public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

apply security patch: v11.3.x/194-202410181505.patch

Browse Source 
commit 1395b7ccf1656ff6cfd3aed5eb9b5163861fe3b2
Author: Leandro Deveikis <leandro.deveikis@gmail.com>
Date:   Fri Oct 11 14:44:30 2024 -0300

    Restrict dashboards, folders and datasources by the org id of the signed in user
This commit is contained in:
github-actions[bot]
2024-10-24 15:37:45 +00:00
committed by Kevin Yu
parent d9455ff7db
commit 5ddc329279
12 changed files with 188 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/services/cloudmigration/api/api.go
+7 -4
View File
@@ -175,7 +175,7 @@ func (cma *CloudMigrationAPI) GetSessionList(c *contextmodel.ReqContext) respons
ctx, span := cma.tracer.Start(c.Req.Context(), "MigrationAPI.GetSessionList")
defer span.End()
sl, err := cma.cloudMigrationService.GetSessionList(ctx)
sl, err := cma.cloudMigrationService.GetSessionList(ctx, c.OrgID)
if err != nil {
span.SetStatus(codes.Error, "session list error")
span.RecordError(err)
@@ -208,7 +208,7 @@ func (cma *CloudMigrationAPI) GetSession(c *contextmodel.ReqContext) response.Re
return response.Error(http.StatusBadRequest, "invalid session uid", err)
}
s, err := cma.cloudMigrationService.GetSession(ctx, uid)
s, err := cma.cloudMigrationService.GetSession(ctx, c.OrgID, uid)
if err != nil {
span.SetStatus(codes.Error, "session not found")
span.RecordError(err)
@@ -247,6 +247,7 @@ func (cma *CloudMigrationAPI) CreateSession(c *contextmodel.ReqContext) response
}
s, err := cma.cloudMigrationService.CreateSession(ctx, cloudmigration.CloudMigrationSessionRequest{
AuthToken: cmd.AuthToken,
OrgID: c.SignedInUser.OrgID,
})
if err != nil {
span.SetStatus(codes.Error, "session creation error")
@@ -285,7 +286,7 @@ func (cma *CloudMigrationAPI) DeleteSession(c *contextmodel.ReqContext) response
return response.ErrOrFallback(http.StatusBadRequest, "invalid session uid", err)
}
_, err := cma.cloudMigrationService.DeleteSession(ctx, uid)
_, err := cma.cloudMigrationService.DeleteSession(ctx, c.OrgID, uid)
if err != nil {
span.SetStatus(codes.Error, "session delete error")
span.RecordError(err)
@@ -365,6 +366,7 @@ func (cma *CloudMigrationAPI) GetSnapshot(c *contextmodel.ReqContext) response.R
SessionUID: sessUid,
ResultPage: c.QueryInt("resultPage"),
ResultLimit: c.QueryInt("resultLimit"),
OrgID: c.SignedInUser.OrgID,
}
if q.ResultLimit == 0 {
q.ResultLimit = 100
@@ -447,6 +449,7 @@ func (cma *CloudMigrationAPI) GetSnapshotList(c *contextmodel.ReqContext) respon
Limit: c.QueryInt("limit"),
Page: c.QueryInt("page"),
Sort: c.Query("sort"),
OrgID: c.SignedInUser.OrgID,
}
if q.Limit == 0 {
q.Limit = 100
@@ -507,7 +510,7 @@ func (cma *CloudMigrationAPI) UploadSnapshot(c *contextmodel.ReqContext) respons
return response.ErrOrFallback(http.StatusBadRequest, "invalid snapshot uid", err)
}
if err := cma.cloudMigrationService.UploadSnapshot(ctx, sessUid, snapshotUid); err != nil {
if err := cma.cloudMigrationService.UploadSnapshot(ctx, c.OrgID, sessUid, snapshotUid); err != nil {
span.SetStatus(codes.Error, "error uploading snapshot")
span.RecordError(err)