IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-01-18 20:43:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

Access Control: Correctly check for id suffix (#46824)

Browse Source 
* Correctly check for id suffix
This commit is contained in:
Karl Persson 2022-03-22 13:48:15 +01:00 committed by GitHub
parent 8159379ba6
commit bfb03d779d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/services/accesscontrol/filter.go
View File

@ -94,7 +94,7 @@ func parseScopes(prefix string, scopes []string) (ids map[interface{}]struct{},
}
parser := parseStringAttribute
if strings.HasSuffix(prefix, "id:") {
if strings.HasSuffix(prefix, ":id:") {
parser = parseIntAttribute
}

16
pkg/services/accesscontrol/filter_test.go
View File

@ -141,11 +141,23 @@ func TestFilter_Datasources(t *testing.T) {
expectedDataSources: []string{"ds:3", "ds:7"},
expectErr: false,
},
{
desc: "expect to be filtered by uids",
sqlID: "data_source.uid",
prefix: "datasources:uid:",
actions: []string{"datasources:read"},
permissions: map[string][]string{
"datasources:read": {"datasources:uid:uid3", "datasources:uid:uid7"},
},
expectedDataSources: []string{"ds:3", "ds:7"},
expectErr: false,
},
}
// set sqlIDAcceptList before running tests
restore := accesscontrol.SetAcceptListForTest(map[string]struct{}{
"data_source.id": {},
"data_source.id": {},
"data_source.uid": {},
})
defer restore()
@ -158,7 +170,7 @@ func TestFilter_Datasources(t *testing.T) {
// seed 10 data sources
for i := 1; i <= 10; i++ {
err := store.AddDataSource(context.Background(), &models.AddDataSourceCommand{Name: fmt.Sprintf("ds:%d", i)})
err := store.AddDataSource(context.Background(), &models.AddDataSourceCommand{Name: fmt.Sprintf("ds:%d", i), Uid: fmt.Sprintf("uid%d", i)})
require.NoError(t, err)
}