodel.ReqContext) response.
|
||||
return response.Error(500, "Failed to delete datasource", err)
|
||||
}
|
||||
|
||||
hs.Live.HandleDatasourceDelete(c.OrgID, ds.UID)
|
||||
hs.Live.HandleDatasourceDelete(c.SignedInUser.GetOrgID(), ds.UID)
|
||||
|
||||
return response.Success("Data source deleted")
|
||||
}
|
||||
@@ -203,7 +203,7 @@ func (hs *HTTPServer) DeleteDataSourceById(c *contextmodel.ReqContext) response.
|
||||
// 404: notFoundError
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetDataSourceByUID(c *contextmodel.ReqContext) response.Response {
|
||||
ds, err := hs.getRawDataSourceByUID(c.Req.Context(), web.Params(c.Req)[":uid"], c.OrgID)
|
||||
ds, err := hs.getRawDataSourceByUID(c.Req.Context(), web.Params(c.Req)[":uid"], c.SignedInUser.GetOrgID())
|
||||
|
||||
if err != nil {
|
||||
if errors.Is(err, datasources.ErrDataSourceNotFound) {
|
||||
@@ -215,7 +215,7 @@ func (hs *HTTPServer) GetDataSourceByUID(c *contextmodel.ReqContext) response.Re
|
||||
dto := hs.convertModelToDtos(c.Req.Context(), ds)
|
||||
|
||||
// Add accesscontrol metadata
|
||||
dto.AccessControl = hs.getAccessControlMetadata(c, c.OrgID, datasources.ScopePrefix, dto.UID)
|
||||
dto.AccessControl = hs.getAccessControlMetadata(c, c.SignedInUser.GetOrgID(), datasources.ScopePrefix, dto.UID)
|
||||
|
||||
return response.JSON(http.StatusOK, &dto)
|
||||
}
|
||||
@@ -240,7 +240,7 @@ func (hs *HTTPServer) DeleteDataSourceByUID(c *contextmodel.ReqContext) response
|
||||
return response.Error(400, "Missing datasource uid", nil)
|
||||
}
|
||||
|
||||
ds, err := hs.getRawDataSourceByUID(c.Req.Context(), uid, c.OrgID)
|
||||
ds, err := hs.getRawDataSourceByUID(c.Req.Context(), uid, c.SignedInUser.GetOrgID())
|
||||
if err != nil {
|
||||
if errors.Is(err, datasources.ErrDataSourceNotFound) {
|
||||
return response.Error(404, "Data source not found", nil)
|
||||
@@ -252,7 +252,7 @@ func (hs *HTTPServer) DeleteDataSourceByUID(c *contextmodel.ReqContext) response
|
||||
return response.Error(403, "Cannot delete read-only data source", nil)
|
||||
}
|
||||
|
||||
cmd := &datasources.DeleteDataSourceCommand{UID: uid, OrgID: c.OrgID, Name: ds.Name}
|
||||
cmd := &datasources.DeleteDataSourceCommand{UID: uid, OrgID: c.SignedInUser.GetOrgID(), Name: ds.Name}
|
||||
|
||||
err = hs.DataSourcesService.DeleteDataSource(c.Req.Context(), cmd)
|
||||
if err != nil {
|
||||
@@ -262,7 +262,7 @@ func (hs *HTTPServer) DeleteDataSourceByUID(c *contextmodel.ReqContext) response
|
||||
return response.Error(500, "Failed to delete datasource", err)
|
||||
}
|
||||
|
||||
hs.Live.HandleDatasourceDelete(c.OrgID, ds.UID)
|
||||
hs.Live.HandleDatasourceDelete(c.SignedInUser.GetOrgID(), ds.UID)
|
||||
|
||||
return response.JSON(http.StatusOK, util.DynMap{
|
||||
"message": "Data source deleted",
|
||||
@@ -290,7 +290,7 @@ func (hs *HTTPServer) DeleteDataSourceByName(c *contextmodel.ReqContext) respons
|
||||
return response.Error(400, "Missing valid datasource name", nil)
|
||||
}
|
||||
|
||||
getCmd := &datasources.GetDataSourceQuery{Name: name, OrgID: c.OrgID}
|
||||
getCmd := &datasources.GetDataSourceQuery{Name: name, OrgID: c.SignedInUser.GetOrgID()}
|
||||
dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), getCmd)
|
||||
if err != nil {
|
||||
if errors.Is(err, datasources.ErrDataSourceNotFound) {
|
||||
@@ -303,7 +303,7 @@ func (hs *HTTPServer) DeleteDataSourceByName(c *contextmodel.ReqContext) respons
|
||||
return response.Error(403, "Cannot delete read-only data source", nil)
|
||||
}
|
||||
|
||||
cmd := &datasources.DeleteDataSourceCommand{Name: name, OrgID: c.OrgID}
|
||||
cmd := &datasources.DeleteDataSourceCommand{Name: name, OrgID: c.SignedInUser.GetOrgID()}
|
||||
err = hs.DataSourcesService.DeleteDataSource(c.Req.Context(), cmd)
|
||||
if err != nil {
|
||||
if errors.As(err, &secretsPluginError) {
|
||||
@@ -312,7 +312,7 @@ func (hs *HTTPServer) DeleteDataSourceByName(c *contextmodel.ReqContext) respons
|
||||
return response.Error(500, "Failed to delete datasource", err)
|
||||
}
|
||||
|
||||
hs.Live.HandleDatasourceDelete(c.OrgID, dataSource.UID)
|
||||
hs.Live.HandleDatasourceDelete(c.SignedInUser.GetOrgID(), dataSource.UID)
|
||||
|
||||
return response.JSON(http.StatusOK, util.DynMap{
|
||||
"message": "Data source deleted",
|
||||
@@ -373,7 +373,7 @@ func (hs *HTTPServer) AddDataSource(c *contextmodel.ReqContext) response.Respons
|
||||
}
|
||||
|
||||
datasourcesLogger.Debug("Received command to add data source", "url", cmd.URL)
|
||||
cmd.OrgID = c.OrgID
|
||||
cmd.OrgID = c.SignedInUser.GetOrgID()
|
||||
cmd.UserID = c.UserID
|
||||
if cmd.URL != "" {
|
||||
if resp := validateURL(cmd.Type, cmd.URL); resp != nil {
|
||||
@@ -437,7 +437,7 @@ func (hs *HTTPServer) UpdateDataSourceByID(c *contextmodel.ReqContext) response.
