IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Annotations: only set userID if caller is a user or service account (#91898)

Browse Source 
* Ignore errors when extracting current user id

* Only set userID if caller is user or service account

* Fix patch api
This commit is contained in:
Karl Persson
2024-08-14 16:07:15 +02:00
committed by GitHub
parent db5d8f03b7
commit e9bb3b4d73
1 changed files with 5 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
pkg/api/annotations.go
View File

@@ -9,6 +9,7 @@ import (
"github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/api/response"
"github.com/grafana/grafana/pkg/apimachinery/identity"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/annotations"
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
@@ -140,12 +141,7 @@ func (hs *HTTPServer) PostAnnotation(c *contextmodel.ReqContext) response.Respon
return response.Error(http.StatusBadRequest, "Failed to save annotation", err)
}
// nolint:staticcheck
userID, err := c.SignedInUser.GetInternalID()
if err != nil {
return response.Error(http.StatusInternalServerError, "Failed to save annotation", err)
}
userID, _ := identity.UserIdentifier(c.GetID())
item := annotations.Item{
OrgID: c.SignedInUser.GetOrgID(),
UserID: userID,
@@ -228,12 +224,7 @@ func (hs *HTTPServer) PostGraphiteAnnotation(c *contextmodel.ReqContext) respons
return response.Error(http.StatusBadRequest, "Failed to save Graphite annotation", err)
}
// nolint:staticcheck
userID, err := c.SignedInUser.GetInternalID()
if err != nil {
return response.Error(http.StatusInternalServerError, "Failed to save Graphite annotation", err)
}
userID, _ := identity.UserIdentifier(c.GetID())
item := annotations.Item{
OrgID: c.SignedInUser.GetOrgID(),
UserID: userID,
@@ -286,12 +277,7 @@ func (hs *HTTPServer) UpdateAnnotation(c *contextmodel.ReqContext) response.Resp
}
}
// nolint:staticcheck
userID, err := c.SignedInUser.GetInternalID()
if err != nil {
return response.Error(http.StatusInternalServerError, "Failed to update annotation", err)
}
userID, _ := identity.UserIdentifier(c.GetID())
item := annotations.Item{
OrgID: c.SignedInUser.GetOrgID(),
UserID: userID,
@@ -349,12 +335,7 @@ func (hs *HTTPServer) PatchAnnotation(c *contextmodel.ReqContext) response.Respo
}
}
// nolint:staticcheck
userID, err := c.SignedInUser.GetInternalID()
if err != nil {
return response.Error(http.StatusInternalServerError, "Failed to update annotation", err)
}
userID, _ := identity.UserIdentifier(c.GetID())
existing := annotations.Item{
OrgID: c.SignedInUser.GetOrgID(),
UserID: userID,