apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Auth: Unfurl OrgID in pkg/api to allow using identity.Requester interface (#76108)

Browse Source 
Unfurl OrgID in pkg/api to allow using identity.Requester interface
pull/76113/head
Jo 2 years ago committed by GitHub
parent fb0ac351bc
commit 729dafaff9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 116 additions and 114 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 34
      pkg/api/alerting.go
  2. 28
      pkg/api/annotations.go
  3. 6
      pkg/api/dashboard_permission.go
  4. 6
      pkg/api/dashboard_snapshot.go
  5. 44
      pkg/api/datasources.go
  6. 22
      pkg/api/folder.go
  7. 8
      pkg/api/folder_permission.go
  8. 9
      pkg/api/frontendsettings.go
  9. 4
      pkg/api/index.go
  10. 2
      pkg/api/login.go
  11. 18
      pkg/api/playlist.go
  12. 2
      pkg/api/plugin_dashboards.go
  13. 2
      pkg/api/plugin_proxy.go
  14. 2
      pkg/api/plugin_resource.go
  15. 11
      pkg/api/plugins.go
  16. 14
      pkg/api/preferences.go
  17. 2
      pkg/api/quota.go
  18. 2
      pkg/api/render.go
  19. 2
      pkg/api/search.go
  20. 2
      pkg/api/short_url.go
  21. 10
      pkg/api/team_members.go

34
pkg/api/alerting.go
Unescape View File

@ -38,7 +38,7 @@ func (hs *HTTPServer) ValidateOrgAlert(c *contextmodel.ReqContext) {
return return
} }
if c.OrgID != res.OrgID { if c.SignedInUser.GetOrgID() != res.OrgID {
c.JsonApiErr(403, "You are not allowed to edit/view alert", nil) c.JsonApiErr(403, "You are not allowed to edit/view alert", nil)
return return
} }
@ -61,7 +61,7 @@ func (hs *HTTPServer) GetAlertStatesForDashboard(c *contextmodel.ReqContext) res
} }
query := alertmodels.GetAlertStatesForDashboardQuery{ query := alertmodels.GetAlertStatesForDashboardQuery{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
DashboardID: c.QueryInt64("dashboardId"), DashboardID: c.QueryInt64("dashboardId"),
} }
@ -109,7 +109,7 @@ func (hs *HTTPServer) GetAlerts(c *contextmodel.ReqContext) response.Response {
Tags: dashboardTags, Tags: dashboardTags,
SignedInUser: c.SignedInUser, SignedInUser: c.SignedInUser,
Limit: 1000, Limit: 1000,
OrgId: c.OrgID, OrgId: c.SignedInUser.GetOrgID(),
DashboardIds: dashboardIDs, DashboardIds: dashboardIDs,
Type: string(model.DashHitDB), Type: string(model.DashHitDB),
FolderIds: folderIDs, FolderIds: folderIDs,
@ -134,7 +134,7 @@ func (hs *HTTPServer) GetAlerts(c *contextmodel.ReqContext) response.Response {
} }
query := alertmodels.GetAlertsQuery{ query := alertmodels.GetAlertsQuery{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
DashboardIDs: dashboardIDs, DashboardIDs: dashboardIDs,
PanelID: c.QueryInt64("panelId"), PanelID: c.QueryInt64("panelId"),
Limit: c.QueryInt64("limit"), Limit: c.QueryInt64("limit"),
@ -178,7 +178,7 @@ func (hs *HTTPServer) AlertTest(c *contextmodel.ReqContext) response.Response {
return response.Error(400, "The dashboard needs to be saved at least once before you can test an alert rule", nil) return response.Error(400, "The dashboard needs to be saved at least once before you can test an alert rule", nil)
} }
res, err := hs.AlertEngine.AlertTest(c.OrgID, dto.Dashboard, dto.PanelId, c.SignedInUser) res, err := hs.AlertEngine.AlertTest(c.SignedInUser.GetOrgID(), dto.Dashboard, dto.PanelId, c.SignedInUser)
if err != nil { if err != nil {
var validationErr alerting.ValidationError var validationErr alerting.ValidationError
if errors.As(err, &validationErr) { if errors.As(err, &validationErr) {
@ -302,7 +302,7 @@ func (hs *HTTPServer) GetAlertNotifications(c *contextmodel.ReqContext) response
} }
func (hs *HTTPServer) getAlertNotificationsInternal(c *contextmodel.ReqContext) ([]*alertmodels.AlertNotification, error) { func (hs *HTTPServer) getAlertNotificationsInternal(c *contextmodel.ReqContext) ([]*alertmodels.AlertNotification, error) {
query := &alertmodels.GetAllAlertNotificationsQuery{OrgID: c.OrgID} query := &alertmodels.GetAllAlertNotificationsQuery{OrgID: c.SignedInUser.GetOrgID()}
return hs.AlertNotificationService.GetAllAlertNotifications(c.Req.Context(), query) return hs.AlertNotificationService.GetAllAlertNotifications(c.Req.Context(), query)
} }
@ -324,7 +324,7 @@ func (hs *HTTPServer) GetAlertNotificationByID(c *contextmodel.ReqContext) respo
return response.Error(http.StatusBadRequest, "notificationId is invalid", err) return response.Error(http.StatusBadRequest, "notificationId is invalid", err)
} }
query := &alertmodels.GetAlertNotificationsQuery{ query := &alertmodels.GetAlertNotificationsQuery{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
ID: notificationId, ID: notificationId,
} }
@ -358,7 +358,7 @@ func (hs *HTTPServer) GetAlertNotificationByID(c *contextmodel.ReqContext) respo
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) GetAlertNotificationByUID(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) GetAlertNotificationByUID(c *contextmodel.ReqContext) response.Response {
query := &alertmodels.GetAlertNotificationsWithUidQuery{ query := &alertmodels.GetAlertNotificationsWithUidQuery{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
UID: web.Params(c.Req)[":uid"], UID: web.Params(c.Req)[":uid"],
} }
@ -395,7 +395,7 @@ func (hs *HTTPServer) CreateAlertNotification(c *contextmodel.ReqContext) respon
if err := web.Bind(c.Req, &cmd); err != nil { if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
cmd.OrgID = c.OrgID cmd.OrgID = c.SignedInUser.GetOrgID()
res, err := hs.AlertNotificationService.CreateAlertNotificationCommand(c.Req.Context(), &cmd) res, err := hs.AlertNotificationService.CreateAlertNotificationCommand(c.Req.Context(), &cmd)
if err != nil { if err != nil {
@ -429,7 +429,7 @@ func (hs *HTTPServer) UpdateAlertNotification(c *contextmodel.ReqContext) respon
if err := web.Bind(c.Req, &cmd); err != nil { if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
cmd.OrgID = c.OrgID cmd.OrgID = c.SignedInUser.GetOrgID()
err := hs.fillWithSecureSettingsData(c.Req.Context(), &cmd) err := hs.fillWithSecureSettingsData(c.Req.Context(), &cmd)
if err != nil { if err != nil {
@ -448,7 +448,7 @@ func (hs *HTTPServer) UpdateAlertNotification(c *contextmodel.ReqContext) respon
} }
query := alertmodels.GetAlertNotificationsQuery{ query := alertmodels.GetAlertNotificationsQuery{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
ID: cmd.ID, ID: cmd.ID,
} }
@ -477,7 +477,7 @@ func (hs *HTTPServer) UpdateAlertNotificationByUID(c *contextmodel.ReqContext) r
if err := web.Bind(c.Req, &cmd); err != nil { if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
cmd.OrgID = c.OrgID cmd.OrgID = c.SignedInUser.GetOrgID()
cmd.UID = web.Params(c.Req)[":uid"] cmd.UID = web.Params(c.Req)[":uid"]
err := hs.fillWithSecureSettingsDataByUID(c.Req.Context(), &cmd) err := hs.fillWithSecureSettingsDataByUID(c.Req.Context(), &cmd)
@ -582,7 +582,7 @@ func (hs *HTTPServer) DeleteAlertNotification(c *contextmodel.ReqContext) respon
} }
cmd := alertmodels.DeleteAlertNotificationCommand{ cmd := alertmodels.DeleteAlertNotificationCommand{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
ID: notificationId, ID: notificationId,
} }
@ -610,7 +610,7 @@ func (hs *HTTPServer) DeleteAlertNotification(c *contextmodel.ReqContext) respon
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) DeleteAlertNotificationByUID(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) DeleteAlertNotificationByUID(c *contextmodel.ReqContext) response.Response {
cmd := alertmodels.DeleteAlertNotificationWithUidCommand{ cmd := alertmodels.DeleteAlertNotificationWithUidCommand{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
UID: web.Params(c.Req)[":uid"], UID: web.Params(c.Req)[":uid"],
} }
@ -646,7 +646,7 @@ func (hs *HTTPServer) NotificationTest(c *contextmodel.ReqContext) response.Resp
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
cmd := &alerting.NotificationTestCommand{ cmd := &alerting.NotificationTestCommand{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
ID: dto.ID, ID: dto.ID,
Name: dto.Name, Name: dto.Name,
Type: dto.Type, Type: dto.Type,
@ -704,7 +704,7 @@ func (hs *HTTPServer) PauseAlert(legacyAlertingEnabled *bool) func(c *contextmod
return response.Error(500, "Get Alert failed", err) return response.Error(500, "Get Alert failed", err)
} }
guardian, err := guardian.New(c.Req.Context(), res.DashboardID, c.OrgID, c.SignedInUser) guardian, err := guardian.New(c.Req.Context(), res.DashboardID, c.SignedInUser.GetOrgID(), c.SignedInUser)
if err != nil { if err != nil {
return response.ErrOrFallback(http.StatusInternalServerError, "Error while creating permission guardian", err) return response.ErrOrFallback(http.StatusInternalServerError, "Error while creating permission guardian", err)
} }
@ -728,7 +728,7 @@ func (hs *HTTPServer) PauseAlert(legacyAlertingEnabled *bool) func(c *contextmod
} }
cmd := alertmodels.PauseAlertCommand{ cmd := alertmodels.PauseAlertCommand{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
AlertIDs: []int64{alertID}, AlertIDs: []int64{alertID},
Paused: dto.Paused, Paused: dto.Paused,
} }