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
datasourcesLogger.Debug("Received command to update data source", "url", cmd.URL)
|
||||
cmd.OrgID = c.OrgID
|
||||
cmd.OrgID = c.SignedInUser.GetOrgID()
|
||||
var err error
|
||||
if cmd.ID, err = strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64); err != nil {
|
||||
return response.Error(http.StatusBadRequest, "id is invalid", err)
|
||||
@@ -481,7 +481,7 @@ func (hs *HTTPServer) UpdateDataSourceByUID(c *contextmodel.ReqContext) response
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
datasourcesLogger.Debug("Received command to update data source", "url", cmd.URL)
|
||||
cmd.OrgID = c.OrgID
|
||||
cmd.OrgID = c.SignedInUser.GetOrgID()
|
||||
if resp := validateURL(cmd.Type, cmd.URL); resp != nil {
|
||||
return resp
|
||||
}
|
||||
@@ -489,7 +489,7 @@ func (hs *HTTPServer) UpdateDataSourceByUID(c *contextmodel.ReqContext) response
|
||||
return response.Error(http.StatusBadRequest, "Failed to update datasource", err)
|
||||
}
|
||||
|
||||
ds, err := hs.getRawDataSourceByUID(c.Req.Context(), web.Params(c.Req)[":uid"], c.OrgID)
|
||||
ds, err := hs.getRawDataSourceByUID(c.Req.Context(), web.Params(c.Req)[":uid"], c.SignedInUser.GetOrgID())
|
||||
if err != nil {
|
||||
if errors.Is(err, datasources.ErrDataSourceNotFound) {
|
||||
return response.Error(http.StatusNotFound, "Data source not found", nil)
|
||||
@@ -524,7 +524,7 @@ func (hs *HTTPServer) updateDataSourceByID(c *contextmodel.ReqContext, ds *datas
|
||||
|
||||
query := datasources.GetDataSourceQuery{
|
||||
ID: cmd.ID,
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
}
|
||||
|
||||
dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query)
|
||||
@@ -537,7 +537,7 @@ func (hs *HTTPServer) updateDataSourceByID(c *contextmodel.ReqContext, ds *datas
|
||||
|
||||
datasourceDTO := hs.convertModelToDtos(c.Req.Context(), dataSource)
|
||||
|
||||
hs.Live.HandleDatasourceUpdate(c.OrgID, datasourceDTO.UID)
|
||||
hs.Live.HandleDatasourceUpdate(c.SignedInUser.GetOrgID(), datasourceDTO.UID)
|
||||
|
||||
return response.JSON(http.StatusOK, util.DynMap{
|
||||
"message": "Datasource updated",
|
||||
@@ -588,7 +588,7 @@ func (hs *HTTPServer) getRawDataSourceByUID(ctx context.Context, uid string, org
|
||||
// 403: forbiddenError
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetDataSourceByName(c *contextmodel.ReqContext) response.Response {
|
||||
query := datasources.GetDataSourceQuery{Name: web.Params(c.Req)[":name"], OrgID: c.OrgID}
|
||||
query := datasources.GetDataSourceQuery{Name: web.Params(c.Req)[":name"], OrgID: c.SignedInUser.GetOrgID()}
|
||||
|
||||
dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query)
|
||||
if err != nil {
|
||||
@@ -616,7 +616,7 @@ func (hs *HTTPServer) GetDataSourceByName(c *contextmodel.ReqContext) response.R
|
||||
// 404: notFoundError
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetDataSourceIdByName(c *contextmodel.ReqContext) response.Response {
|
||||
query := datasources.GetDataSourceQuery{Name: web.Params(c.Req)[":name"], OrgID: c.OrgID}
|
||||
query := datasources.GetDataSourceQuery{Name: web.Params(c.Req)[":name"], OrgID: c.SignedInUser.GetOrgID()}
|
||||
|
||||
ds, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query)
|
||||
if err != nil {
|
||||
|
||||
@@ -45,7 +45,7 @@ func (hs *HTTPServer) GetFolders(c *contextmodel.ReqContext) response.Response {
|
||||
var err error
|
||||
if hs.Features.IsEnabled(featuremgmt.FlagNestedFolders) {
|
||||
folders, err = hs.folderService.GetChildren(c.Req.Context(), &folder.GetChildrenQuery{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
Limit: c.QueryInt64("limit"),
|
||||
Page: c.QueryInt64("page"),
|
||||
UID: c.Query("parentUid"),
|
||||
@@ -84,7 +84,7 @@ func (hs *HTTPServer) GetFolders(c *contextmodel.ReqContext) response.Response {
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetFolderByUID(c *contextmodel.ReqContext) response.Response {
|
||||
