IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Don't refetch permissions when searching for users in authenticated org (#84546)

Browse Source 
Don't refetch permissions when searching for users in authenticated org
This commit is contained in:
Karl Persson 2024-03-15 10:36:16 +01:00 committed by GitHub
parent 25631fd107
commit ebf455d107
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/api/org_users.go
View File

@ -324,10 +324,13 @@ func (hs *HTTPServer) searchOrgUsersHelper(c *contextmodel.ReqContext, query *or
// Get accesscontrol metadata and IPD labels for users in the target org
accessControlMetadata := map[string]accesscontrol.Metadata{}
if c.QueryBool("accesscontrol") {
permissionsList, err := hs.accesscontrolService.GetUserPermissionsInOrg(c.Req.Context(), c.SignedInUser, query.OrgID)
permissions := accesscontrol.GroupScopesByAction(permissionsList)
if err != nil {
return nil, err
permissions := c.SignedInUser.GetPermissions()
if query.OrgID != c.SignedInUser.GetOrgID() {
permissionsList, err := hs.accesscontrolService.GetUserPermissionsInOrg(c.Req.Context(), c.SignedInUser, query.OrgID)
if err != nil {
return nil, err
}
permissions = accesscontrol.GroupScopesByAction(permissionsList)
}
accessControlMetadata = accesscontrol.GetResourcesMetadata(c.Req.Context(), permissions, "users:id:", userIDs)
}