mirror of
https://github.com/grafana/grafana.git
synced 2025-02-14 17:43:35 -06:00
605d056136
* * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com> |
||
|---|---|---|
| .. | ||
| accesscontrol | ||
| alerting | ||
| annotations | ||
| auth | ||
| cleanup | ||
| contexthandler | ||
| dashboardimport | ||
| dashboards | ||
| dashboardsnapshots | ||
| datasourceproxy | ||
| datasources | ||
| encryption | ||
| featuremgmt | ||
| guardian | ||
| hooks | ||
| kmsproviders | ||
| ldap | ||
| libraryelements | ||
| librarypanels | ||
| licensing | ||
| live | ||
| login | ||
| multildap | ||
| ngalert | ||
| notifications | ||
| oauthtoken | ||
| plugindashboards | ||
| pluginsettings | ||
| provisioning | ||
| query | ||
| queryhistory | ||
| quota | ||
| rendering | ||
| schemaloader | ||
| search | ||
| searchusers | ||
| secrets | ||
| serviceaccounts | ||
| shorturls | ||
| sqlstore | ||
| teamguardian | ||
| thumbs | ||
| updatechecker | ||
| validations | ||