opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-08-06 03:19:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

API: Restrict anonymous user information access (#18422)

Browse Source 
Existing /api/alert-notifications now requires at least editor access.
Existing /api/alert-notifiers now requires at least editor access.
New /api/alert-notifications/lookup returns less information than
/api/alert-notifications and can be access by any authenticated user.
Existing /api/org/users now requires org admin role.
New /api/org/users/lookup returns less information than
/api/org/users and can be access by users that are org admins,
admin in any folder or admin of any team.
UserPicker component now uses /api/org/users/lookup instead
of /api/org/users.

Fixes #17318
This commit is contained in:
Marcus Efraimsson
2019-08-12 20:03:48 +02:00
committed by GitHub
parent ab17015794
commit 8fd153edb7
18 changed files with 621 additions and 326 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
public/app/plugins/panel/gettingstarted/GettingStarted.tsx
View File

@ -79,7 +79,7 @@ export class GettingStarted extends PureComponent<PanelProps, State> {
href: 'org/users?gettingstarted',
check: () => {
return getBackendSrv()
.get('/api/org/users')
.get('/api/org/users/lookup')
.then((res: any) => {
return res.length > 1;
});