28
pkg/api/annotations.go
Unescape View File

@ -33,7 +33,7 @@ func (hs *HTTPServer) GetAnnotations(c *contextmodel.ReqContext) response.Respon
query := &annotations.ItemQuery{ query := &annotations.ItemQuery{
From: c.QueryInt64("from"), From: c.QueryInt64("from"),
To: c.QueryInt64("to"), To: c.QueryInt64("to"),
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
UserID: c.QueryInt64("userId"), UserID: c.QueryInt64("userId"),
AlertID: c.QueryInt64("alertId"), AlertID: c.QueryInt64("alertId"),
DashboardID: c.QueryInt64("dashboardId"), DashboardID: c.QueryInt64("dashboardId"),
@ -48,7 +48,7 @@ func (hs *HTTPServer) GetAnnotations(c *contextmodel.ReqContext) response.Respon
// When dashboard UID present in the request, we ignore dashboard ID // When dashboard UID present in the request, we ignore dashboard ID
if query.DashboardUID != "" { if query.DashboardUID != "" {
dq := dashboards.GetDashboardQuery{UID: query.DashboardUID, OrgID: c.OrgID} dq := dashboards.GetDashboardQuery{UID: query.DashboardUID, OrgID: c.SignedInUser.GetOrgID()}
dqResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &dq) dqResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &dq)
if err != nil { if err != nil {
return response.Error(http.StatusBadRequest, "Invalid dashboard UID in annotation request", err) return response.Error(http.StatusBadRequest, "Invalid dashboard UID in annotation request", err)
@ -73,7 +73,7 @@ func (hs *HTTPServer) GetAnnotations(c *contextmodel.ReqContext) response.Respon
if val, ok := dashboardCache[item.DashboardID]; ok { if val, ok := dashboardCache[item.DashboardID]; ok {
item.DashboardUID = val item.DashboardUID = val
} else { } else {
query := dashboards.GetDashboardQuery{ID: item.DashboardID, OrgID: c.OrgID} query := dashboards.GetDashboardQuery{ID: item.DashboardID, OrgID: c.SignedInUser.GetOrgID()}
queryResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &query) queryResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &query)
if err == nil && queryResult != nil { if err == nil && queryResult != nil {
item.DashboardUID = &queryResult.UID item.DashboardUID = &queryResult.UID
@ -116,7 +116,7 @@ func (hs *HTTPServer) PostAnnotation(c *contextmodel.ReqContext) response.Respon
// overwrite dashboardId when dashboardUID is not empty // overwrite dashboardId when dashboardUID is not empty
if cmd.DashboardUID != "" { if cmd.DashboardUID != "" {
query := dashboards.GetDashboardQuery{OrgID: c.OrgID, UID: cmd.DashboardUID} query := dashboards.GetDashboardQuery{OrgID: c.SignedInUser.GetOrgID(), UID: cmd.DashboardUID}
queryResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &query) queryResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &query)
if err == nil { if err == nil {
cmd.DashboardId = queryResult.ID cmd.DashboardId = queryResult.ID
@ -133,7 +133,7 @@ func (hs *HTTPServer) PostAnnotation(c *contextmodel.ReqContext) response.Respon
} }
item := annotations.Item{ item := annotations.Item{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
UserID: c.UserID, UserID: c.UserID,
DashboardID: cmd.DashboardId, DashboardID: cmd.DashboardId,
PanelID: cmd.PanelId, PanelID: cmd.PanelId,
@ -215,7 +215,7 @@ func (hs *HTTPServer) PostGraphiteAnnotation(c *contextmodel.ReqContext) respons
} }
item := annotations.Item{ item := annotations.Item{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
UserID: c.UserID, UserID: c.UserID,
Epoch: cmd.When * 1000, Epoch: cmd.When * 1000,
Text: text, Text: text,
@ -265,7 +265,7 @@ func (hs *HTTPServer) UpdateAnnotation(c *contextmodel.ReqContext) response.Resp
} }
item := annotations.Item{ item := annotations.Item{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
UserID: c.UserID, UserID: c.UserID,
ID: annotationID, ID: annotationID,
Epoch: cmd.Time, Epoch: cmd.Time,
@ -320,7 +320,7 @@ func (hs *HTTPServer) PatchAnnotation(c *contextmodel.ReqContext) response.Respo
} }
existing := annotations.Item{ existing := annotations.Item{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
UserID: c.UserID, UserID: c.UserID,
ID: annotationID, ID: annotationID,
Epoch: annotation.Time, Epoch: annotation.Time,
@ -373,7 +373,7 @@ func (hs *HTTPServer) MassDeleteAnnotations(c *contextmodel.ReqContext) response
} }
if cmd.DashboardUID != "" { if cmd.DashboardUID != "" {
query := dashboards.GetDashboardQuery{OrgID: c.OrgID, UID: cmd.DashboardUID} query := dashboards.GetDashboardQuery{OrgID: c.SignedInUser.GetOrgID(), UID: cmd.DashboardUID}
queryResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &query) queryResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &query)
if err == nil { if err == nil {
cmd.DashboardId = queryResult.ID cmd.DashboardId = queryResult.ID
@ -398,13 +398,13 @@ func (hs *HTTPServer) MassDeleteAnnotations(c *contextmodel.ReqContext) response
} }
dashboardId = annotation.DashboardID dashboardId = annotation.DashboardID
deleteParams = &annotations.DeleteParams{ deleteParams = &annotations.DeleteParams{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
ID: cmd.AnnotationId, ID: cmd.AnnotationId,
} }
} else { } else {
dashboardId = cmd.DashboardId dashboardId = cmd.DashboardId
deleteParams = &annotations.DeleteParams{ deleteParams = &annotations.DeleteParams{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
DashboardID: cmd.DashboardId, DashboardID: cmd.DashboardId,
PanelID: cmd.PanelId, PanelID: cmd.PanelId,
} }
@ -477,7 +477,7 @@ func (hs *HTTPServer) DeleteAnnotationByID(c *contextmodel.ReqContext) response.
} }
err = hs.annotationsRepo.Delete(c.Req.Context(), &annotations.DeleteParams{ err = hs.annotationsRepo.Delete(c.Req.Context(), &annotations.DeleteParams{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
ID: annotationID, ID: annotationID,
}) })
if err != nil { if err != nil {
@ -496,7 +496,7 @@ func (hs *HTTPServer) canSaveAnnotation(c *contextmodel.ReqContext, annotation *
} }
func canEditDashboard(c *contextmodel.ReqContext, dashboardID int64) (bool, error) { func canEditDashboard(c *contextmodel.ReqContext, dashboardID int64) (bool, error) {
guard, err := guardian.New(c.Req.Context(), dashboardID, c.OrgID, c.SignedInUser) guard, err := guardian.New(c.Req.Context(), dashboardID, c.SignedInUser.GetOrgID(), c.SignedInUser)
if err != nil { if err != nil {
return false, err return false, err
} }
@ -539,7 +539,7 @@ func findAnnotationByID(ctx context.Context, repo annotations.Repository, annota
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) GetAnnotationTags(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) GetAnnotationTags(c *contextmodel.ReqContext) response.Response {
query := &annotations.TagsQuery{ query := &annotations.TagsQuery{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
Tag: c.Query("tag"), Tag: c.Query("tag"),
Limit: c.QueryInt64("limit"), Limit: c.QueryInt64("limit"),
} }

