dashfolders: security for png rendering

2025-02-25 18:55:37 -06:00 · 2017-06-22 01:23:36 +02:00
parent 659a59107e
commit f68d2816ab
3 changed files with 9 additions and 3 deletions
--- a/pkg/components/renderer/renderer.go
+++ b/pkg/components/renderer/renderer.go
@@ -15,6 +15,7 @@ import (

 	"github.com/grafana/grafana/pkg/log"
 	"github.com/grafana/grafana/pkg/middleware"
+	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/util"
 )
@@ -25,6 +26,8 @@ type RenderOpts struct {
 	Height   string
 	Timeout  string
 	OrgId    int64
+	UserId   int64
+	OrgRole  models.RoleType
 	Timezone string
 }

@@ -72,7 +75,7 @@ func RenderToPng(params *RenderOpts) (string, error) {
 	pngPath, _ := filepath.Abs(filepath.Join(setting.ImagesDir, util.GetRandomString(20)))
 	pngPath = pngPath + ".png"

-	renderKey := middleware.AddRenderAuthKey(params.OrgId)
+	renderKey := middleware.AddRenderAuthKey(params.OrgId, params.UserId, params.OrgRole)
 	defer middleware.RemoveRenderAuthKey(renderKey)

 	cmdArgs := []string{