IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-03 12:11:09 -06:00
Code Issues Packages Projects Releases Wiki Activity
01b88adb3a
grafana/pkg/models
History
Dimitris Sotirakis 605d056136
Security: Sync security changes on main (#45083) 
* * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search
* Teams: Ensure that users searching for teams are only able see teams they have access to
* Teams: Require teamGuardian admin privileges to list team members
* Teams: Prevent org viewers from administering teams
* Teams: Add org_id condition to team count query
* Teams: clarify permission requirements in teams api docs
* Teams: expand scenarios for team search tests
* Teams: mock teamGuardian in tests

Co-authored-by: Dan Cech <dcech@grafana.com>

* remove duplicate WHERE statement

* Fix for CVE-2022-21702

(cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e)

* Lint and test fixes

(cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981)

* check content type properly

(cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98)

* basic csrf origin check

(cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1)

* compare origin to host

(cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42)

* simplify url parsing

(cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d)

* check csrf for GET requests, only compare origin

(cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709)

* parse content type properly

(cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0)

* mentioned get in the comment

(cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345)

* add content-type: application/json to test HTTP requests

* fix pluginproxy test

* Fix linter when comparing errors

Co-authored-by: Kevin Minehart <kmineh0151@gmail.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
2022-02-09 13:44:38 +01:00
..
address.go feat(organization): added update org address to http api and to org details settings view, closes #2672 2015-09-08 14:22:44 +02:00
alert_notifications.go API: Extract OpenAPI specification from source code using go-swagger (#40528) 2022-02-08 13:38:43 +01:00
alert_test.go Chore: Rewrite models alert test to standard library (#30021) 2021-01-01 13:18:47 +01:00
alert.go Refactor: Change sqlstore.inTransaction to SQLStore.WithTransactionalDBSession in alert files (#43815) 2022-01-19 19:25:52 +00:00
apikey.go Add/Delete API keys to Service accounts (#44871) 2022-02-07 14:51:54 +01:00
context_test.go Chore: replace macaron with web package (#40136) 2021-10-11 14:30:59 +02:00
context.go Application: Make error-template title configurable (#40310) 2021-10-13 08:35:01 +02:00
dashboard_acl_test.go Chore: Rewrite models dashboard acl test to standard library (#30022) 2021-01-01 13:22:48 +01:00
dashboard_acl.go Forbid creation of dashboard permissions with both a user and a team (#40104) 2021-10-13 12:16:58 -06:00
dashboard_snapshot.go API: Extract OpenAPI specification from source code using go-swagger (#40528) 2022-02-08 13:38:43 +01:00
dashboard_thumbs.go Dash previews: populate crawler queue from SQL query (#44083) 2022-02-09 13:23:32 +04:00
dashboard_version.go Chore: Fix staticcheck issues (#28860) 2020-11-05 13:07:06 +01:00
dashboards_test.go Chore: Rewrite models dashboards test to standard library (#30023) 2021-01-01 13:29:40 +01:00
dashboards.go Dash previews: populate crawler queue from SQL query (#44083) 2022-02-09 13:23:32 +04:00
datasource.go API: Extract OpenAPI specification from source code using go-swagger (#40528) 2022-02-08 13:38:43 +01:00
folders.go API: Extract OpenAPI specification from source code using go-swagger (#40528) 2022-02-08 13:38:43 +01:00
health.go feat: added api health endpoint that does not require auth and never creates sessions, returns db status as well. #3302 2017-04-25 17:17:45 +02:00
helpflags.go Chore: Remove unused Go code (#28852) 2020-11-17 11:51:31 +01:00
jwt.go Migrate to Wire for dependency injection (#32289) 2021-08-25 15:11:22 +02:00
libraryelements.go LibraryElements: Creates usage stats for panels and variables (#34476) 2021-05-24 06:11:01 +02:00
licensing.go FeatureFlags: Revert managing feature flags outside of settings.Cfg (#44382) 2022-01-24 16:08:05 +01:00
live.go Live: proxy subscribe data for subscribe and runstream plugin calls (#42824) 2021-12-14 20:12:00 +03:00
login_attempt.go login: uses epochs for login throtting. 2018-02-16 17:25:46 +01:00
models.go Okta OAuth provider (team sync support) (#22972) 2020-04-02 17:35:48 +03:00
notifications.go Email: Allow configuration of content types for email notifications (#34530) 2021-07-19 13:31:51 +03:00
org_user.go ServiceAccounts: Add detail view of service account (#44164) 2022-01-19 10:23:46 +01:00
org.go Chore: Fix staticcheck issues (#28860) 2020-11-05 13:07:06 +01:00
playlist.go Chore: Remove unused Go code (#28852) 2020-11-17 11:51:31 +01:00
plugin_settings.go Encryption: Refactor securejsondata.SecureJsonData to stop relying on global functions (#38865) 2021-10-07 17:33:50 +03:00
preferences.go Dashboard: Add week start option to global and dashboard preferences (#40010) 2021-10-18 10:27:14 -03:00
quotas.go Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and disabling them for specific organisations (#38746) 2021-09-29 16:16:40 +02:00
search_user_filter.go Create search filters by interface (#39843) 2021-10-07 16:06:16 +02:00
shorturl.go Short URL: Cleanup unvisited/stale short URLs (#28867) 2020-11-09 18:08:16 +01:00
star.go Chore: Fix staticcheck issues (#28860) 2020-11-05 13:07:06 +01:00
stats.go Usage stats: Count API keys (#42883) 2021-12-22 17:37:45 +01:00
tags_test.go Chore: Rewrite models tags test to standard library (#30041) 2021-01-05 17:20:41 +01:00
tags.go Create annotations (#8197) 2017-10-07 10:31:39 +02:00
team_member.go AccessControl: Implement teams resource service (#43951) 2022-01-26 14:48:41 +00:00
team.go Security: Sync security changes on main (#45083) 2022-02-09 13:44:38 +01:00
temp_user.go Users: Expire old user invites (#27361) 2020-10-13 12:30:09 +02:00
theme.go Dash previews: populate crawler queue from SQL query (#44083) 2022-02-09 13:23:32 +04:00
user_auth.go LDAP: Use an interface instead of a bus to get group teams (#42165) 2022-02-01 12:03:21 +01:00
user_token.go Migrate to Wire for dependency injection (#32289) 2021-08-25 15:11:22 +02:00
user.go AccessControl: Present user edit actions according to AC metadata (#43602) 2022-01-05 09:59:17 +01:00
validations.go Plugins: Requests validator (#30445) 2021-02-03 20:47:45 +01:00