6
pkg/api/dashboard_permission.go
Unescape View File

@ -52,7 +52,7 @@ func (hs *HTTPServer) GetDashboardPermissionList(c *contextmodel.ReqContext) res
} }
} }
dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.OrgID, dashID, dashUID) dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.SignedInUser.GetOrgID(), dashID, dashUID)
if rsp != nil { if rsp != nil {
return rsp return rsp
} }
@ -133,7 +133,7 @@ func (hs *HTTPServer) UpdateDashboardPermissions(c *contextmodel.ReqContext) res
} }
} }
dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.OrgID, dashID, dashUID) dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.SignedInUser.GetOrgID(), dashID, dashUID)
if rsp != nil { if rsp != nil {
return rsp return rsp
} }
@ -141,7 +141,7 @@ func (hs *HTTPServer) UpdateDashboardPermissions(c *contextmodel.ReqContext) res
items := make([]*dashboards.DashboardACL, 0, len(apiCmd.Items)) items := make([]*dashboards.DashboardACL, 0, len(apiCmd.Items))
for _, item := range apiCmd.Items { for _, item := range apiCmd.Items {
items = append(items, &dashboards.DashboardACL{ items = append(items, &dashboards.DashboardACL{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
DashboardID: dashID, DashboardID: dashID,
UserID: item.UserID, UserID: item.UserID,
TeamID: item.TeamID, TeamID: item.TeamID,

6
pkg/api/dashboard_snapshot.go
Unescape View File

@ -121,7 +121,7 @@ func (hs *HTTPServer) CreateDashboardSnapshot(c *contextmodel.ReqContext) respon
var snapshotUrl string var snapshotUrl string
cmd.ExternalURL = "" cmd.ExternalURL = ""
cmd.OrgID = c.OrgID cmd.OrgID = c.SignedInUser.GetOrgID()
cmd.UserID = c.UserID cmd.UserID = c.UserID
originalDashboardURL, err := createOriginalDashboardURL(&cmd) originalDashboardURL, err := createOriginalDashboardURL(&cmd)
if err != nil { if err != nil {
@ -364,7 +364,7 @@ func (hs *HTTPServer) DeleteDashboardSnapshot(c *contextmodel.ReqContext) respon
dashboardID := queryResult.Dashboard.Get("id").MustInt64() dashboardID := queryResult.Dashboard.Get("id").MustInt64()
if dashboardID != 0 { if dashboardID != 0 {
g, err := guardian.New(c.Req.Context(), dashboardID, c.OrgID, c.SignedInUser) g, err := guardian.New(c.Req.Context(), dashboardID, c.SignedInUser.GetOrgID(), c.SignedInUser)
if err != nil { if err != nil {
if !errors.Is(err, dashboards.ErrDashboardNotFound) { if !errors.Is(err, dashboards.ErrDashboardNotFound) {
return response.Err(err) return response.Err(err)
@ -417,7 +417,7 @@ func (hs *HTTPServer) SearchDashboardSnapshots(c *contextmodel.ReqContext) respo
searchQuery := dashboardsnapshots.GetDashboardSnapshotsQuery{ searchQuery := dashboardsnapshots.GetDashboardSnapshotsQuery{
Name: query, Name: query,
Limit: limit, Limit: limit,
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
SignedInUser: c.SignedInUser, SignedInUser: c.SignedInUser,
} }

