apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Auth: Unfurl OrgID in pkg/api to allow using identity.Requester interface (#76108)

Browse Source 
Unfurl OrgID in pkg/api to allow using identity.Requester interface
pull/76113/head
Jo 2 years ago committed by GitHub
parent fb0ac351bc
commit 729dafaff9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 116 additions and 114 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 34
      pkg/api/alerting.go
  2. 28
      pkg/api/annotations.go
  3. 6
      pkg/api/dashboard_permission.go
  4. 6
      pkg/api/dashboard_snapshot.go
  5. 44
      pkg/api/datasources.go
  6. 22
      pkg/api/folder.go
  7. 8
      pkg/api/folder_permission.go
  8. 9
      pkg/api/frontendsettings.go
  9. 4
      pkg/api/index.go
  10. 2
      pkg/api/login.go
  11. 18
      pkg/api/playlist.go
  12. 2
      pkg/api/plugin_dashboards.go
  13. 2
      pkg/api/plugin_proxy.go
  14. 2
      pkg/api/plugin_resource.go
  15. 11
      pkg/api/plugins.go
  16. 14
      pkg/api/preferences.go
  17. 2
      pkg/api/quota.go
  18. 2
      pkg/api/render.go
  19. 2
      pkg/api/search.go
  20. 2
      pkg/api/short_url.go
  21. 10
      pkg/api/team_members.go