uid := web.Params(c.Req)[":uid"]
|
||||
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: &uid, SignedInUser: c.SignedInUser})
|
||||
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
|
||||
if err != nil {
|
||||
return apierrors.ToFolderErrorResponse(err)
|
||||
}
|
||||
@@ -117,7 +117,7 @@ func (hs *HTTPServer) GetFolderByID(c *contextmodel.ReqContext) response.Respons
|
||||
if err != nil {
|
||||
return response.Error(http.StatusBadRequest, "id is invalid", err)
|
||||
}
|
||||
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{ID: &id, OrgID: c.OrgID, SignedInUser: c.SignedInUser})
|
||||
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{ID: &id, OrgID: c.SignedInUser.GetOrgID(), SignedInUser: c.SignedInUser})
|
||||
if err != nil {
|
||||
return apierrors.ToFolderErrorResponse(err)
|
||||
}
|
||||
@@ -147,7 +147,7 @@ func (hs *HTTPServer) CreateFolder(c *contextmodel.ReqContext) response.Response
|
||||
if err := web.Bind(c.Req, &cmd); err != nil {
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
cmd.OrgID = c.OrgID
|
||||
cmd.OrgID = c.SignedInUser.GetOrgID()
|
||||
cmd.SignedInUser = c.SignedInUser
|
||||
|
||||
folder, err := hs.folderService.Create(c.Req.Context(), &cmd)
|
||||
@@ -210,7 +210,7 @@ func (hs *HTTPServer) MoveFolder(c *contextmodel.ReqContext) response.Response {
|
||||
}
|
||||
var err error
|
||||
|
||||
cmd.OrgID = c.OrgID
|
||||
cmd.OrgID = c.SignedInUser.GetOrgID()
|
||||
cmd.UID = web.Params(c.Req)[":uid"]
|
||||
cmd.SignedInUser = c.SignedInUser
|
||||
theFolder, err := hs.folderService.Move(c.Req.Context(), &cmd)
|
||||
@@ -247,7 +247,7 @@ func (hs *HTTPServer) UpdateFolder(c *contextmodel.ReqContext) response.Response
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
|
||||
cmd.OrgID = c.OrgID
|
||||
cmd.OrgID = c.SignedInUser.GetOrgID()
|
||||
cmd.UID = web.Params(c.Req)[":uid"]
|
||||
cmd.SignedInUser = c.SignedInUser
|
||||
result, err := hs.folderService.Update(c.Req.Context(), &cmd)
|
||||
@@ -292,7 +292,7 @@ func (hs *HTTPServer) DeleteFolder(c *contextmodel.ReqContext) response.Response
|
||||
*/
|
||||
|
||||
uid := web.Params(c.Req)[":uid"]
|
||||
err = hs.folderService.Delete(c.Req.Context(), &folder.DeleteFolderCommand{UID: uid, OrgID: c.OrgID, ForceDeleteRules: c.QueryBool("forceDeleteRules"), SignedInUser: c.SignedInUser})
|
||||
err = hs.folderService.Delete(c.Req.Context(), &folder.DeleteFolderCommand{UID: uid, OrgID: c.SignedInUser.GetOrgID(), ForceDeleteRules: c.QueryBool("forceDeleteRules"), SignedInUser: c.SignedInUser})
|
||||
if err != nil {
|
||||
return apierrors.ToFolderErrorResponse(err)
|
||||
}
|
||||
@@ -314,7 +314,7 @@ func (hs *HTTPServer) DeleteFolder(c *contextmodel.ReqContext) response.Response
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetFolderDescendantCounts(c *contextmodel.ReqContext) response.Response {
|
||||
uid := web.Params(c.Req)[":uid"]
|
||||
counts, err := hs.folderService.GetDescendantCounts(c.Req.Context(), &folder.GetDescendantCountsQuery{OrgID: c.OrgID, UID: &uid, SignedInUser: c.SignedInUser})
|
||||
counts, err := hs.folderService.GetDescendantCounts(c.Req.Context(), &folder.GetDescendantCountsQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
|
||||
if err != nil {
|
||||
return apierrors.ToFolderErrorResponse(err)
|
||||
}
|
||||
@@ -324,7 +324,7 @@ func (hs *HTTPServer) GetFolderDescendantCounts(c *contextmodel.ReqContext) resp
|
||||
func (hs *HTTPServer) newToFolderDto(c *contextmodel.ReqContext, f *folder.Folder) (dtos.Folder, error) {
|
||||
ctx := c.Req.Context()
|
||||
toDTO := func(f *folder.Folder, checkCanView bool) (dtos.Folder, error) {
|
||||
g, err := guardian.NewByFolder(c.Req.Context(), f, c.OrgID, c.SignedInUser)
|
||||
g, err := guardian.NewByFolder(c.Req.Context(), f, c.SignedInUser.GetOrgID(), c.SignedInUser)
|
||||
if err != nil {
|
||||
return dtos.Folder{}, err
|
||||
}
|
||||
@@ -409,7 +409,7 @@ func (hs *HTTPServer) getFolderACMetadata(c *contextmodel.ReqContext, f *folder.