44
pkg/api/datasources.go
Unescape View File

@ -40,7 +40,7 @@ var secretsPluginError datasources.ErrDatasourceSecretsPluginUserFriendly
// 403: forbiddenError // 403: forbiddenError
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) GetDataSources(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) GetDataSources(c *contextmodel.ReqContext) response.Response {
query := datasources.GetDataSourcesQuery{OrgID: c.OrgID, DataSourceLimit: hs.Cfg.DataSourceLimit} query := datasources.GetDataSourcesQuery{OrgID: c.SignedInUser.GetOrgID(), DataSourceLimit: hs.Cfg.DataSourceLimit}
dataSources, err := hs.DataSourcesService.GetDataSources(c.Req.Context(), &query) dataSources, err := hs.DataSourcesService.GetDataSources(c.Req.Context(), &query)
if err != nil { if err != nil {
@ -112,7 +112,7 @@ func (hs *HTTPServer) GetDataSourceById(c *contextmodel.ReqContext) response.Res
} }
query := datasources.GetDataSourceQuery{ query := datasources.GetDataSourceQuery{
ID: id, ID: id,
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
} }
dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query) dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query)
@ -129,7 +129,7 @@ func (hs *HTTPServer) GetDataSourceById(c *contextmodel.ReqContext) response.Res
dto := hs.convertModelToDtos(c.Req.Context(), dataSource) dto := hs.convertModelToDtos(c.Req.Context(), dataSource)
// Add accesscontrol metadata // Add accesscontrol metadata
dto.AccessControl = hs.getAccessControlMetadata(c, c.OrgID, datasources.ScopePrefix, dto.UID) dto.AccessControl = hs.getAccessControlMetadata(c, c.SignedInUser.GetOrgID(), datasources.ScopePrefix, dto.UID)
return response.JSON(http.StatusOK, &dto) return response.JSON(http.StatusOK, &dto)
} }
@ -161,7 +161,7 @@ func (hs *HTTPServer) DeleteDataSourceById(c *contextmodel.ReqContext) response.
return response.Error(400, "Missing valid datasource id", nil) return response.Error(400, "Missing valid datasource id", nil)
} }
ds, err := hs.getRawDataSourceById(c.Req.Context(), id, c.OrgID) ds, err := hs.getRawDataSourceById(c.Req.Context(), id, c.SignedInUser.GetOrgID())
if err != nil { if err != nil {
if errors.Is(err, datasources.ErrDataSourceNotFound) { if errors.Is(err, datasources.ErrDataSourceNotFound) {
return response.Error(404, "Data source not found", nil) return response.Error(404, "Data source not found", nil)
@ -173,7 +173,7 @@ func (hs *HTTPServer) DeleteDataSourceById(c *contextmodel.ReqContext) response.
return response.Error(403, "Cannot delete read-only data source", nil) return response.Error(403, "Cannot delete read-only data source", nil)
} }
cmd := &datasources.DeleteDataSourceCommand{ID: id, OrgID: c.OrgID, Name: ds.Name} cmd := &datasources.DeleteDataSourceCommand{ID: id, OrgID: c.SignedInUser.GetOrgID(), Name: ds.Name}
err = hs.DataSourcesService.DeleteDataSource(c.Req.Context(), cmd) err = hs.DataSourcesService.DeleteDataSource(c.Req.Context(), cmd)
if err != nil { if err != nil {
@ -183,7 +183,7 @@ func (hs *HTTPServer) DeleteDataSourceById(c *contextmodel.ReqContext) response.
return response.Error(500, "Failed to delete datasource", err) return response.Error(500, "Failed to delete datasource", err)
} }
hs.Live.HandleDatasourceDelete(c.OrgID, ds.UID) hs.Live.HandleDatasourceDelete(c.SignedInUser.GetOrgID(), ds.UID)
return response.Success("Data source deleted") return response.Success("Data source deleted")
} }
@ -203,7 +203,7 @@ func (hs *HTTPServer) DeleteDataSourceById(c *contextmodel.ReqContext) response.
// 404: notFoundError // 404: notFoundError
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) GetDataSourceByUID(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) GetDataSourceByUID(c *contextmodel.ReqContext) response.Response {
ds, err := hs.getRawDataSourceByUID(c.Req.Context(), web.Params(c.Req)[":uid"], c.OrgID) ds, err := hs.getRawDataSourceByUID(c.Req.Context(), web.Params(c.Req)[":uid"], c.SignedInUser.GetOrgID())
if err != nil { if err != nil {
if errors.Is(err, datasources.ErrDataSourceNotFound) { if errors.Is(err, datasources.ErrDataSourceNotFound) {
@ -215,7 +215,7 @@ func (hs *HTTPServer) GetDataSourceByUID(c *contextmodel.ReqContext) response.Re
dto := hs.convertModelToDtos(c.Req.Context(), ds) dto := hs.convertModelToDtos(c.Req.Context(), ds)
// Add accesscontrol metadata // Add accesscontrol metadata
dto.AccessControl = hs.getAccessControlMetadata(c, c.OrgID, datasources.ScopePrefix, dto.UID) dto.AccessControl = hs.getAccessControlMetadata(c, c.SignedInUser.GetOrgID(), datasources.ScopePrefix, dto.UID)
return response.JSON(http.StatusOK, &dto) return response.JSON(http.StatusOK, &dto)
} }
@ -240,7 +240,7 @@ func (hs *HTTPServer) DeleteDataSourceByUID(c *contextmodel.ReqContext) response
return response.Error(400, "Missing datasource uid", nil) return response.Error(400, "Missing datasource uid", nil)
} }
ds, err := hs.getRawDataSourceByUID(c.Req.Context(), uid, c.OrgID) ds, err := hs.getRawDataSourceByUID(c.Req.Context(), uid, c.SignedInUser.GetOrgID())
if err != nil { if err != nil {
if errors.Is(err, datasources.ErrDataSourceNotFound) { if errors.Is(err, datasources.ErrDataSourceNotFound) {
return response.Error(404, "Data source not found", nil) return response.Error(404, "Data source not found", nil)
@ -252,7 +252,7 @@ func (hs *HTTPServer) DeleteDataSourceByUID(c *contextmodel.ReqContext) response
return response.Error(403, "Cannot delete read-only data source", nil) return response.Error(403, "Cannot delete read-only data source", nil)
} }
cmd := &datasources.DeleteDataSourceCommand{UID: uid, OrgID: c.OrgID, Name: ds.Name} cmd := &datasources.DeleteDataSourceCommand{UID: uid, OrgID: c.SignedInUser.GetOrgID(), Name: ds.Name}
err = hs.DataSourcesService.DeleteDataSource(c.Req.Context(), cmd) err = hs.DataSourcesService.DeleteDataSource(c.Req.Context(), cmd)
if err != nil { if err != nil {
@ -262,7 +262,7 @@ func (hs *HTTPServer) DeleteDataSourceByUID(c *contextmodel.ReqContext) response
return response.Error(500, "Failed to delete datasource", err) return response.Error(500, "Failed to delete datasource", err)
} }
hs.Live.HandleDatasourceDelete(c.OrgID, ds.UID) hs.Live.HandleDatasourceDelete(c.SignedInUser.GetOrgID(), ds.UID)
return response.JSON(http.StatusOK, util.DynMap{ return response.JSON(http.StatusOK, util.DynMap{
"message": "Data source deleted", "message": "Data source deleted",
@ -290,7 +290,7 @@ func (hs *HTTPServer) DeleteDataSourceByName(c *contextmodel.ReqContext) respons
return response.Error(400, "Missing valid datasource name", nil) return response.Error(400, "Missing valid datasource name", nil)
} }
getCmd := &datasources.GetDataSourceQuery{Name: name, OrgID: c.OrgID} getCmd := &datasources.GetDataSourceQuery{Name: name, OrgID: c.SignedInUser.GetOrgID()}
dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), getCmd) dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), getCmd)
if err != nil { if err != nil {
if errors.Is(err, datasources.ErrDataSourceNotFound) { if errors.Is(err, datasources.ErrDataSourceNotFound) {
@ -303,7 +303,7 @@ func (hs *HTTPServer) DeleteDataSourceByName(c *contextmodel.ReqContext) respons
return response.Error(403, "Cannot delete read-only data source", nil) return response.Error(403, "Cannot delete read-only data source", nil)
} }
cmd := &datasources.DeleteDataSourceCommand{Name: name, OrgID: c.OrgID} cmd := &datasources.DeleteDataSourceCommand{Name: name, OrgID: c.SignedInUser.GetOrgID()}
err = hs.DataSourcesService.DeleteDataSource(c.Req.Context(), cmd) err = hs.DataSourcesService.DeleteDataSource(c.Req.Context(), cmd)
if err != nil { if err != nil {
if errors.As(err, &secretsPluginError) { if errors.As(err, &secretsPluginError) {
@ -312,7 +312,7 @@ func (hs *HTTPServer) DeleteDataSourceByName(c *contextmodel.ReqContext) respons
return response.Error(500, "Failed to delete datasource", err) return response.Error(500, "Failed to delete datasource", err)
} }
hs.Live.HandleDatasourceDelete(c.OrgID, dataSource.UID) hs.Live.HandleDatasourceDelete(c.SignedInUser.GetOrgID(), dataSource.UID)
return response.JSON(http.StatusOK, util.DynMap{ return response.JSON(http.StatusOK, util.DynMap{
"message": "Data source deleted", "message": "Data source deleted",
@ -373,7 +373,7 @@ func (hs *HTTPServer) AddDataSource(c *contextmodel.ReqContext) response.Respons
} }
datasourcesLogger.Debug("Received command to add data source", "url", cmd.URL) datasourcesLogger.Debug("Received command to add data source", "url", cmd.URL)
cmd.OrgID = c.OrgID cmd.OrgID = c.SignedInUser.GetOrgID()
cmd.UserID = c.UserID cmd.UserID = c.UserID
if cmd.URL != "" { if cmd.URL != "" {
if resp := validateURL(cmd.Type, cmd.URL); resp != nil { if resp := validateURL(cmd.Type, cmd.URL); resp != nil {
@ -437,7 +437,7 @@ func (hs *HTTPServer) UpdateDataSourceByID(c *contextmodel.ReqContext) response.
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
datasourcesLogger.Debug("Received command to update data source", "url", cmd.URL) datasourcesLogger.Debug("Received command to update data source", "url", cmd.URL)
cmd.OrgID = c.OrgID cmd.OrgID = c.SignedInUser.GetOrgID()
var err error var err error
if cmd.ID, err = strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64); err != nil { if cmd.ID, err = strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64); err != nil {
return response.Error(http.StatusBadRequest, "id is invalid", err) return response.Error(http.StatusBadRequest, "id is invalid", err)
@ -481,7 +481,7 @@ func (hs *HTTPServer) UpdateDataSourceByUID(c *contextmodel.ReqContext) response
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
datasourcesLogger.Debug("Received command to update data source", "url", cmd.URL) datasourcesLogger.Debug("Received command to update data source", "url", cmd.URL)
cmd.OrgID = c.OrgID cmd.OrgID = c.SignedInUser.GetOrgID()
if resp := validateURL(cmd.Type, cmd.URL); resp != nil { if resp := validateURL(cmd.Type, cmd.URL); resp != nil {
return resp return resp
} }
@ -489,7 +489,7 @@ func (hs *HTTPServer) UpdateDataSourceByUID(c *contextmodel.ReqContext) response
return response.Error(http.StatusBadRequest, "Failed to update datasource", err) return response.Error(http.StatusBadRequest, "Failed to update datasource", err)
} }
ds, err := hs.getRawDataSourceByUID(c.Req.Context(), web.Params(c.Req)[":uid"], c.OrgID) ds, err := hs.getRawDataSourceByUID(c.Req.Context(), web.Params(c.Req)[":uid"], c.SignedInUser.GetOrgID())
if err != nil { if err != nil {
if errors.Is(err, datasources.ErrDataSourceNotFound) { if errors.Is(err, datasources.ErrDataSourceNotFound) {
return response.Error(http.StatusNotFound, "Data source not found", nil) return response.Error(http.StatusNotFound, "Data source not found", nil)
@ -524,7 +524,7 @@ func (hs *HTTPServer) updateDataSourceByID(c *contextmodel.ReqContext, ds *datas
query := datasources.GetDataSourceQuery{ query := datasources.GetDataSourceQuery{
ID: cmd.ID, ID: cmd.ID,
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
} }
dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query) dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query)
@ -537,7 +537,7 @@ func (hs *HTTPServer) updateDataSourceByID(c *contextmodel.ReqContext, ds *datas
datasourceDTO := hs.convertModelToDtos(c.Req.Context(), dataSource) datasourceDTO := hs.convertModelToDtos(c.Req.Context(), dataSource)
hs.Live.HandleDatasourceUpdate(c.OrgID, datasourceDTO.UID) hs.Live.HandleDatasourceUpdate(c.SignedInUser.GetOrgID(), datasourceDTO.UID)
return response.JSON(http.StatusOK, util.DynMap{ return response.JSON(http.StatusOK, util.DynMap{
"message": "Datasource updated", "message": "Datasource updated",
@ -588,7 +588,7 @@ func (hs *HTTPServer) getRawDataSourceByUID(ctx context.Context, uid string, org
// 403: forbiddenError // 403: forbiddenError
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) GetDataSourceByName(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) GetDataSourceByName(c *contextmodel.ReqContext) response.Response {
query := datasources.GetDataSourceQuery{Name: web.Params(c.Req)[":name"], OrgID: c.OrgID} query := datasources.GetDataSourceQuery{Name: web.Params(c.Req)[":name"], OrgID: c.SignedInUser.GetOrgID()}
dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query) dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query)
if err != nil { if err != nil {
@ -616,7 +616,7 @@ func (hs *HTTPServer) GetDataSourceByName(c *contextmodel.ReqContext) response.R
// 404: notFoundError // 404: notFoundError
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) GetDataSourceIdByName(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) GetDataSourceIdByName(c *contextmodel.ReqContext) response.Response {
query := datasources.GetDataSourceQuery{Name: web.Params(c.Req)[":name"], OrgID: c.OrgID} query := datasources.GetDataSourceQuery{Name: web.Params(c.Req)[":name"], OrgID: c.SignedInUser.GetOrgID()}
ds, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query) ds, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query)
if err != nil { if err != nil {