34
pkg/api/alerting.go
Unescape View File

@ -38,7 +38,7 @@ func (hs *HTTPServer) ValidateOrgAlert(c *contextmodel.ReqContext) {
return
}
if c.OrgID != res.OrgID {
if c.SignedInUser.GetOrgID() != res.OrgID {
c.JsonApiErr(403, "You are not allowed to edit/view alert", nil)
return
}
@ -61,7 +61,7 @@ func (hs *HTTPServer) GetAlertStatesForDashboard(c *contextmodel.ReqContext) res
}
query := alertmodels.GetAlertStatesForDashboardQuery{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
DashboardID: c.QueryInt64("dashboardId"),
}
@ -109,7 +109,7 @@ func (hs *HTTPServer) GetAlerts(c *contextmodel.ReqContext) response.Response {
Tags: dashboardTags,
SignedInUser: c.SignedInUser,
Limit: 1000,
OrgId: c.OrgID,
OrgId: c.SignedInUser.GetOrgID(),
DashboardIds: dashboardIDs,
Type: string(model.DashHitDB),
FolderIds: folderIDs,
@ -134,7 +134,7 @@ func (hs *HTTPServer) GetAlerts(c *contextmodel.ReqContext) response.Response {
}
query := alertmodels.GetAlertsQuery{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
DashboardIDs: dashboardIDs,
PanelID: c.QueryInt64("panelId"),
Limit: c.QueryInt64("limit"),
@ -178,7 +178,7 @@ func (hs *HTTPServer) AlertTest(c *contextmodel.ReqContext) response.Response {
return response.Error(400, "The dashboard needs to be saved at least once before you can test an alert rule", nil)
}
res, err := hs.AlertEngine.AlertTest(c.OrgID, dto.Dashboard, dto.PanelId, c.SignedInUser)
res, err := hs.AlertEngine.AlertTest(c.SignedInUser.GetOrgID(), dto.Dashboard, dto.PanelId, c.SignedInUser)
if err != nil {
var validationErr alerting.ValidationError
if errors.As(err, &validationErr) {
@ -302,7 +302,7 @@ func (hs *HTTPServer) GetAlertNotifications(c *contextmodel.ReqContext) response
}
func (hs *HTTPServer) getAlertNotificationsInternal(c *contextmodel.ReqContext) ([]*alertmodels.AlertNotification, error) {
query := &alertmodels.GetAllAlertNotificationsQuery{OrgID: c.OrgID}
query := &alertmodels.GetAllAlertNotificationsQuery{OrgID: c.SignedInUser.GetOrgID()}
return hs.AlertNotificationService.GetAllAlertNotifications(c.Req.Context(), query)
}
@ -324,7 +324,7 @@ func (hs *HTTPServer) GetAlertNotificationByID(c *contextmodel.ReqContext) respo
return response.Error(http.StatusBadRequest, "notificationId is invalid", err)
}
query := &alertmodels.GetAlertNotificationsQuery{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
ID: notificationId,
}
@ -358,7 +358,7 @@ func (hs *HTTPServer) GetAlertNotificationByID(c *contextmodel.ReqContext) respo
// 500: internalServerError
func (hs *HTTPServer) GetAlertNotificationByUID(c *contextmodel.ReqContext) response.Response {
query := &alertmodels.GetAlertNotificationsWithUidQuery{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
UID: web.Params(c.Req)[":uid"],
}
@ -395,7 +395,7 @@ func (hs *HTTPServer) CreateAlertNotification(c *contextmodel.ReqContext) respon
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
cmd.OrgID = c.OrgID
cmd.OrgID = c.SignedInUser.GetOrgID()
res, err := hs.AlertNotificationService.CreateAlertNotificationCommand(c.Req.Context(), &cmd)
if err != nil {
@ -429,7 +429,7 @@ func (hs *HTTPServer) UpdateAlertNotification(c *contextmodel.ReqContext) respon
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
cmd.OrgID = c.OrgID
cmd.OrgID = c.SignedInUser.GetOrgID()
err := hs.fillWithSecureSettingsData(c.Req.Context(), &cmd)
if err != nil {
@ -448,7 +448,7 @@ func (hs *HTTPServer) UpdateAlertNotification(c *contextmodel.ReqContext) respon
}
query := alertmodels.GetAlertNotificationsQuery{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
ID: cmd.ID,
}
@ -477,7 +477,7 @@ func (hs *HTTPServer) UpdateAlertNotificationByUID(c *contextmodel.ReqContext) r
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
cmd.OrgID = c.OrgID
cmd.OrgID = c.SignedInUser.GetOrgID()
cmd.UID = web.Params(c.Req)[":uid"]
err := hs.fillWithSecureSettingsDataByUID(c.Req.Context(), &cmd)
@ -582,7 +582,7 @@ func (hs *HTTPServer) DeleteAlertNotification(c *contextmodel.ReqContext) respon
}
cmd := alertmodels.DeleteAlertNotificationCommand{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
ID: notificationId,
}
@ -610,7 +610,7 @@ func (hs *HTTPServer) DeleteAlertNotification(c *contextmodel.ReqContext) respon
// 500: internalServerError
func (hs *HTTPServer) DeleteAlertNotificationByUID(c *contextmodel.ReqContext) response.Response {
cmd := alertmodels.DeleteAlertNotificationWithUidCommand{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
UID: web.Params(c.Req)[":uid"],
}
@ -646,7 +646,7 @@ func (hs *HTTPServer) NotificationTest(c *contextmodel.ReqContext) response.Resp
return response.Error(http.StatusBadRequest, "bad request data", err)
}
cmd := &alerting.NotificationTestCommand{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
ID: dto.ID,
Name: dto.Name,
Type: dto.Type,
@ -704,7 +704,7 @@ func (hs *HTTPServer) PauseAlert(legacyAlertingEnabled *bool) func(c *contextmod
return response.Error(500, "Get Alert failed", err)
}
guardian, err := guardian.New(c.Req.Context(), res.DashboardID, c.OrgID, c.SignedInUser)
guardian, err := guardian.New(c.Req.Context(), res.DashboardID, c.SignedInUser.GetOrgID(), c.SignedInUser)
if err != nil {
return response.ErrOrFallback(http.StatusInternalServerError, "Error while creating permission guardian", err)
}
@ -728,7 +728,7 @@ func (hs *HTTPServer) PauseAlert(legacyAlertingEnabled *bool) func(c *contextmod
}
cmd := alertmodels.PauseAlertCommand{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
AlertIDs: []int64{alertID},
Paused: dto.Paused,
}

