apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Authz: Fix namespace authorization when calling a cluster resource (#102110)

Browse Source
pull/102116/head
Karl Persson 4 months ago committed by GitHub
parent 2bbd5faf6d
commit 5d94293305
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      pkg/services/apiserver/auth/authorizer/namespace.go

5
pkg/services/apiserver/auth/authorizer/namespace.go
Unescape View File

@ -40,6 +40,11 @@ func (auth namespaceAuthorizer) Authorize(ctx context.Context, a authorizer.Attr
return authorizer.DecisionDeny, "invalid namespace", err
}
// If we call a cluster resource we delegate to the next authorizer
if ns.Value == "" {
return authorizer.DecisionNoOpinion, "", nil
}
if ns.OrgID != ident.GetOrgID() {
return authorizer.DecisionDeny, "invalid org", nil
}

Write Preview
Loading…
Cancel
Save