22
pkg/api/folder.go
Unescape View File

@ -45,7 +45,7 @@ func (hs *HTTPServer) GetFolders(c *contextmodel.ReqContext) response.Response {
var err error var err error
if hs.Features.IsEnabled(featuremgmt.FlagNestedFolders) { if hs.Features.IsEnabled(featuremgmt.FlagNestedFolders) {
folders, err = hs.folderService.GetChildren(c.Req.Context(), &folder.GetChildrenQuery{ folders, err = hs.folderService.GetChildren(c.Req.Context(), &folder.GetChildrenQuery{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
Limit: c.QueryInt64("limit"), Limit: c.QueryInt64("limit"),
Page: c.QueryInt64("page"), Page: c.QueryInt64("page"),
UID: c.Query("parentUid"), UID: c.Query("parentUid"),
@ -84,7 +84,7 @@ func (hs *HTTPServer) GetFolders(c *contextmodel.ReqContext) response.Response {
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) GetFolderByUID(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) GetFolderByUID(c *contextmodel.ReqContext) response.Response {
uid := web.Params(c.Req)[":uid"] uid := web.Params(c.Req)[":uid"]
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: &uid, SignedInUser: c.SignedInUser}) folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
if err != nil { if err != nil {
return apierrors.ToFolderErrorResponse(err) return apierrors.ToFolderErrorResponse(err)
} }
@ -117,7 +117,7 @@ func (hs *HTTPServer) GetFolderByID(c *contextmodel.ReqContext) response.Respons
if err != nil { if err != nil {
return response.Error(http.StatusBadRequest, "id is invalid", err) return response.Error(http.StatusBadRequest, "id is invalid", err)
} }
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{ID: &id, OrgID: c.OrgID, SignedInUser: c.SignedInUser}) folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{ID: &id, OrgID: c.SignedInUser.GetOrgID(), SignedInUser: c.SignedInUser})
if err != nil { if err != nil {
return apierrors.ToFolderErrorResponse(err) return apierrors.ToFolderErrorResponse(err)
} }
@ -147,7 +147,7 @@ func (hs *HTTPServer) CreateFolder(c *contextmodel.ReqContext) response.Response
if err := web.Bind(c.Req, &cmd); err != nil { if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
cmd.OrgID = c.OrgID cmd.OrgID = c.SignedInUser.GetOrgID()
cmd.SignedInUser = c.SignedInUser cmd.SignedInUser = c.SignedInUser
folder, err := hs.folderService.Create(c.Req.Context(), &cmd) folder, err := hs.folderService.Create(c.Req.Context(), &cmd)
@ -210,7 +210,7 @@ func (hs *HTTPServer) MoveFolder(c *contextmodel.ReqContext) response.Response {
} }
var err error var err error
cmd.OrgID = c.OrgID cmd.OrgID = c.SignedInUser.GetOrgID()
cmd.UID = web.Params(c.Req)[":uid"] cmd.UID = web.Params(c.Req)[":uid"]
cmd.SignedInUser = c.SignedInUser cmd.SignedInUser = c.SignedInUser
theFolder, err := hs.folderService.Move(c.Req.Context(), &cmd) theFolder, err := hs.folderService.Move(c.Req.Context(), &cmd)
@ -247,7 +247,7 @@ func (hs *HTTPServer) UpdateFolder(c *contextmodel.ReqContext) response.Response
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
cmd.OrgID = c.OrgID cmd.OrgID = c.SignedInUser.GetOrgID()
cmd.UID = web.Params(c.Req)[":uid"] cmd.UID = web.Params(c.Req)[":uid"]
cmd.SignedInUser = c.SignedInUser cmd.SignedInUser = c.SignedInUser
result, err := hs.folderService.Update(c.Req.Context(), &cmd) result, err := hs.folderService.Update(c.Req.Context(), &cmd)
@ -292,7 +292,7 @@ func (hs *HTTPServer) DeleteFolder(c *contextmodel.ReqContext) response.Response
*/ */
uid := web.Params(c.Req)[":uid"] uid := web.Params(c.Req)[":uid"]
err = hs.folderService.Delete(c.Req.Context(), &folder.DeleteFolderCommand{UID: uid, OrgID: c.OrgID, ForceDeleteRules: c.QueryBool("forceDeleteRules"), SignedInUser: c.SignedInUser}) err = hs.folderService.Delete(c.Req.Context(), &folder.DeleteFolderCommand{UID: uid, OrgID: c.SignedInUser.GetOrgID(), ForceDeleteRules: c.QueryBool("forceDeleteRules"), SignedInUser: c.SignedInUser})
if err != nil { if err != nil {
return apierrors.ToFolderErrorResponse(err) return apierrors.ToFolderErrorResponse(err)
} }
@ -314,7 +314,7 @@ func (hs *HTTPServer) DeleteFolder(c *contextmodel.ReqContext) response.Response
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) GetFolderDescendantCounts(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) GetFolderDescendantCounts(c *contextmodel.ReqContext) response.Response {
uid := web.Params(c.Req)[":uid"] uid := web.Params(c.Req)[":uid"]
counts, err := hs.folderService.GetDescendantCounts(c.Req.Context(), &folder.GetDescendantCountsQuery{OrgID: c.OrgID, UID: &uid, SignedInUser: c.SignedInUser}) counts, err := hs.folderService.GetDescendantCounts(c.Req.Context(), &folder.GetDescendantCountsQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
if err != nil { if err != nil {
return apierrors.ToFolderErrorResponse(err) return apierrors.ToFolderErrorResponse(err)
} }
@ -324,7 +324,7 @@ func (hs *HTTPServer) GetFolderDescendantCounts(c *contextmodel.ReqContext) resp
func (hs *HTTPServer) newToFolderDto(c *contextmodel.ReqContext, f *folder.Folder) (dtos.Folder, error) { func (hs *HTTPServer) newToFolderDto(c *contextmodel.ReqContext, f *folder.Folder) (dtos.Folder, error) {
ctx := c.Req.Context() ctx := c.Req.Context()
toDTO := func(f *folder.Folder, checkCanView bool) (dtos.Folder, error) { toDTO := func(f *folder.Folder, checkCanView bool) (dtos.Folder, error) {
g, err := guardian.NewByFolder(c.Req.Context(), f, c.OrgID, c.SignedInUser) g, err := guardian.NewByFolder(c.Req.Context(), f, c.SignedInUser.GetOrgID(), c.SignedInUser)
if err != nil { if err != nil {
return dtos.Folder{}, err return dtos.Folder{}, err
} }
@ -409,7 +409,7 @@ func (hs *HTTPServer) getFolderACMetadata(c *contextmodel.ReqContext, f *folder.
return nil, nil return nil, nil
} }
parents, err := hs.folderService.GetParents(c.Req.Context(), folder.GetParentsQuery{UID: f.UID, OrgID: c.OrgID}) parents, err := hs.folderService.GetParents(c.Req.Context(), folder.GetParentsQuery{UID: f.UID, OrgID: c.SignedInUser.GetOrgID()})
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -437,7 +437,7 @@ func (hs *HTTPServer) searchFolders(c *contextmodel.ReqContext) ([]*folder.Folde
DashboardIds: make([]int64, 0), DashboardIds: make([]int64, 0),
FolderIds: make([]int64, 0), FolderIds: make([]int64, 0),
Limit: c.QueryInt64("limit"), Limit: c.QueryInt64("limit"),
OrgId: c.OrgID, OrgId: c.SignedInUser.GetOrgID(),
Type: "dash-folder", Type: "dash-folder",
Permission: dashboards.PERMISSION_VIEW, Permission: dashboards.PERMISSION_VIEW,
Page: c.QueryInt64("page"), Page: c.QueryInt64("page"),

8
pkg/api/folder_permission.go
Unescape View File

@ -28,7 +28,7 @@ import (
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) GetFolderPermissionList(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) GetFolderPermissionList(c *contextmodel.ReqContext) response.Response {
uid := web.Params(c.Req)[":uid"] uid := web.Params(c.Req)[":uid"]
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: &uid, SignedInUser: c.SignedInUser}) folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
if err != nil { if err != nil {
return apierrors.ToFolderErrorResponse(err) return apierrors.ToFolderErrorResponse(err)
@ -84,7 +84,7 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *contextmodel.ReqContext) respon
} }
uid := web.Params(c.Req)[":uid"] uid := web.Params(c.Req)[":uid"]
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: &uid, SignedInUser: c.SignedInUser}) folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
if err != nil { if err != nil {
return apierrors.ToFolderErrorResponse(err) return apierrors.ToFolderErrorResponse(err)
} }
@ -92,7 +92,7 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *contextmodel.ReqContext) respon
items := make([]*dashboards.DashboardACL, 0, len(apiCmd.Items)) items := make([]*dashboards.DashboardACL, 0, len(apiCmd.Items))
for _, item := range apiCmd.Items { for _, item := range apiCmd.Items {
items = append(items, &dashboards.DashboardACL{ items = append(items, &dashboards.DashboardACL{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
DashboardID: folder.ID, DashboardID: folder.ID,
UserID: item.UserID, UserID: item.UserID,
TeamID: item.TeamID, TeamID: item.TeamID,
@ -110,7 +110,7 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *contextmodel.ReqContext) respon
items = append(items, hs.filterHiddenACL(c.SignedInUser, acl)...) items = append(items, hs.filterHiddenACL(c.SignedInUser, acl)...)
if err := hs.updateDashboardAccessControl(c.Req.Context(), c.OrgID, folder.UID, true, items, acl); err != nil { if err := hs.updateDashboardAccessControl(c.Req.Context(), c.SignedInUser.GetOrgID(), folder.UID, true, items, acl); err != nil {
return response.Error(http.StatusInternalServerError, "Failed to create permission", err) return response.Error(http.StatusInternalServerError, "Failed to create permission", err)
} }