28
pkg/api/annotations.go
Unescape View File

@ -33,7 +33,7 @@ func (hs *HTTPServer) GetAnnotations(c *contextmodel.ReqContext) response.Respon
query := &annotations.ItemQuery{
From: c.QueryInt64("from"),
To: c.QueryInt64("to"),
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
UserID: c.QueryInt64("userId"),
AlertID: c.QueryInt64("alertId"),
DashboardID: c.QueryInt64("dashboardId"),
@ -48,7 +48,7 @@ func (hs *HTTPServer) GetAnnotations(c *contextmodel.ReqContext) response.Respon
// When dashboard UID present in the request, we ignore dashboard ID
if query.DashboardUID != "" {
dq := dashboards.GetDashboardQuery{UID: query.DashboardUID, OrgID: c.OrgID}
dq := dashboards.GetDashboardQuery{UID: query.DashboardUID, OrgID: c.SignedInUser.GetOrgID()}
dqResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &dq)
if err != nil {
return response.Error(http.StatusBadRequest, "Invalid dashboard UID in annotation request", err)
@ -73,7 +73,7 @@ func (hs *HTTPServer) GetAnnotations(c *contextmodel.ReqContext) response.Respon
if val, ok := dashboardCache[item.DashboardID]; ok {
item.DashboardUID = val
} else {
query := dashboards.GetDashboardQuery{ID: item.DashboardID, OrgID: c.OrgID}
query := dashboards.GetDashboardQuery{ID: item.DashboardID, OrgID: c.SignedInUser.GetOrgID()}
queryResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &query)
if err == nil && queryResult != nil {
item.DashboardUID = &queryResult.UID
@ -116,7 +116,7 @@ func (hs *HTTPServer) PostAnnotation(c *contextmodel.ReqContext) response.Respon
// overwrite dashboardId when dashboardUID is not empty
if cmd.DashboardUID != "" {
query := dashboards.GetDashboardQuery{OrgID: c.OrgID, UID: cmd.DashboardUID}
query := dashboards.GetDashboardQuery{OrgID: c.SignedInUser.GetOrgID(), UID: cmd.DashboardUID}
queryResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &query)
if err == nil {
cmd.DashboardId = queryResult.ID
@ -133,7 +133,7 @@ func (hs *HTTPServer) PostAnnotation(c *contextmodel.ReqContext) response.Respon
}
item := annotations.Item{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
UserID: c.UserID,
DashboardID: cmd.DashboardId,
PanelID: cmd.PanelId,
@ -215,7 +215,7 @@ func (hs *HTTPServer) PostGraphiteAnnotation(c *contextmodel.ReqContext) respons
}
item := annotations.Item{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
UserID: c.UserID,
Epoch: cmd.When * 1000,
Text: text,
@ -265,7 +265,7 @@ func (hs *HTTPServer) UpdateAnnotation(c *contextmodel.ReqContext) response.Resp
}
item := annotations.Item{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
UserID: c.UserID,
ID: annotationID,
Epoch: cmd.Time,
@ -320,7 +320,7 @@ func (hs *HTTPServer) PatchAnnotation(c *contextmodel.ReqContext) response.Respo
}
existing := annotations.Item{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
UserID: c.UserID,
ID: annotationID,
Epoch: annotation.Time,
@ -373,7 +373,7 @@ func (hs *HTTPServer) MassDeleteAnnotations(c *contextmodel.ReqContext) response
}
if cmd.DashboardUID != "" {
query := dashboards.GetDashboardQuery{OrgID: c.OrgID, UID: cmd.DashboardUID}
query := dashboards.GetDashboardQuery{OrgID: c.SignedInUser.GetOrgID(), UID: cmd.DashboardUID}
queryResult, err := hs.DashboardService.GetDashboard(c.Req.Context(), &query)
if err == nil {
cmd.DashboardId = queryResult.ID
@ -398,13 +398,13 @@ func (hs *HTTPServer) MassDeleteAnnotations(c *contextmodel.ReqContext) response
}
dashboardId = annotation.DashboardID
deleteParams = &annotations.DeleteParams{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
ID: cmd.AnnotationId,
}
} else {
dashboardId = cmd.DashboardId
deleteParams = &annotations.DeleteParams{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
DashboardID: cmd.DashboardId,
PanelID: cmd.PanelId,
}
@ -477,7 +477,7 @@ func (hs *HTTPServer) DeleteAnnotationByID(c *contextmodel.ReqContext) response.
}
err = hs.annotationsRepo.Delete(c.Req.Context(), &annotations.DeleteParams{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
ID: annotationID,
})
if err != nil {
@ -496,7 +496,7 @@ func (hs *HTTPServer) canSaveAnnotation(c *contextmodel.ReqContext, annotation *
}
func canEditDashboard(c *contextmodel.ReqContext, dashboardID int64) (bool, error) {
guard, err := guardian.New(c.Req.Context(), dashboardID, c.OrgID, c.SignedInUser)
guard, err := guardian.New(c.Req.Context(), dashboardID, c.SignedInUser.GetOrgID(), c.SignedInUser)
if err != nil {
return false, err
}
@ -539,7 +539,7 @@ func findAnnotationByID(ctx context.Context, repo annotations.Repository, annota
// 500: internalServerError
func (hs *HTTPServer) GetAnnotationTags(c *contextmodel.ReqContext) response.Response {
query := &annotations.TagsQuery{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
Tag: c.Query("tag"),
Limit: c.QueryInt64("limit"),
}

