Snapshots: Disallow anonymous user to create snapshots (#31263)

pkg/middleware/auth.go

@@ -119,15 +119,17 @@ func AdminOrFeatureEnabled(enabled bool) macaron.Handler {
 	}
 }
 
+// SnapshotPublicModeOrSignedIn creates a middleware that allows access
+// if snapshot public mode is enabled or if user is signed in.
 func SnapshotPublicModeOrSignedIn(cfg *setting.Cfg) macaron.Handler {
 	return func(c *models.ReqContext) {
 		if cfg.SnapshotPublicMode {
 			return
 		}
 
-		_, err := c.Invoke(ReqSignedIn)
+		if !c.IsSignedIn {
-		if err != nil {
+			notAuthorized(c)
-			c.JsonApiErr(500, "Failed to invoke required signed in middleware", err)
+			return
 		}
 	}
 }

pkg/middleware/auth_test.go

@@ -87,11 +87,22 @@ func TestMiddlewareAuth(t *testing.T) {
 
 	middlewareScenario(t, "Snapshot public mode disabled and unauthenticated request should return 401", func(
 		t *testing.T, sc *scenarioContext) {
-		sc.m.Get("/api/snapshot", SnapshotPublicModeOrSignedIn(sc.cfg), sc.defaultHandler)
+		sc.m.Get("/api/snapshot", func(c *models.ReqContext) {
+			c.IsSignedIn = false
+		}, SnapshotPublicModeOrSignedIn(sc.cfg), sc.defaultHandler)
 		sc.fakeReq("GET", "/api/snapshot").exec()
 		assert.Equal(t, 401, sc.resp.Code)
 	})
 
+	middlewareScenario(t, "Snapshot public mode disabled and authenticated request should return 200", func(
+		t *testing.T, sc *scenarioContext) {
+		sc.m.Get("/api/snapshot", func(c *models.ReqContext) {
+			c.IsSignedIn = true
+		}, SnapshotPublicModeOrSignedIn(sc.cfg), sc.defaultHandler)
+		sc.fakeReq("GET", "/api/snapshot").exec()
+		assert.Equal(t, 200, sc.resp.Code)
+	})
+
 	middlewareScenario(t, "Snapshot public mode enabled and unauthenticated request should return 200", func(
 		t *testing.T, sc *scenarioContext) {
 		sc.cfg.SnapshotPublicMode = true

public/app/features/dashboard/components/ShareModal/ShareModal.tsx

@@ -6,21 +6,7 @@ import { ShareSnapshot } from './ShareSnapshot';
 import { ShareExport } from './ShareExport';
 import { ShareEmbed } from './ShareEmbed';
 import { ShareModalTabModel } from './types';
-
+import { contextSrv } from 'app/core/core';
-const shareCommonTabs: ShareModalTabModel[] = [
-  { label: 'Link', value: 'link', component: ShareLink },
-  { label: 'Snapshot', value: 'snapshot', component: ShareSnapshot },
-];
-
-// prettier-ignore
-const shareDashboardTabs: ShareModalTabModel[] = [
-  { label: 'Export', value: 'export', component: ShareExport },
-];
-
-// prettier-ignore
-const sharePanelTabs: ShareModalTabModel[] = [
-  { label: 'Embed', value: 'embed', component: ShareEmbed },
-];
 
 const customDashboardTabs: ShareModalTabModel[] = [];
 const customPanelTabs: ShareModalTabModel[] = [];
@@ -43,13 +29,18 @@ function getInitialState(props: Props): State {
 
 function getTabs(props: Props) {
   const { panel } = props;
-  const tabs = [...shareCommonTabs];
+
+  const tabs: ShareModalTabModel[] = [{ label: 'Link', value: 'link', component: ShareLink }];
+
+  if (contextSrv.isSignedIn) {
+    tabs.push({ label: 'Snapshot', value: 'snapshot', component: ShareSnapshot });
+  }
 
   if (panel) {
-    tabs.push(...sharePanelTabs);
+    tabs.push({ label: 'Embed', value: 'embed', component: ShareEmbed });
     tabs.push(...customPanelTabs);
   } else {
-    tabs.push(...shareDashboardTabs);
+    tabs.push({ label: 'Export', value: 'export', component: ShareExport });
     tabs.push(...customDashboardTabs);
   }