IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

API: Restrict anonymous user information access (#18422)

Browse Source 
Existing /api/alert-notifications now requires at least editor access.
Existing /api/alert-notifiers now requires at least editor access.
New /api/alert-notifications/lookup returns less information than
/api/alert-notifications and can be access by any authenticated user.
Existing /api/org/users now requires org admin role.
New /api/org/users/lookup returns less information than
/api/org/users and can be access by users that are org admins,
admin in any folder or admin of any team.
UserPicker component now uses /api/org/users/lookup instead
of /api/org/users.

Fixes #17318
This commit is contained in:
Marcus Efraimsson
2019-08-12 20:03:48 +02:00
committed by GitHub
parent ab17015794
commit 8fd153edb7
18 changed files with 621 additions and 326 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
public/app/features/alerting/AlertTabCtrl.ts
View File

@@ -71,7 +71,7 @@ export class AlertTabCtrl {
this.alertNotifications = [];
this.alertHistory = [];
return this.backendSrv.get('/api/alert-notifications').then((res: any) => {
return this.backendSrv.get('/api/alert-notifications/lookup').then((res: any) => {
this.notifications = res;
this.initModel();