6
pkg/api/dashboard_permission.go
Unescape View File

@ -52,7 +52,7 @@ func (hs *HTTPServer) GetDashboardPermissionList(c *contextmodel.ReqContext) res
}
}
dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.OrgID, dashID, dashUID)
dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.SignedInUser.GetOrgID(), dashID, dashUID)
if rsp != nil {
return rsp
}
@ -133,7 +133,7 @@ func (hs *HTTPServer) UpdateDashboardPermissions(c *contextmodel.ReqContext) res
}
}
dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.OrgID, dashID, dashUID)
dash, rsp := hs.getDashboardHelper(c.Req.Context(), c.SignedInUser.GetOrgID(), dashID, dashUID)
if rsp != nil {
return rsp
}
@ -141,7 +141,7 @@ func (hs *HTTPServer) UpdateDashboardPermissions(c *contextmodel.ReqContext) res
items := make([]*dashboards.DashboardACL, 0, len(apiCmd.Items))
for _, item := range apiCmd.Items {
items = append(items, &dashboards.DashboardACL{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
DashboardID: dashID,
UserID: item.UserID,
TeamID: item.TeamID,

6
pkg/api/dashboard_snapshot.go
Unescape View File

@ -121,7 +121,7 @@ func (hs *HTTPServer) CreateDashboardSnapshot(c *contextmodel.ReqContext) respon
var snapshotUrl string
cmd.ExternalURL = ""
cmd.OrgID = c.OrgID
cmd.OrgID = c.SignedInUser.GetOrgID()
cmd.UserID = c.UserID
originalDashboardURL, err := createOriginalDashboardURL(&cmd)
if err != nil {
@ -364,7 +364,7 @@ func (hs *HTTPServer) DeleteDashboardSnapshot(c *contextmodel.ReqContext) respon
dashboardID := queryResult.Dashboard.Get("id").MustInt64()
if dashboardID != 0 {
g, err := guardian.New(c.Req.Context(), dashboardID, c.OrgID, c.SignedInUser)
g, err := guardian.New(c.Req.Context(), dashboardID, c.SignedInUser.GetOrgID(), c.SignedInUser)
if err != nil {
if !errors.Is(err, dashboards.ErrDashboardNotFound) {
return response.Err(err)
@ -417,7 +417,7 @@ func (hs *HTTPServer) SearchDashboardSnapshots(c *contextmodel.ReqContext) respo
searchQuery := dashboardsnapshots.GetDashboardSnapshotsQuery{
Name: query,
Limit: limit,
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
SignedInUser: c.SignedInUser,
}

