opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-29 14:22:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Access Control: adding FGAC validation to mass delete annotation endpoint (#46846)

Browse Source 
* Access Control: adding FGAC validation to mass delete annotation endpoint
This commit is contained in:
Ezequiel Victorero
2022-03-23 18:39:00 -03:00
committed by GitHub
parent 60d4cd80bf
commit c5f295b5b3
7 changed files with 284 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/api/api.go
View File

@ -437,7 +437,7 @@ func (hs *HTTPServer) registerRoutes() {
})
apiRoute.Get("/annotations", authorize(reqSignedIn, ac.EvalPermission(ac.ActionAnnotationsRead, ac.ScopeAnnotationsAll)), routing.Wrap(hs.GetAnnotations))
apiRoute.Post("/annotations/mass-delete", reqOrgAdmin, routing.Wrap(hs.DeleteAnnotations))
apiRoute.Post("/annotations/mass-delete", authorize(reqOrgAdmin, ac.EvalPermission(ac.ActionAnnotationsDelete)), routing.Wrap(hs.MassDeleteAnnotations))
apiRoute.Group("/annotations", func(annotationsRoute routing.RouteRegister) {
annotationsRoute.Post("/", authorize(reqSignedIn, ac.EvalPermission(ac.ActionAnnotationsCreate)), routing.Wrap(hs.PostAnnotation))