IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix CreateTeam api endpoint

Browse Source 
No team member should be created for requests
authenticated by API tokens.
This commit is contained in:
Sofia Papagiannaki 2019-07-24 13:48:49 +03:00
parent 3145a1dd29
commit 9fcc4e67f5
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/api/team.go
View File

@ -23,7 +23,7 @@ func (hs *HTTPServer) CreateTeam(c *m.ReqContext, cmd m.CreateTeamCommand) Respo
return Error(500, "Failed to create Team", err) return Error(500, "Failed to create Team", err)
} }
if c.OrgRole == m.ROLE_EDITOR && hs.Cfg.EditorsCanAdmin { if c.OrgRole == m.ROLE_EDITOR && hs.Cfg.EditorsCanAdmin && !c.SignedInUser.IsAnonymous {
addMemberCmd := m.AddTeamMemberCommand{ addMemberCmd := m.AddTeamMemberCommand{
UserId: c.SignedInUser.UserId, UserId: c.SignedInUser.UserId,
OrgId: cmd.OrgId, OrgId: cmd.OrgId,

2
pkg/middleware/middleware.go
View File

@ -132,7 +132,7 @@ func initContextWithApiKey(ctx *models.ReqContext) bool {
} }
ctx.IsSignedIn = true ctx.IsSignedIn = true
ctx.SignedInUser = &models.SignedInUser{} ctx.SignedInUser = &models.SignedInUser{IsAnonymous: true}
ctx.OrgRole = apikey.Role ctx.OrgRole = apikey.Role
ctx.ApiKeyId = apikey.Id ctx.ApiKeyId = apikey.Id
ctx.OrgId = apikey.OrgId ctx.OrgId = apikey.OrgId