44
pkg/api/datasources.go
Unescape View File

@ -40,7 +40,7 @@ var secretsPluginError datasources.ErrDatasourceSecretsPluginUserFriendly
// 403: forbiddenError
// 500: internalServerError
func (hs *HTTPServer) GetDataSources(c *contextmodel.ReqContext) response.Response {
query := datasources.GetDataSourcesQuery{OrgID: c.OrgID, DataSourceLimit: hs.Cfg.DataSourceLimit}
query := datasources.GetDataSourcesQuery{OrgID: c.SignedInUser.GetOrgID(), DataSourceLimit: hs.Cfg.DataSourceLimit}
dataSources, err := hs.DataSourcesService.GetDataSources(c.Req.Context(), &query)
if err != nil {
@ -112,7 +112,7 @@ func (hs *HTTPServer) GetDataSourceById(c *contextmodel.ReqContext) response.Res
}
query := datasources.GetDataSourceQuery{
ID: id,
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
}
dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query)
@ -129,7 +129,7 @@ func (hs *HTTPServer) GetDataSourceById(c *contextmodel.ReqContext) response.Res
dto := hs.convertModelToDtos(c.Req.Context(), dataSource)
// Add accesscontrol metadata
dto.AccessControl = hs.getAccessControlMetadata(c, c.OrgID, datasources.ScopePrefix, dto.UID)
dto.AccessControl = hs.getAccessControlMetadata(c, c.SignedInUser.GetOrgID(), datasources.ScopePrefix, dto.UID)
return response.JSON(http.StatusOK, &dto)
}
@ -161,7 +161,7 @@ func (hs *HTTPServer) DeleteDataSourceById(c *contextmodel.ReqContext) response.
return response.Error(400, "Missing valid datasource id", nil)
}
ds, err := hs.getRawDataSourceById(c.Req.Context(), id, c.OrgID)
ds, err := hs.getRawDataSourceById(c.Req.Context(), id, c.SignedInUser.GetOrgID())
if err != nil {
if errors.Is(err, datasources.ErrDataSourceNotFound) {
return response.Error(404, "Data source not found", nil)
@ -173,7 +173,7 @@ func (hs *HTTPServer) DeleteDataSourceById(c *contextmodel.ReqContext) response.
return response.Error(403, "Cannot delete read-only data source", nil)
}
cmd := &datasources.DeleteDataSourceCommand{ID: id, OrgID: c.OrgID, Name: ds.Name}
cmd := &datasources.DeleteDataSourceCommand{ID: id, OrgID: c.SignedInUser.GetOrgID(), Name: ds.Name}
err = hs.DataSourcesService.DeleteDataSource(c.Req.Context(), cmd)
if err != nil {
@ -183,7 +183,7 @@ func (hs *HTTPServer) DeleteDataSourceById(c *contextmodel.ReqContext) response.
return response.Error(500, "Failed to delete datasource", err)
}
hs.Live.HandleDatasourceDelete(c.OrgID, ds.UID)
hs.Live.HandleDatasourceDelete(c.SignedInUser.GetOrgID(), ds.UID)
return response.Success("Data source deleted")
}
@ -203,7 +203,7 @@ func (hs *HTTPServer) DeleteDataSourceById(c *contextmodel.ReqContext) response.
// 404: notFoundError
// 500: internalServerError
func (hs *HTTPServer) GetDataSourceByUID(c *contextmodel.ReqContext) response.Response {
ds, err := hs.getRawDataSourceByUID(c.Req.Context(), web.Params(c.Req)[":uid"], c.OrgID)
ds, err := hs.getRawDataSourceByUID(c.Req.Context(), web.Params(c.Req)[":uid"], c.SignedInUser.GetOrgID())
if err != nil {
if errors.Is(err, datasources.ErrDataSourceNotFound) {
@ -215,7 +215,7 @@ func (hs *HTTPServer) GetDataSourceByUID(c *contextmodel.ReqContext) response.Re
dto := hs.convertModelToDtos(c.Req.Context(), ds)
// Add accesscontrol metadata
dto.AccessControl = hs.getAccessControlMetadata(c, c.OrgID, datasources.ScopePrefix, dto.UID)
