opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-30 23:32:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Plugins: Hide plugins page from viewers, and limit /api/plugins to only core plugins when called by viewer role (#21901)

Browse Source 
* Hide plugins list from viewers

* Made /api/plugins only return core plugins for users with viewer role

Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
This commit is contained in:
Dominik Prokop
2020-03-16 15:40:46 +01:00
committed by GitHub
parent 935ec07cfd
commit f345d7f6a3
2 changed files with 25 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/api/plugins.go
View File

@ -57,6 +57,11 @@ func (hs *HTTPServer) GetPluginList(c *models.ReqContext) Response {
embeddedFilter := c.Query("embedded")
coreFilter := c.Query("core")
// For users with viewer role we only return core plugins
if !c.HasRole(models.ROLE_ADMIN) {
coreFilter = "1"
}
pluginSettingsMap, err := plugins.GetPluginSettings(c.OrgId)
if err != nil {
@ -71,7 +76,7 @@ func (hs *HTTPServer) GetPluginList(c *models.ReqContext) Response {
}
// filter out core plugins
if coreFilter == "0" && pluginDef.IsCorePlugin {
if (coreFilter == "0" && pluginDef.IsCorePlugin) || (coreFilter == "1" && !pluginDef.IsCorePlugin) {
continue
}