9
pkg/api/frontendsettings.go
Unescape View File

@ -6,6 +6,8 @@ import (
"net/http" "net/http"
"strings" "strings"
"golang.org/x/exp/slices"
"github.com/grafana/grafana/pkg/api/dtos" "github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/plugins" "github.com/grafana/grafana/pkg/plugins"
"github.com/grafana/grafana/pkg/services/accesscontrol" "github.com/grafana/grafana/pkg/services/accesscontrol"
@ -19,7 +21,6 @@ import (
"github.com/grafana/grafana/pkg/setting" "github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/tsdb/grafanads" "github.com/grafana/grafana/pkg/tsdb/grafanads"
"github.com/grafana/grafana/pkg/util" "github.com/grafana/grafana/pkg/util"
"golang.org/x/exp/slices"
) )
func (hs *HTTPServer) GetFrontendSettings(c *contextmodel.ReqContext) { func (hs *HTTPServer) GetFrontendSettings(c *contextmodel.ReqContext) {
@ -34,7 +35,7 @@ func (hs *HTTPServer) GetFrontendSettings(c *contextmodel.ReqContext) {
// getFrontendSettings returns a json object with all the settings needed for front end initialisation. // getFrontendSettings returns a json object with all the settings needed for front end initialisation.
func (hs *HTTPServer) getFrontendSettings(c *contextmodel.ReqContext) (*dtos.FrontendSettingsDTO, error) { func (hs *HTTPServer) getFrontendSettings(c *contextmodel.ReqContext) (*dtos.FrontendSettingsDTO, error) {
availablePlugins, err := hs.availablePlugins(c.Req.Context(), c.OrgID) availablePlugins, err := hs.availablePlugins(c.Req.Context(), c.SignedInUser.GetOrgID())
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -279,8 +280,8 @@ func isSupportBundlesEnabled(hs *HTTPServer) bool {
func (hs *HTTPServer) getFSDataSources(c *contextmodel.ReqContext, availablePlugins AvailablePlugins) (map[string]plugins.DataSourceDTO, error) { func (hs *HTTPServer) getFSDataSources(c *contextmodel.ReqContext, availablePlugins AvailablePlugins) (map[string]plugins.DataSourceDTO, error) {
orgDataSources := make([]*datasources.DataSource, 0) orgDataSources := make([]*datasources.DataSource, 0)
if c.OrgID != 0 { if c.SignedInUser.GetOrgID() != 0 {
query := datasources.GetDataSourcesQuery{OrgID: c.OrgID, DataSourceLimit: hs.Cfg.DataSourceLimit} query := datasources.GetDataSourcesQuery{OrgID: c.SignedInUser.GetOrgID(), DataSourceLimit: hs.Cfg.DataSourceLimit}
dataSources, err := hs.DataSourcesService.GetDataSources(c.Req.Context(), &query) dataSources, err := hs.DataSourcesService.GetDataSources(c.Req.Context(), &query)
if err != nil { if err != nil {
return nil, err return nil, err

4
pkg/api/index.go
Unescape View File

@ -29,7 +29,7 @@ func (hs *HTTPServer) setIndexViewData(c *contextmodel.ReqContext) (*dtos.IndexV
return nil, err return nil, err
} }
prefsQuery := pref.GetPreferenceWithDefaultsQuery{UserID: c.UserID, OrgID: c.OrgID, Teams: c.Teams} prefsQuery := pref.GetPreferenceWithDefaultsQuery{UserID: c.UserID, OrgID: c.SignedInUser.GetOrgID(), Teams: c.Teams}
prefs, err := hs.preferenceService.GetWithDefaults(c.Req.Context(), &prefsQuery) prefs, err := hs.preferenceService.GetWithDefaults(c.Req.Context(), &prefsQuery)
if err != nil { if err != nil {
return nil, err return nil, err
@ -99,7 +99,7 @@ func (hs *HTTPServer) setIndexViewData(c *contextmodel.ReqContext) (*dtos.IndexV
Login: c.Login, Login: c.Login,
Email: c.Email, Email: c.Email,
Name: c.Name, Name: c.Name,
OrgId: c.OrgID, OrgId: c.SignedInUser.GetOrgID(),
OrgName: c.OrgName, OrgName: c.OrgName,
OrgRole: c.OrgRole, OrgRole: c.OrgRole,
OrgCount: userOrgCount, OrgCount: userOrgCount,

2
pkg/api/login.go
Unescape View File

@ -329,7 +329,7 @@ func (hs *HTTPServer) RedirectResponseWithError(c *contextmodel.ReqContext, err
func (hs *HTTPServer) redirectURLWithErrorCookie(c *contextmodel.ReqContext, err error) string { func (hs *HTTPServer) redirectURLWithErrorCookie(c *contextmodel.ReqContext, err error) string {
setCookie := true setCookie := true
if hs.Features.IsEnabled(featuremgmt.FlagIndividualCookiePreferences) { if hs.Features.IsEnabled(featuremgmt.FlagIndividualCookiePreferences) {
prefsQuery := pref.GetPreferenceWithDefaultsQuery{UserID: c.UserID, OrgID: c.OrgID, Teams: c.Teams} prefsQuery := pref.GetPreferenceWithDefaultsQuery{UserID: c.UserID, OrgID: c.SignedInUser.GetOrgID(), Teams: c.Teams}
prefs, err := hs.preferenceService.GetWithDefaults(c.Req.Context(), &prefsQuery) prefs, err := hs.preferenceService.GetWithDefaults(c.Req.Context(), &prefsQuery)
if err != nil { if err != nil {
c.Redirect(hs.Cfg.AppSubURL + "/login") c.Redirect(hs.Cfg.AppSubURL + "/login")

18
pkg/api/playlist.go
Unescape View File

@ -12,7 +12,7 @@ import (
func (hs *HTTPServer) ValidateOrgPlaylist(c *contextmodel.ReqContext) { func (hs *HTTPServer) ValidateOrgPlaylist(c *contextmodel.ReqContext) {
uid := web.Params(c.Req)[":uid"] uid := web.Params(c.Req)[":uid"]
query := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.OrgID} query := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.SignedInUser.GetOrgID()}
p, err := hs.playlistService.GetWithoutItems(c.Req.Context(), &query) p, err := hs.playlistService.GetWithoutItems(c.Req.Context(), &query)
if err != nil { if err != nil {
@ -25,7 +25,7 @@ func (hs *HTTPServer) ValidateOrgPlaylist(c *contextmodel.ReqContext) {
return return
} }
if p.OrgId != c.OrgID { if p.OrgId != c.SignedInUser.GetOrgID() {
c.JsonApiErr(403, "You are not allowed to edit/view playlist", nil) c.JsonApiErr(403, "You are not allowed to edit/view playlist", nil)
return return
} }
@ -49,7 +49,7 @@ func (hs *HTTPServer) SearchPlaylists(c *contextmodel.ReqContext) response.Respo
searchQuery := playlist.GetPlaylistsQuery{ searchQuery := playlist.GetPlaylistsQuery{
Name: query, Name: query,
Limit: limit, Limit: limit,
OrgId: c.OrgID, OrgId: c.SignedInUser.GetOrgID(),
} }
playlists, err := hs.playlistService.Search(c.Req.Context(), &searchQuery) playlists, err := hs.playlistService.Search(c.Req.Context(), &searchQuery)
@ -72,7 +72,7 @@ func (hs *HTTPServer) SearchPlaylists(c *contextmodel.ReqContext) response.Respo
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) GetPlaylist(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) GetPlaylist(c *contextmodel.ReqContext) response.Response {
uid := web.Params(c.Req)[":uid"] uid := web.Params(c.Req)[":uid"]
cmd := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.OrgID} cmd := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.SignedInUser.GetOrgID()}
dto, err := hs.playlistService.Get(c.Req.Context(), &cmd) dto, err := hs.playlistService.Get(c.Req.Context(), &cmd)
if err != nil { if err != nil {
@ -94,7 +94,7 @@ func (hs *HTTPServer) GetPlaylist(c *contextmodel.ReqContext) response.Response
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) GetPlaylistItems(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) GetPlaylistItems(c *contextmodel.ReqContext) response.Response {
uid := web.Params(c.Req)[":uid"] uid := web.Params(c.Req)[":uid"]
cmd := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.OrgID} cmd := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.SignedInUser.GetOrgID()}
dto, err := hs.playlistService.Get(c.Req.Context(), &cmd) dto, err := hs.playlistService.Get(c.Req.Context(), &cmd)
if err != nil { if err != nil {
@ -117,7 +117,7 @@ func (hs *HTTPServer) GetPlaylistItems(c *contextmodel.ReqContext) response.Resp
func (hs *HTTPServer) DeletePlaylist(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) DeletePlaylist(c *contextmodel.ReqContext) response.Response {
uid := web.Params(c.Req)[":uid"] uid := web.Params(c.Req)[":uid"]
cmd := playlist.DeletePlaylistCommand{UID: uid, OrgId: c.OrgID} cmd := playlist.DeletePlaylistCommand{UID: uid, OrgId: c.SignedInUser.GetOrgID()}
if err := hs.playlistService.Delete(c.Req.Context(), &cmd); err != nil { if err := hs.playlistService.Delete(c.Req.Context(), &cmd); err != nil {
return response.Error(500, "Failed to delete playlist", err) return response.Error(500, "Failed to delete playlist", err)
} }
@ -140,7 +140,7 @@ func (hs *HTTPServer) CreatePlaylist(c *contextmodel.ReqContext) response.Respon
if err := web.Bind(c.Req, &cmd); err != nil { if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
cmd.OrgId = c.OrgID cmd.OrgId = c.SignedInUser.GetOrgID()
p, err := hs.playlistService.Create(c.Req.Context(), &cmd) p, err := hs.playlistService.Create(c.Req.Context(), &cmd)
if err != nil { if err != nil {
@ -165,7 +165,7 @@ func (hs *HTTPServer) UpdatePlaylist(c *contextmodel.ReqContext) response.Respon
if err := web.Bind(c.Req, &cmd); err != nil { if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
cmd.OrgId = c.OrgID cmd.OrgId = c.SignedInUser.GetOrgID()
cmd.UID = web.Params(c.Req)[":uid"] cmd.UID = web.Params(c.Req)[":uid"]
_, err := hs.playlistService.Update(c.Req.Context(), &cmd) _, err := hs.playlistService.Update(c.Req.Context(), &cmd)
@ -175,7 +175,7 @@ func (hs *HTTPServer) UpdatePlaylist(c *contextmodel.ReqContext) response.Respon
dto, err := hs.playlistService.Get(c.Req.Context(), &playlist.GetPlaylistByUidQuery{ dto, err := hs.playlistService.Get(c.Req.Context(), &playlist.GetPlaylistByUidQuery{
UID: cmd.UID, UID: cmd.UID,
OrgId: c.OrgID, OrgId: c.SignedInUser.GetOrgID(),
}) })
if err != nil { if err != nil {
return response.Error(500, "Failed to load playlist", err) return response.Error(500, "Failed to load playlist", err)