dto.AccessControl = hs.getAccessControlMetadata(c, c.SignedInUser.GetOrgID(), datasources.ScopePrefix, dto.UID)
return response.JSON(http.StatusOK, &dto)
}
@ -240,7 +240,7 @@ func (hs *HTTPServer) DeleteDataSourceByUID(c *contextmodel.ReqContext) response
return response.Error(400, "Missing datasource uid", nil)
}
ds, err := hs.getRawDataSourceByUID(c.Req.Context(), uid, c.OrgID)
ds, err := hs.getRawDataSourceByUID(c.Req.Context(), uid, c.SignedInUser.GetOrgID())
if err != nil {
if errors.Is(err, datasources.ErrDataSourceNotFound) {
return response.Error(404, "Data source not found", nil)
@ -252,7 +252,7 @@ func (hs *HTTPServer) DeleteDataSourceByUID(c *contextmodel.ReqContext) response
return response.Error(403, "Cannot delete read-only data source", nil)
}
cmd := &datasources.DeleteDataSourceCommand{UID: uid, OrgID: c.OrgID, Name: ds.Name}
cmd := &datasources.DeleteDataSourceCommand{UID: uid, OrgID: c.SignedInUser.GetOrgID(), Name: ds.Name}
err = hs.DataSourcesService.DeleteDataSource(c.Req.Context(), cmd)
if err != nil {
@ -262,7 +262,7 @@ func (hs *HTTPServer) DeleteDataSourceByUID(c *contextmodel.ReqContext) response
return response.Error(500, "Failed to delete datasource", err)
}
hs.Live.HandleDatasourceDelete(c.OrgID, ds.UID)
hs.Live.HandleDatasourceDelete(c.SignedInUser.GetOrgID(), ds.UID)
return response.JSON(http.StatusOK, util.DynMap{
"message": "Data source deleted",
@ -290,7 +290,7 @@ func (hs *HTTPServer) DeleteDataSourceByName(c *contextmodel.ReqContext) respons
return response.Error(400, "Missing valid datasource name", nil)
}
getCmd := &datasources.GetDataSourceQuery{Name: name, OrgID: c.OrgID}
getCmd := &datasources.GetDataSourceQuery{Name: name, OrgID: c.SignedInUser.GetOrgID()}
dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), getCmd)
if err != nil {
if errors.Is(err, datasources.ErrDataSourceNotFound) {
@ -303,7 +303,7 @@ func (hs *HTTPServer) DeleteDataSourceByName(c *contextmodel.ReqContext) respons
return response.Error(403, "Cannot delete read-only data source", nil)
}
cmd := &datasources.DeleteDataSourceCommand{Name: name, OrgID: c.OrgID}
cmd := &datasources.DeleteDataSourceCommand{Name: name, OrgID: c.SignedInUser.GetOrgID()}
err = hs.DataSourcesService.DeleteDataSource(c.Req.Context(), cmd)
if err != nil {
if errors.As(err, &secretsPluginError) {
@ -312,7 +312,7 @@ func (hs *HTTPServer) DeleteDataSourceByName(c *contextmodel.ReqContext) respons
return response.Error(500, "Failed to delete datasource", err)
}
hs.Live.HandleDatasourceDelete(c.OrgID, dataSource.UID)
hs.Live.HandleDatasourceDelete(c.SignedInUser.GetOrgID(), dataSource.UID)
return response.JSON(http.StatusOK, util.DynMap{
"message": "Data source deleted",
@ -373,7 +373,7 @@ func (hs *HTTPServer) AddDataSource(c *contextmodel.ReqContext) response.Respons
}
datasourcesLogger.Debug("Received command to add data source", "url", cmd.URL)
cmd.OrgID = c.OrgID
cmd.OrgID = c.SignedInUser.GetOrgID()
cmd.UserID = c.UserID
if cmd.URL != "" {
if resp := validateURL(cmd.Type, cmd.URL); resp != nil {
@ -437,7 +437,7 @@ func (hs *HTTPServer) UpdateDataSourceByID(c *contextmodel.ReqContext) response.
return response.Error(http.StatusBadRequest, "bad request data", err)
}
datasourcesLogger.Debug("Received command to update data source", "url", cmd.URL)
cmd.OrgID = c.OrgID
cmd.OrgID = c.SignedInUser.GetOrgID()
