opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-08-01 10:17:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

AccessControl: Add access control actions and scopes to team update and delete

Browse Source 
* AccessControl: Add access control actions and scopes to team update and delete

* AccessControl: Add tests for AC guards in update/delete

* AccessControl: add fixed role for team writer

* AccessControl: ensure team related AC is deleted with team

* Update pkg/api/team_test.go
This commit is contained in:
J Guerreiro
2022-01-27 15:16:44 +00:00
committed by GitHub
parent 1a9c293984
commit cb6e5ae8ce
7 changed files with 132 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/api/team.go
View File

@ -65,8 +65,10 @@ func (hs *HTTPServer) UpdateTeam(c *models.ReqContext) response.Response {
return response.Error(http.StatusBadRequest, "teamId is invalid", err)
}
if err := hs.teamGuardian.CanAdmin(c.Req.Context(), cmd.OrgId, cmd.Id, c.SignedInUser); err != nil {
return response.Error(403, "Not allowed to update team", err)
if !hs.Features.IsEnabled(featuremgmt.FlagAccesscontrol) {
if err := hs.teamGuardian.CanAdmin(c.Req.Context(), cmd.OrgId, cmd.Id, c.SignedInUser); err != nil {
return response.Error(403, "Not allowed to update team", err)
}
}
if err := hs.SQLStore.UpdateTeam(c.Req.Context(), &cmd); err != nil {
@ -88,8 +90,10 @@ func (hs *HTTPServer) DeleteTeamByID(c *models.ReqContext) response.Response {
}
user := c.SignedInUser
if err := hs.teamGuardian.CanAdmin(c.Req.Context(), orgId, teamId, user); err != nil {
return response.Error(403, "Not allowed to delete team", err)
if !hs.Features.IsEnabled(featuremgmt.FlagAccesscontrol) {
if err := hs.teamGuardian.CanAdmin(c.Req.Context(), orgId, teamId, user); err != nil {
return response.Error(403, "Not allowed to delete team", err)
}
}
if err := hs.SQLStore.DeleteTeam(c.Req.Context(), &models.DeleteTeamCommand{OrgId: orgId, Id: teamId}); err != nil {