2
pkg/api/plugin_dashboards.go
Unescape View File

@ -18,7 +18,7 @@ func (hs *HTTPServer) GetPluginDashboards(c *contextmodel.ReqContext) response.R
pluginID := web.Params(c.Req)[":pluginId"] pluginID := web.Params(c.Req)[":pluginId"]
listReq := &plugindashboards.ListPluginDashboardsRequest{ listReq := &plugindashboards.ListPluginDashboardsRequest{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
PluginID: pluginID, PluginID: pluginID,
} }
list, err := hs.pluginDashboardService.ListPluginDashboards(c.Req.Context(), listReq) list, err := hs.pluginDashboardService.ListPluginDashboards(c.Req.Context(), listReq)

2
pkg/api/plugin_proxy.go
Unescape View File

@ -43,7 +43,7 @@ func (hs *HTTPServer) ProxyPluginRequest(c *contextmodel.ReqContext) {
return return
} }
query := pluginsettings.GetByPluginIDArgs{OrgID: c.OrgID, PluginID: plugin.ID} query := pluginsettings.GetByPluginIDArgs{OrgID: c.SignedInUser.GetOrgID(), PluginID: plugin.ID}
ps, err := hs.PluginSettings.GetPluginSettingByPluginID(c.Req.Context(), &query) ps, err := hs.PluginSettings.GetPluginSettingByPluginID(c.Req.Context(), &query)
if err != nil { if err != nil {
c.JsonApiErr(http.StatusInternalServerError, "Failed to fetch plugin settings", err) c.JsonApiErr(http.StatusInternalServerError, "Failed to fetch plugin settings", err)

2
pkg/api/plugin_resource.go
Unescape View File

@ -27,7 +27,7 @@ func (hs *HTTPServer) CallResource(c *contextmodel.ReqContext) {
} }
func (hs *HTTPServer) callPluginResource(c *contextmodel.ReqContext, pluginID string) { func (hs *HTTPServer) callPluginResource(c *contextmodel.ReqContext, pluginID string) {
pCtx, err := hs.pluginContextProvider.Get(c.Req.Context(), pluginID, c.SignedInUser, c.OrgID) pCtx, err := hs.pluginContextProvider.Get(c.Req.Context(), pluginID, c.SignedInUser, c.SignedInUser.GetOrgID())
if err != nil { if err != nil {
if errors.Is(err, plugins.ErrPluginNotRegistered) { if errors.Is(err, plugins.ErrPluginNotRegistered) {
c.JsonApiErr(404, "Plugin not found", nil) c.JsonApiErr(404, "Plugin not found", nil)

11
pkg/api/plugins.go
Unescape View File

@ -13,10 +13,11 @@ import (
"sort" "sort"
"strings" "strings"
"github.com/grafana/grafana-plugin-sdk-go/backend"
"github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promauto" "github.com/prometheus/client_golang/prometheus/promauto"
"github.com/grafana/grafana-plugin-sdk-go/backend"
"github.com/grafana/grafana/pkg/api/dtos" "github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/api/response" "github.com/grafana/grafana/pkg/api/response"
"github.com/grafana/grafana/pkg/plugins" "github.com/grafana/grafana/pkg/plugins"
@ -64,7 +65,7 @@ func (hs *HTTPServer) GetPluginList(c *contextmodel.ReqContext) response.Respons
ac.EvalPermission(pluginaccesscontrol.ActionInstall), ac.EvalPermission(pluginaccesscontrol.ActionInstall),
)) ))
pluginSettingsMap, err := hs.pluginSettings(c.Req.Context(), c.OrgID) pluginSettingsMap, err := hs.pluginSettings(c.Req.Context(), c.SignedInUser.GetOrgID())
if err != nil { if err != nil {
return response.Error(http.StatusInternalServerError, "Failed to get list of plugins", err) return response.Error(http.StatusInternalServerError, "Failed to get list of plugins", err)
} }
@ -205,7 +206,7 @@ func (hs *HTTPServer) GetPluginSettingByID(c *contextmodel.ReqContext) response.
ps, err := hs.PluginSettings.GetPluginSettingByPluginID(c.Req.Context(), &pluginsettings.GetByPluginIDArgs{ ps, err := hs.PluginSettings.GetPluginSettingByPluginID(c.Req.Context(), &pluginsettings.GetByPluginIDArgs{
PluginID: pluginID, PluginID: pluginID,
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
}) })
if err != nil { if err != nil {
if !errors.Is(err, pluginsettings.ErrPluginSettingNotFound) { if !errors.Is(err, pluginsettings.ErrPluginSettingNotFound) {
@ -243,7 +244,7 @@ func (hs *HTTPServer) UpdatePluginSetting(c *contextmodel.ReqContext) response.R
return response.Error(404, "Plugin not installed", nil) return response.Error(404, "Plugin not installed", nil)
} }
cmd.OrgId = c.OrgID cmd.OrgId = c.SignedInUser.GetOrgID()
cmd.PluginId = pluginID cmd.PluginId = pluginID
if err := hs.PluginSettings.UpdatePluginSetting(c.Req.Context(), &pluginsettings.UpdateArgs{ if err := hs.PluginSettings.UpdatePluginSetting(c.Req.Context(), &pluginsettings.UpdateArgs{
Enabled: cmd.Enabled, Enabled: cmd.Enabled,
@ -391,7 +392,7 @@ func (hs *HTTPServer) redirectCDNPluginAsset(c *contextmodel.ReqContext, plugin
// /api/plugins/:pluginId/health // /api/plugins/:pluginId/health
func (hs *HTTPServer) CheckHealth(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) CheckHealth(c *contextmodel.ReqContext) response.Response {
pluginID := web.Params(c.Req)[":pluginId"] pluginID := web.Params(c.Req)[":pluginId"]
pCtx, err := hs.pluginContextProvider.Get(c.Req.Context(), pluginID, c.SignedInUser, c.OrgID) pCtx, err := hs.pluginContextProvider.Get(c.Req.Context(), pluginID, c.SignedInUser, c.SignedInUser.GetOrgID())
if err != nil { if err != nil {
return response.ErrOrFallback(http.StatusInternalServerError, "Failed to get plugin settings", err) return response.ErrOrFallback(http.StatusInternalServerError, "Failed to get plugin settings", err)
} }