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
parents, err := hs.folderService.GetParents(c.Req.Context(), folder.GetParentsQuery{UID: f.UID, OrgID: c.OrgID})
|
||||
parents, err := hs.folderService.GetParents(c.Req.Context(), folder.GetParentsQuery{UID: f.UID, OrgID: c.SignedInUser.GetOrgID()})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -437,7 +437,7 @@ func (hs *HTTPServer) searchFolders(c *contextmodel.ReqContext) ([]*folder.Folde
|
||||
DashboardIds: make([]int64, 0),
|
||||
FolderIds: make([]int64, 0),
|
||||
Limit: c.QueryInt64("limit"),
|
||||
OrgId: c.OrgID,
|
||||
OrgId: c.SignedInUser.GetOrgID(),
|
||||
Type: "dash-folder",
|
||||
Permission: dashboards.PERMISSION_VIEW,
|
||||
Page: c.QueryInt64("page"),
|
||||
|
||||
@@ -28,7 +28,7 @@ import (
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetFolderPermissionList(c *contextmodel.ReqContext) response.Response {
|
||||
uid := web.Params(c.Req)[":uid"]
|
||||
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: &uid, SignedInUser: c.SignedInUser})
|
||||
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
|
||||
|
||||
if err != nil {
|
||||
return apierrors.ToFolderErrorResponse(err)
|
||||
@@ -84,7 +84,7 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *contextmodel.ReqContext) respon
|
||||
}
|
||||
|
||||
uid := web.Params(c.Req)[":uid"]
|
||||
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: &uid, SignedInUser: c.SignedInUser})
|
||||
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
|
||||
if err != nil {
|
||||
return apierrors.ToFolderErrorResponse(err)
|
||||
}
|
||||
@@ -92,7 +92,7 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *contextmodel.ReqContext) respon
|
||||
items := make([]*dashboards.DashboardACL, 0, len(apiCmd.Items))
|
||||
for _, item := range apiCmd.Items {
|
||||
items = append(items, &dashboards.DashboardACL{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
DashboardID: folder.ID,
|
||||
UserID: item.UserID,
|
||||
TeamID: item.TeamID,
|
||||
@@ -110,7 +110,7 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *contextmodel.ReqContext) respon
|
||||
|
||||
items = append(items, hs.filterHiddenACL(c.SignedInUser, acl)...)
|
||||
|
||||
if err := hs.updateDashboardAccessControl(c.Req.Context(), c.OrgID, folder.UID, true, items, acl); err != nil {
|
||||
if err := hs.updateDashboardAccessControl(c.Req.Context(), c.SignedInUser.GetOrgID(), folder.UID, true, items, acl); err != nil {
|
||||
return response.Error(http.StatusInternalServerError, "Failed to create permission", err)
|
||||
}
|
||||
|
||||
|
||||
@@ -6,6 +6,8 @@ import (
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/exp/slices"
|
||||
|
||||
"github.com/grafana/grafana/pkg/api/dtos"
|
||||
"github.com/grafana/grafana/pkg/plugins"
|
||||
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
||||
@@ -19,7 +21,6 @@ import (
|
||||
"github.com/grafana/grafana/pkg/setting"
|
||||
"github.com/grafana/grafana/pkg/tsdb/grafanads"
|
||||
"github.com/grafana/grafana/pkg/util"
|
||||
"golang.org/x/exp/slices"
|
||||
)
|
||||
|
||||
func (hs *HTTPServer) GetFrontendSettings(c *contextmodel.ReqContext) {
|
||||
@@ -34,7 +35,7 @@ func (hs *HTTPServer) GetFrontendSettings(c *contextmodel.ReqContext) {
|
||||
|
||||
// getFrontendSettings returns a json object with all the settings needed for front end initialisation.
