opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-09-21 08:02:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102)

Browse Source 
* Access control: adding FGAC to annotation GET endpoints and fixed roles

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
This commit is contained in:
Ezequiel Victorero
2022-02-11 15:43:29 -03:00
committed by GitHub
parent 1a9638c363
commit 4f815e3d8e
5 changed files with 157 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
pkg/api/annotations.go
View File

@ -173,10 +173,15 @@ func UpdateAnnotation(c *models.ReqContext) response.Response {
repo := annotations.GetRepository()
if resp := canSave(c, repo, annotationID); resp != nil {
annotation, resp := findAnnotationByID(repo, annotationID, c.OrgId)
if resp != nil {
return resp
}
if canSave, err := canSaveByDashboardID(c, annotation.DashboardId); err != nil || !canSave {
return dashboardGuardianResponse(err)
}
item := annotations.Item{
OrgId: c.OrgId,
UserId: c.UserId,
@ -206,24 +211,23 @@ func PatchAnnotation(c *models.ReqContext) response.Response {
repo := annotations.GetRepository()
if resp := canSave(c, repo, annotationID); resp != nil {
annotation, resp := findAnnotationByID(repo, annotationID, c.OrgId)
if resp != nil {
return resp
}
items, err := repo.Find(&annotations.ItemQuery{AnnotationId: annotationID, OrgId: c.OrgId})
if err != nil || len(items) == 0 {
return response.Error(404, "Could not find annotation to update", err)
if canSave, err := canSaveByDashboardID(c, annotation.DashboardId); err != nil || !canSave {
return dashboardGuardianResponse(err)
}
existing := annotations.Item{
OrgId: c.OrgId,
UserId: c.UserId,
Id: annotationID,
Epoch: items[0].Time,
EpochEnd: items[0].TimeEnd,
Text: items[0].Text,
Tags: items[0].Tags,
Epoch: annotation.Time,
EpochEnd: annotation.TimeEnd,
Text: annotation.Text,
Tags: annotation.Tags,
}
if cmd.Tags != nil {
@ -271,16 +275,22 @@ func DeleteAnnotations(c *models.ReqContext) response.Response {
}
func DeleteAnnotationByID(c *models.ReqContext) response.Response {
repo := annotations.GetRepository()
annotationID, err := strconv.ParseInt(web.Params(c.Req)[":annotationId"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "annotationId is invalid", err)
}
if resp := canSave(c, repo, annotationID); resp != nil {
repo := annotations.GetRepository()
annotation, resp := findAnnotationByID(repo, annotationID, c.OrgId)
if resp != nil {
return resp
}
if canSave, err := canSaveByDashboardID(c, annotation.DashboardId); err != nil || !canSave {
return dashboardGuardianResponse(err)
}
err = repo.Delete(&annotations.DeleteParams{
OrgId: c.OrgId,
Id: annotationID,
@ -307,19 +317,18 @@ func canSaveByDashboardID(c *models.ReqContext, dashboardID int64) (bool, error)
return true, nil
}
func canSave(c *models.ReqContext, repo annotations.Repository, annotationID int64) response.Response {
items, err := repo.Find(&annotations.ItemQuery{AnnotationId: annotationID, OrgId: c.OrgId})
if err != nil || len(items) == 0 {
return response.Error(500, "Could not find annotation to update", err)
func findAnnotationByID(repo annotations.Repository, annotationID int64, orgID int64) (*annotations.ItemDTO, response.Response) {
items, err := repo.Find(&annotations.ItemQuery{AnnotationId: annotationID, OrgId: orgID})
if err != nil {
return nil, response.Error(500, "Failed to find annotation", err)
}
dashboardID := items[0].DashboardId
if canSave, err := canSaveByDashboardID(c, dashboardID); err != nil || !canSave {
return dashboardGuardianResponse(err)
if len(items) == 0 {
return nil, response.Error(404, "Annotation not found", nil)
}
return nil
return items[0], nil
}
func GetAnnotationTags(c *models.ReqContext) response.Response {