Alerting: fix bug where user is able to access rules from namespaces user is not part of (#41403) (#41406)
* Add fix
* Add tests
(cherry picked from commit 6220872633)
Co-authored-by: Yuriy Tseretyan <yuriy.tseretyan@grafana.com>
Co-authored-by: Armand Grillet <2117580+armandgrillet@users.noreply.github.com>
Co-authored-by: Jean-Philippe Quéméner <JohnnyQQQQ@users.noreply.github.com>
Co-authored-by: George Robinson <george.robinson@grafana.com>
Co-authored-by: gotjosh <josue@grafana.com>
This commit is contained in:
Grot (@grafanabot)
committed by
GitHub
GitHub
parent
adfd39e5fd
commit
3b8be57b4f
@@ -761,6 +761,32 @@ func TestPrometheusRulesPermissions(t *testing.T) {
|
||||
"evaluationTime": 0
|
||||
}]
|
||||
}
|
||||
}`, string(b))
|
||||
}
|
||||
|
||||
// remove permissions from _ALL_ folders
|
||||
require.NoError(t, store.UpdateDashboardACL(1, nil))
|
||||
|
||||
// make sure that no folders are included in the response
|
||||
{
|
||||
promRulesURL := fmt.Sprintf("http://grafana:password@%s/api/prometheus/grafana/api/v1/rules", grafanaListedAddr)
|
||||
// nolint:gosec
|
||||
resp, err := http.Get(promRulesURL)
|
||||
require.NoError(t, err)
|
||||
t.Cleanup(func() {
|
||||
err := resp.Body.Close()
|
||||
require.NoError(t, err)
|
||||
})
|
||||
b, err := ioutil.ReadAll(resp.Body)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, 200, resp.StatusCode)
|
||||
|
||||
require.JSONEq(t, `
|
||||
{
|
||||
"status": "success",
|
||||
"data": {
|
||||
"groups": []
|
||||
}
|
||||
}`, string(b))
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user