|
||||
func (hs *HTTPServer) getFrontendSettings(c *contextmodel.ReqContext) (*dtos.FrontendSettingsDTO, error) {
|
||||
availablePlugins, err := hs.availablePlugins(c.Req.Context(), c.OrgID)
|
||||
availablePlugins, err := hs.availablePlugins(c.Req.Context(), c.SignedInUser.GetOrgID())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -279,8 +280,8 @@ func isSupportBundlesEnabled(hs *HTTPServer) bool {
|
||||
|
||||
func (hs *HTTPServer) getFSDataSources(c *contextmodel.ReqContext, availablePlugins AvailablePlugins) (map[string]plugins.DataSourceDTO, error) {
|
||||
orgDataSources := make([]*datasources.DataSource, 0)
|
||||
if c.OrgID != 0 {
|
||||
query := datasources.GetDataSourcesQuery{OrgID: c.OrgID, DataSourceLimit: hs.Cfg.DataSourceLimit}
|
||||
if c.SignedInUser.GetOrgID() != 0 {
|
||||
query := datasources.GetDataSourcesQuery{OrgID: c.SignedInUser.GetOrgID(), DataSourceLimit: hs.Cfg.DataSourceLimit}
|
||||
dataSources, err := hs.DataSourcesService.GetDataSources(c.Req.Context(), &query)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
@@ -29,7 +29,7 @@ func (hs *HTTPServer) setIndexViewData(c *contextmodel.ReqContext) (*dtos.IndexV
|
||||
return nil, err
|
||||
}
|
||||
|
||||
prefsQuery := pref.GetPreferenceWithDefaultsQuery{UserID: c.UserID, OrgID: c.OrgID, Teams: c.Teams}
|
||||
prefsQuery := pref.GetPreferenceWithDefaultsQuery{UserID: c.UserID, OrgID: c.SignedInUser.GetOrgID(), Teams: c.Teams}
|
||||
prefs, err := hs.preferenceService.GetWithDefaults(c.Req.Context(), &prefsQuery)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -99,7 +99,7 @@ func (hs *HTTPServer) setIndexViewData(c *contextmodel.ReqContext) (*dtos.IndexV
|
||||
Login: c.Login,
|
||||
Email: c.Email,
|
||||
Name: c.Name,
|
||||
OrgId: c.OrgID,
|
||||
OrgId: c.SignedInUser.GetOrgID(),
|
||||
OrgName: c.OrgName,
|
||||
OrgRole: c.OrgRole,
|
||||
OrgCount: userOrgCount,
|
||||
|
||||
@@ -329,7 +329,7 @@ func (hs *HTTPServer) RedirectResponseWithError(c *contextmodel.ReqContext, err
|
||||
func (hs *HTTPServer) redirectURLWithErrorCookie(c *contextmodel.ReqContext, err error) string {
|
||||
setCookie := true
|
||||
if hs.Features.IsEnabled(featuremgmt.FlagIndividualCookiePreferences) {
|
||||
prefsQuery := pref.GetPreferenceWithDefaultsQuery{UserID: c.UserID, OrgID: c.OrgID, Teams: c.Teams}
|
||||
prefsQuery := pref.GetPreferenceWithDefaultsQuery{UserID: c.UserID, OrgID: c.SignedInUser.GetOrgID(), Teams: c.Teams}
|
||||
prefs, err := hs.preferenceService.GetWithDefaults(c.Req.Context(), &prefsQuery)
|
||||
if err != nil {
|
||||
c.Redirect(hs.Cfg.AppSubURL + "/login")
|
||||
|
||||
@@ -12,7 +12,7 @@ import (
|
||||
|
||||
func (hs *HTTPServer) ValidateOrgPlaylist(c *contextmodel.ReqContext) {
|
||||
uid := web.Params(c.Req)[":uid"]
|
||||
query := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.OrgID}
|
||||
query := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.SignedInUser.GetOrgID()}
|
||||
p, err := hs.playlistService.GetWithoutItems(c.Req.Context(), &query)
|
||||
|
||||
if err != nil {
|
||||
@@ -25,7 +25,7 @@ func (hs *HTTPServer) ValidateOrgPlaylist(c *contextmodel.ReqContext) {
|
||||
return
|
||||
}
|
||||
|
||||
if p.OrgId != c.OrgID {
|
||||
if p.OrgId != c.SignedInUser.GetOrgID() {
|
||||
c.JsonApiErr(403, "You are not allowed to edit/view playlist", nil)
|
||||
return
|
||||
}
|
||||
@@ -49,7 +49,7 @@ func (hs *HTTPServer) SearchPlaylists(c *contextmodel.ReqContext) response.Respo
|
||||
searchQuery := playlist.GetPlaylistsQuery{
|
||||
Name: query,
|
||||
Limit: limit,
|
||||
OrgId: c.OrgID,
|
||||
OrgId: c.SignedInUser.GetOrgID(),
|
||||
}
|
||||
|
||||
playlists, err := hs.playlistService.Search(c.Req.Context(), &searchQuery)
|
||||
@@ -72,7 +72,7 @@ func (hs *HTTPServer) SearchPlaylists(c *contextmodel.ReqContext) response.Respo
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetPlaylist(c *contextmodel.ReqContext) response.Response {
|
||||
uid := web.Params(c.Req)[":uid"]
|
||||
cmd := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.OrgID}
|
||||
cmd := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.SignedInUser.GetOrgID()}
|
||||
|
||||
dto, err := hs.playlistService.Get(c.Req.Context(), &cmd)
|
||||
if err != nil {
|
||||
@@ -94,7 +94,7 @@ func (hs *HTTPServer) GetPlaylist(c *contextmodel.ReqContext) response.Response
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetPlaylistItems(c *contextmodel.ReqContext) response.Response {
|
||||
uid := web.Params(c.Req)[":uid"]
|
||||