14
pkg/api/preferences.go
Unescape View File

@ -20,7 +20,7 @@ func (hs *HTTPServer) SetHomeDashboard(c *contextmodel.ReqContext) response.Resp
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
cmd.UserID = c.UserID cmd.UserID = c.UserID
cmd.OrgID = c.OrgID cmd.OrgID = c.SignedInUser.GetOrgID()
// the default value of HomeDashboardID is taken from input, when HomeDashboardID is set also, // the default value of HomeDashboardID is taken from input, when HomeDashboardID is set also,
// UID is used in preference to identify dashboard // UID is used in preference to identify dashboard
@ -56,7 +56,7 @@ func (hs *HTTPServer) SetHomeDashboard(c *contextmodel.ReqContext) response.Resp
// 401: unauthorisedError // 401: unauthorisedError
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) GetUserPreferences(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) GetUserPreferences(c *contextmodel.ReqContext) response.Response {
return hs.getPreferencesFor(c.Req.Context(), c.OrgID, c.UserID, 0) return hs.getPreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), c.UserID, 0)
} }
func (hs *HTTPServer) getPreferencesFor(ctx context.Context, orgID, userID, teamID int64) response.Response { func (hs *HTTPServer) getPreferencesFor(ctx context.Context, orgID, userID, teamID int64) response.Response {
@ -124,7 +124,7 @@ func (hs *HTTPServer) UpdateUserPreferences(c *contextmodel.ReqContext) response
if err := web.Bind(c.Req, &dtoCmd); err != nil { if err := web.Bind(c.Req, &dtoCmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
return hs.updatePreferencesFor(c.Req.Context(), c.OrgID, c.UserID, 0, &dtoCmd) return hs.updatePreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), c.UserID, 0, &dtoCmd)
} }
func (hs *HTTPServer) updatePreferencesFor(ctx context.Context, orgID, userID, teamId int64, dtoCmd *dtos.UpdatePrefsCmd) response.Response { func (hs *HTTPServer) updatePreferencesFor(ctx context.Context, orgID, userID, teamId int64, dtoCmd *dtos.UpdatePrefsCmd) response.Response {
@ -182,7 +182,7 @@ func (hs *HTTPServer) PatchUserPreferences(c *contextmodel.ReqContext) response.
if err := web.Bind(c.Req, &dtoCmd); err != nil { if err := web.Bind(c.Req, &dtoCmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
return hs.patchPreferencesFor(c.Req.Context(), c.OrgID, c.UserID, 0, &dtoCmd) return hs.patchPreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), c.UserID, 0, &dtoCmd)
} }
func (hs *HTTPServer) patchPreferencesFor(ctx context.Context, orgID, userID, teamId int64, dtoCmd *dtos.PatchPrefsCmd) response.Response { func (hs *HTTPServer) patchPreferencesFor(ctx context.Context, orgID, userID, teamId int64, dtoCmd *dtos.PatchPrefsCmd) response.Response {
@ -238,7 +238,7 @@ func (hs *HTTPServer) patchPreferencesFor(ctx context.Context, orgID, userID, te
// 403: forbiddenError // 403: forbiddenError
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) GetOrgPreferences(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) GetOrgPreferences(c *contextmodel.ReqContext) response.Response {
return hs.getPreferencesFor(c.Req.Context(), c.OrgID, 0, 0) return hs.getPreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), 0, 0)
} }
// swagger:route PUT /org/preferences org_preferences updateOrgPreferences // swagger:route PUT /org/preferences org_preferences updateOrgPreferences
@ -257,7 +257,7 @@ func (hs *HTTPServer) UpdateOrgPreferences(c *contextmodel.ReqContext) response.
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
return hs.updatePreferencesFor(c.Req.Context(), c.OrgID, 0, 0, &dtoCmd) return hs.updatePreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), 0, 0, &dtoCmd)
} }
// swagger:route PATCH /org/preferences org_preferences patchOrgPreferences // swagger:route PATCH /org/preferences org_preferences patchOrgPreferences
@ -275,7 +275,7 @@ func (hs *HTTPServer) PatchOrgPreferences(c *contextmodel.ReqContext) response.R
if err := web.Bind(c.Req, &dtoCmd); err != nil { if err := web.Bind(c.Req, &dtoCmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
return hs.patchPreferencesFor(c.Req.Context(), c.OrgID, 0, 0, &dtoCmd) return hs.patchPreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), 0, 0, &dtoCmd)
} }
// swagger:parameters updateUserPreferences // swagger:parameters updateUserPreferences

2
pkg/api/quota.go
Unescape View File

@ -23,7 +23,7 @@ import (
// 404: notFoundError // 404: notFoundError
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) GetCurrentOrgQuotas(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) GetCurrentOrgQuotas(c *contextmodel.ReqContext) response.Response {
return hs.getOrgQuotasHelper(c, c.OrgID) return hs.getOrgQuotasHelper(c, c.SignedInUser.GetOrgID())
} }
// swagger:route GET /orgs/{org_id}/quotas orgs getOrgQuota // swagger:route GET /orgs/{org_id}/quotas orgs getOrgQuota

2
pkg/api/render.go
Unescape View File

@ -58,7 +58,7 @@ func (hs *HTTPServer) RenderToPng(c *contextmodel.ReqContext) {
Timeout: time.Duration(timeout) * time.Second, Timeout: time.Duration(timeout) * time.Second,
}, },
AuthOpts: rendering.AuthOpts{ AuthOpts: rendering.AuthOpts{
OrgID: c.OrgID, OrgID: c.SignedInUser.GetOrgID(),
UserID: c.UserID, UserID: c.UserID,
OrgRole: c.OrgRole, OrgRole: c.OrgRole,
}, },

2
pkg/api/search.go
Unescape View File

@ -76,7 +76,7 @@ func (hs *HTTPServer) Search(c *contextmodel.ReqContext) response.Response {
Limit: limit, Limit: limit,
Page: page, Page: page,
IsStarred: starred == "true", IsStarred: starred == "true",
OrgId: c.OrgID, OrgId: c.SignedInUser.GetOrgID(),
DashboardIds: dbIDs, DashboardIds: dbIDs,
DashboardUIDs: dbUIDs, DashboardUIDs: dbUIDs,
Type: dashboardType, Type: dashboardType,

2
pkg/api/short_url.go
Unescape View File

@ -26,7 +26,7 @@ func (hs *HTTPServer) createShortURL(c *contextmodel.ReqContext) response.Respon
return response.Err(err) return response.Err(err)
} }
url := fmt.Sprintf("%s/goto/%s?orgId=%d", strings.TrimSuffix(setting.AppUrl, "/"), shortURL.Uid, c.OrgID) url := fmt.Sprintf("%s/goto/%s?orgId=%d", strings.TrimSuffix(setting.AppUrl, "/"), shortURL.Uid, c.SignedInUser.GetOrgID())
c.Logger.Debug("Created short URL", "url", url) c.Logger.Debug("Created short URL", "url", url)
dto := dtos.ShortURL{ dto := dtos.ShortURL{

10
pkg/api/team_members.go
Unescape View File

@ -34,7 +34,7 @@ func (hs *HTTPServer) GetTeamMembers(c *contextmodel.ReqContext) response.Respon
return response.Error(http.StatusBadRequest, "teamId is invalid", err) return response.Error(http.StatusBadRequest, "teamId is invalid", err)
} }
query := team.GetTeamMembersQuery{OrgID: c.OrgID, TeamID: teamId, SignedInUser: c.SignedInUser} query := team.GetTeamMembersQuery{OrgID: c.SignedInUser.GetOrgID(), TeamID: teamId, SignedInUser: c.SignedInUser}
queryResult, err := hs.teamService.GetTeamMembers(c.Req.Context(), &query) queryResult, err := hs.teamService.GetTeamMembers(c.Req.Context(), &query)
if err != nil { if err != nil {
@ -77,13 +77,13 @@ func (hs *HTTPServer) AddTeamMember(c *contextmodel.ReqContext) response.Respons
if err := web.Bind(c.Req, &cmd); err != nil { if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err) return response.Error(http.StatusBadRequest, "bad request data", err)
} }
cmd.OrgID = c.OrgID cmd.OrgID = c.SignedInUser.GetOrgID()
cmd.TeamID, err = strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64) cmd.TeamID, err = strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64)
if err != nil { if err != nil {
return response.Error(http.StatusBadRequest, "teamId is invalid", err) return response.Error(http.StatusBadRequest, "teamId is invalid", err)
} }
isTeamMember, err := hs.teamService.IsTeamMember(c.OrgID, cmd.TeamID, cmd.UserID) isTeamMember, err := hs.teamService.IsTeamMember(c.SignedInUser.GetOrgID(), cmd.TeamID, cmd.UserID)
if err != nil { if err != nil {
return response.Error(500, "Failed to add team member.", err) return response.Error(500, "Failed to add team member.", err)
} }
@ -124,7 +124,7 @@ func (hs *HTTPServer) UpdateTeamMember(c *contextmodel.ReqContext) response.Resp
if err != nil { if err != nil {
return response.Error(http.StatusBadRequest, "userId is invalid", err) return response.Error(http.StatusBadRequest, "userId is invalid", err)
} }
orgId := c.OrgID orgId := c.SignedInUser.GetOrgID()
isTeamMember, err := hs.teamService.IsTeamMember(orgId, teamId, userId) isTeamMember, err := hs.teamService.IsTeamMember(orgId, teamId, userId)
if err != nil { if err != nil {
@ -162,7 +162,7 @@ func getPermissionName(permission dashboards.PermissionType) string {
// 404: notFoundError // 404: notFoundError
// 500: internalServerError // 500: internalServerError
func (hs *HTTPServer) RemoveTeamMember(c *contextmodel.ReqContext) response.Response { func (hs *HTTPServer) RemoveTeamMember(c *contextmodel.ReqContext) response.Response {
orgId := c.OrgID orgId := c.SignedInUser.GetOrgID()
teamId, err := strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64) teamId, err := strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64)
if err != nil { if err != nil {
return response.Error(http.StatusBadRequest, "teamId is invalid", err) return response.Error(http.StatusBadRequest, "teamId is invalid", err)

Write Preview
Loading…
Cancel
Save