cmd := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.OrgID}
|
||||
cmd := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.SignedInUser.GetOrgID()}
|
||||
|
||||
dto, err := hs.playlistService.Get(c.Req.Context(), &cmd)
|
||||
if err != nil {
|
||||
@@ -117,7 +117,7 @@ func (hs *HTTPServer) GetPlaylistItems(c *contextmodel.ReqContext) response.Resp
|
||||
func (hs *HTTPServer) DeletePlaylist(c *contextmodel.ReqContext) response.Response {
|
||||
uid := web.Params(c.Req)[":uid"]
|
||||
|
||||
cmd := playlist.DeletePlaylistCommand{UID: uid, OrgId: c.OrgID}
|
||||
cmd := playlist.DeletePlaylistCommand{UID: uid, OrgId: c.SignedInUser.GetOrgID()}
|
||||
if err := hs.playlistService.Delete(c.Req.Context(), &cmd); err != nil {
|
||||
return response.Error(500, "Failed to delete playlist", err)
|
||||
}
|
||||
@@ -140,7 +140,7 @@ func (hs *HTTPServer) CreatePlaylist(c *contextmodel.ReqContext) response.Respon
|
||||
if err := web.Bind(c.Req, &cmd); err != nil {
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
cmd.OrgId = c.OrgID
|
||||
cmd.OrgId = c.SignedInUser.GetOrgID()
|
||||
|
||||
p, err := hs.playlistService.Create(c.Req.Context(), &cmd)
|
||||
if err != nil {
|
||||
@@ -165,7 +165,7 @@ func (hs *HTTPServer) UpdatePlaylist(c *contextmodel.ReqContext) response.Respon
|
||||
if err := web.Bind(c.Req, &cmd); err != nil {
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
cmd.OrgId = c.OrgID
|
||||
cmd.OrgId = c.SignedInUser.GetOrgID()
|
||||
cmd.UID = web.Params(c.Req)[":uid"]
|
||||
|
||||
_, err := hs.playlistService.Update(c.Req.Context(), &cmd)
|
||||
@@ -175,7 +175,7 @@ func (hs *HTTPServer) UpdatePlaylist(c *contextmodel.ReqContext) response.Respon
|
||||
|
||||
dto, err := hs.playlistService.Get(c.Req.Context(), &playlist.GetPlaylistByUidQuery{
|
||||
UID: cmd.UID,
|
||||
OrgId: c.OrgID,
|
||||
OrgId: c.SignedInUser.GetOrgID(),
|
||||
})
|
||||
if err != nil {
|
||||
return response.Error(500, "Failed to load playlist", err)
|
||||
|
||||
@@ -18,7 +18,7 @@ func (hs *HTTPServer) GetPluginDashboards(c *contextmodel.ReqContext) response.R
|
||||
pluginID := web.Params(c.Req)[":pluginId"]
|
||||
|
||||
listReq := &plugindashboards.ListPluginDashboardsRequest{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
PluginID: pluginID,
|
||||
}
|
||||
list, err := hs.pluginDashboardService.ListPluginDashboards(c.Req.Context(), listReq)
|
||||
|
||||
@@ -43,7 +43,7 @@ func (hs *HTTPServer) ProxyPluginRequest(c *contextmodel.ReqContext) {
|
||||
return
|
||||
}
|
||||
|
||||
query := pluginsettings.GetByPluginIDArgs{OrgID: c.OrgID, PluginID: plugin.ID}
|
||||
query := pluginsettings.GetByPluginIDArgs{OrgID: c.SignedInUser.GetOrgID(), PluginID: plugin.ID}
|
||||
ps, err := hs.PluginSettings.GetPluginSettingByPluginID(c.Req.Context(), &query)
|
||||
if err != nil {
|
||||
c.JsonApiErr(http.StatusInternalServerError, "Failed to fetch plugin settings", err)
|
||||
|
||||
@@ -27,7 +27,7 @@ func (hs *HTTPServer) CallResource(c *contextmodel.ReqContext) {
|
||||
}
|
||||
|
||||
func (hs *HTTPServer) callPluginResource(c *contextmodel.ReqContext, pluginID string) {
|
||||
pCtx, err := hs.pluginContextProvider.Get(c.Req.Context(), pluginID, c.SignedInUser, c.OrgID)
|
||||
pCtx, err := hs.pluginContextProvider.Get(c.Req.Context(), pluginID, c.SignedInUser, c.SignedInUser.GetOrgID())
|
||||
if err != nil {
|
||||
if errors.Is(err, plugins.ErrPluginNotRegistered) {
|
||||
c.JsonApiErr(404, "Plugin not found", nil)
|
||||
|
||||
@@ -13,10 +13,11 @@ import (
|
||||
"sort"
|
||||
"strings"
|
||||
|
||||
"github.com/grafana/grafana-plugin-sdk-go/backend"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/prometheus/client_golang/prometheus/promauto"
|
||||
|
||||
"github.com/grafana/grafana-plugin-sdk-go/backend"
|
||||
|
||||
"github.com/grafana/grafana/pkg/api/dtos"
|
||||
"github.com/grafana/grafana/pkg/api/response"
|
||||
"github.com/grafana/grafana/pkg/plugins"
|
||||
@@ -64,7 +65,7 @@ func (hs *HTTPServer) GetPluginList(c *contextmodel.ReqContext) response.Respons
|
||||
ac.EvalPermission(pluginaccesscontrol.ActionInstall),
|
||||
))
|
||||
|
||||
pluginSettingsMap, err := hs.pluginSettings(c.Req.Context(), c.OrgID)
|
||||
pluginSettingsMap, err := hs.pluginSettings(c.Req.Context(), c.SignedInUser.GetOrgID())
|
||||
if err != nil {
|
||||
return response.Error(http.StatusInternalServerError, "Failed to get list of plugins", err)
|
||||
}
|
||||
@@ -205,7 +206,7 @@ func (hs *HTTPServer) GetPluginSettingByID(c *contextmodel.ReqContext) response.
|
||||
|
||||
ps, err := hs.PluginSettings.GetPluginSettingByPluginID(c.Req.Context(), &pluginsettings.GetByPluginIDArgs{
|
||||
PluginID: pluginID,
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
})
|
||||
if err != nil {
|
||||
if !errors.Is(err, pluginsettings.ErrPluginSettingNotFound) {
|
||||
@@ -243,7 +244,7 @@ func (hs *HTTPServer) UpdatePluginSetting(c *contextmodel.ReqContext) response.R
|
||||
return response.Error(404, "Plugin not installed", nil)
|
||||
}
|
||||
|
||||
cmd.OrgId = c.OrgID
|
||||
cmd.OrgId = c.SignedInUser.GetOrgID()
|
||||
cmd.PluginId = pluginID
|
||||
if err := hs.PluginSettings.UpdatePluginSetting(c.Req.Context(), &pluginsettings.UpdateArgs{
|
||||
Enabled: cmd.Enabled,
|
||||
@@ -391,7 +392,7 @@ func (hs *HTTPServer) redirectCDNPluginAsset(c *contextmodel.ReqContext, plugin
|
||||
// /api/plugins/:pluginId/health
|
||||
func (hs *HTTPServer) CheckHealth(c *contextmodel.ReqContext) response.Response {
|
||||
pluginID := web.Params(c.Req)[":pluginId"]
|
||||
pCtx, err := hs.pluginContextProvider.Get(c.Req.Context(), pluginID, c.SignedInUser, c.OrgID)
|
||||
pCtx, err := hs.pluginContextProvider.Get(c.Req.Context(), pluginID, c.SignedInUser, c.SignedInUser.GetOrgID())
|
||||
if err != nil {
|
||||
return response.ErrOrFallback(http.StatusInternalServerError, "Failed to get plugin settings", err)
|
||||
}
|
||||
|
||||
@@ -20,7 +20,7 @@ func (hs *HTTPServer) SetHomeDashboard(c *contextmodel.ReqContext) response.Resp
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
cmd.UserID = c.UserID
|
||||
cmd.OrgID = c.OrgID
|
||||
cmd.OrgID = c.SignedInUser.GetOrgID()
|
||||
|
||||
// the default value of HomeDashboardID is taken from input, when HomeDashboardID is set also,
|
||||
// UID is used in preference to identify dashboard
|
||||
@@ -56,7 +56,7 @@ func (hs *HTTPServer) SetHomeDashboard(c *contextmodel.ReqContext) response.Resp
|
||||
// 401: unauthorisedError
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetUserPreferences(c *contextmodel.ReqContext) response.Response {
|
||||
return hs.getPreferencesFor(c.Req.Context(), c.OrgID, c.UserID, 0)
|
||||
return hs.getPreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), c.UserID, 0)
|
||||
}
|
||||
|
||||
func (hs *HTTPServer) getPreferencesFor(ctx context.Context, orgID, userID, teamID int64) response.Response {
|
||||
@@ -124,7 +124,7 @@ func (hs *HTTPServer) UpdateUserPreferences(c *contextmodel.ReqContext) response
|
||||
if err := web.Bind(c.Req, &dtoCmd); err != nil {
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
return hs.updatePreferencesFor(c.Req.Context(), c.OrgID, c.UserID, 0, &dtoCmd)
|
||||
return hs.updatePreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), c.UserID, 0, &dtoCmd)
|
||||
}
|
||||
|
||||
func (hs *HTTPServer) updatePreferencesFor(ctx context.Context, orgID, userID, teamId int64, dtoCmd *dtos.UpdatePrefsCmd) response.Response {
|
||||
@@ -182,7 +182,7 @@ func (hs *HTTPServer) PatchUserPreferences(c *contextmodel.ReqContext) response.
|
||||
if err := web.Bind(c.Req, &dtoCmd); err != nil {
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
return hs.patchPreferencesFor(c.Req.Context(), c.OrgID, c.UserID, 0, &dtoCmd)
|
||||
return hs.patchPreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), c.UserID, 0, &dtoCmd)
|
||||
}
|
||||
|
||||
func (hs *HTTPServer) patchPreferencesFor(ctx context.Context, orgID, userID, teamId int64, dtoCmd *dtos.PatchPrefsCmd) response.Response {
|
||||
@@ -238,7 +238,7 @@ func (hs *HTTPServer) patchPreferencesFor(ctx context.Context, orgID, userID, te
|
||||
// 403: forbiddenError
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetOrgPreferences(c *contextmodel.ReqContext) response.Response {
|
||||
return hs.getPreferencesFor(c.Req.Context(), c.OrgID, 0, 0)
|
||||
return hs.getPreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), 0, 0)
|
||||
}
|
||||
|
||||
// swagger:route PUT /org/preferences org_preferences updateOrgPreferences
|
||||
@@ -257,7 +257,7 @@ func (hs *HTTPServer) UpdateOrgPreferences(c *contextmodel.ReqContext) response.
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
|
||||
return hs.updatePreferencesFor(c.Req.Context(), c.OrgID, 0, 0, &dtoCmd)
|
||||
return hs.updatePreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), 0, 0, &dtoCmd)
|
||||
}
|
||||
|
||||
// swagger:route PATCH /org/preferences org_preferences patchOrgPreferences
|
||||
@@ -275,7 +275,7 @@ func (hs *HTTPServer) PatchOrgPreferences(c *contextmodel.ReqContext) response.R
|
||||
if err := web.Bind(c.Req, &dtoCmd); err != nil {
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
return hs.patchPreferencesFor(c.Req.Context(), c.OrgID, 0, 0, &dtoCmd)
|
||||
return hs.patchPreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), 0, 0, &dtoCmd)
|
||||
}
|
||||
|
||||
// swagger:parameters updateUserPreferences
|
||||
|
||||
@@ -23,7 +23,7 @@ import (
|
||||
// 404: notFoundError
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetCurrentOrgQuotas(c *contextmodel.ReqContext) response.Response {
|
||||
return hs.getOrgQuotasHelper(c, c.OrgID)
|
||||
return hs.getOrgQuotasHelper(c, c.SignedInUser.GetOrgID())
|
||||
}
|
||||
|
||||
// swagger:route GET /orgs/{org_id}/quotas orgs getOrgQuota
|
||||
|
||||
@@ -58,7 +58,7 @@ func (hs *HTTPServer) RenderToPng(c *contextmodel.ReqContext) {
|
||||
Timeout: time.Duration(timeout) * time.Second,
|
||||
},
|
||||
AuthOpts: rendering.AuthOpts{
|
||||
OrgID: c.OrgID,
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
UserID: c.UserID,
|
||||
OrgRole: c.OrgRole,
|
||||
},
|
||||
|
||||
@@ -76,7 +76,7 @@ func (hs *HTTPServer) Search(c *contextmodel.ReqContext) response.Response {
|
||||
Limit: limit,
|
||||
Page: page,
|
||||
IsStarred: starred == "true",
|
||||
OrgId: c.OrgID,
|
||||
OrgId: c.SignedInUser.GetOrgID(),
|
||||
DashboardIds: dbIDs,
|
||||
DashboardUIDs: dbUIDs,
|
||||
Type: dashboardType,
|
||||
|
||||
@@ -26,7 +26,7 @@ func (hs *HTTPServer) createShortURL(c *contextmodel.ReqContext) response.Respon
|
||||
return response.Err(err)
|
||||
}
|
||||
|
||||
url := fmt.Sprintf("%s/goto/%s?orgId=%d", strings.TrimSuffix(setting.AppUrl, "/"), shortURL.Uid, c.OrgID)
|
||||
url := fmt.Sprintf("%s/goto/%s?orgId=%d", strings.TrimSuffix(setting.AppUrl, "/"), shortURL.Uid, c.SignedInUser.GetOrgID())
|
||||
c.Logger.Debug("Created short URL", "url", url)
|
||||
|
||||
dto := dtos.ShortURL{
|
||||
|
||||
@@ -34,7 +34,7 @@ func (hs *HTTPServer) GetTeamMembers(c *contextmodel.ReqContext) response.Respon
|
||||
return response.Error(http.StatusBadRequest, "teamId is invalid", err)
|
||||
}
|
||||
|
||||
query := team.GetTeamMembersQuery{OrgID: c.OrgID, TeamID: teamId, SignedInUser: c.SignedInUser}
|
||||
query := team.GetTeamMembersQuery{OrgID: c.SignedInUser.GetOrgID(), TeamID: teamId, SignedInUser: c.SignedInUser}
|
||||
|
||||
queryResult, err := hs.teamService.GetTeamMembers(c.Req.Context(), &query)
|
||||
if err != nil {
|
||||
@@ -77,13 +77,13 @@ func (hs *HTTPServer) AddTeamMember(c *contextmodel.ReqContext) response.Respons
|
||||
if err := web.Bind(c.Req, &cmd); err != nil {
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
cmd.OrgID = c.OrgID
|
||||
cmd.OrgID = c.SignedInUser.GetOrgID()
|
||||
cmd.TeamID, err = strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64)
|
||||
if err != nil {
|
||||
return response.Error(http.StatusBadRequest, "teamId is invalid", err)
|
||||
}
|
||||
|
||||
isTeamMember, err := hs.teamService.IsTeamMember(c.OrgID, cmd.TeamID, cmd.UserID)
|
||||
isTeamMember, err := hs.teamService.IsTeamMember(c.SignedInUser.GetOrgID(), cmd.TeamID, cmd.UserID)
|
||||
if err != nil {
|
||||
return response.Error(500, "Failed to add team member.", err)
|
||||
}
|
||||
@@ -124,7 +124,7 @@ func (hs *HTTPServer) UpdateTeamMember(c *contextmodel.ReqContext) response.Resp
|
||||
if err != nil {
|
||||
return response.Error(http.StatusBadRequest, "userId is invalid", err)
|
||||
}
|
||||
orgId := c.OrgID
|
||||
orgId := c.SignedInUser.GetOrgID()
|
||||
|
||||
isTeamMember, err := hs.teamService.IsTeamMember(orgId, teamId, userId)
|
||||
if err != nil {
|
||||
@@ -162,7 +162,7 @@ func getPermissionName(permission dashboards.PermissionType) string {
|
||||
// 404: notFoundError
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) RemoveTeamMember(c *contextmodel.ReqContext) response.Response {
|
||||
orgId := c.OrgID
|
||||
orgId := c.SignedInUser.GetOrgID()
|
||||
teamId, err := strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64)
|
||||
if err != nil {
|
||||
return response.Error(http.StatusBadRequest, "teamId is invalid", err)
|
||||
|
||||
Reference in New Issue
Block a user