var err error
if cmd.ID, err = strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64); err != nil {
return response.Error(http.StatusBadRequest, "id is invalid", err)
@ -481,7 +481,7 @@ func (hs *HTTPServer) UpdateDataSourceByUID(c *contextmodel.ReqContext) response
return response.Error(http.StatusBadRequest, "bad request data", err)
}
datasourcesLogger.Debug("Received command to update data source", "url", cmd.URL)
cmd.OrgID = c.OrgID
cmd.OrgID = c.SignedInUser.GetOrgID()
if resp := validateURL(cmd.Type, cmd.URL); resp != nil {
return resp
}
@ -489,7 +489,7 @@ func (hs *HTTPServer) UpdateDataSourceByUID(c *contextmodel.ReqContext) response
return response.Error(http.StatusBadRequest, "Failed to update datasource", err)
}
ds, err := hs.getRawDataSourceByUID(c.Req.Context(), web.Params(c.Req)[":uid"], c.OrgID)
ds, err := hs.getRawDataSourceByUID(c.Req.Context(), web.Params(c.Req)[":uid"], c.SignedInUser.GetOrgID())
if err != nil {
if errors.Is(err, datasources.ErrDataSourceNotFound) {
return response.Error(http.StatusNotFound, "Data source not found", nil)
@ -524,7 +524,7 @@ func (hs *HTTPServer) updateDataSourceByID(c *contextmodel.ReqContext, ds *datas
query := datasources.GetDataSourceQuery{
ID: cmd.ID,
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
}
dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query)
@ -537,7 +537,7 @@ func (hs *HTTPServer) updateDataSourceByID(c *contextmodel.ReqContext, ds *datas
datasourceDTO := hs.convertModelToDtos(c.Req.Context(), dataSource)
hs.Live.HandleDatasourceUpdate(c.OrgID, datasourceDTO.UID)
hs.Live.HandleDatasourceUpdate(c.SignedInUser.GetOrgID(), datasourceDTO.UID)
return response.JSON(http.StatusOK, util.DynMap{
"message": "Datasource updated",
@ -588,7 +588,7 @@ func (hs *HTTPServer) getRawDataSourceByUID(ctx context.Context, uid string, org
// 403: forbiddenError
// 500: internalServerError
func (hs *HTTPServer) GetDataSourceByName(c *contextmodel.ReqContext) response.Response {
query := datasources.GetDataSourceQuery{Name: web.Params(c.Req)[":name"], OrgID: c.OrgID}
query := datasources.GetDataSourceQuery{Name: web.Params(c.Req)[":name"], OrgID: c.SignedInUser.GetOrgID()}
dataSource, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query)
if err != nil {
@ -616,7 +616,7 @@ func (hs *HTTPServer) GetDataSourceByName(c *contextmodel.ReqContext) response.R
// 404: notFoundError
// 500: internalServerError
func (hs *HTTPServer) GetDataSourceIdByName(c *contextmodel.ReqContext) response.Response {
query := datasources.GetDataSourceQuery{Name: web.Params(c.Req)[":name"], OrgID: c.OrgID}
query := datasources.GetDataSourceQuery{Name: web.Params(c.Req)[":name"], OrgID: c.SignedInUser.GetOrgID()}
ds, err := hs.DataSourcesService.GetDataSource(c.Req.Context(), &query)
if err != nil {

22
pkg/api/folder.go
Unescape View File

@ -45,7 +45,7 @@ func (hs *HTTPServer) GetFolders(c *contextmodel.ReqContext) response.Response {
var err error
if hs.Features.IsEnabled(featuremgmt.FlagNestedFolders) {
folders, err = hs.folderService.GetChildren(c.Req.Context(), &folder.GetChildrenQuery{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
Limit: c.QueryInt64("limit"),
Page: c.QueryInt64("page"),
UID: c.Query("parentUid"),
@ -84,7 +84,7 @@ func (hs *HTTPServer) GetFolders(c *contextmodel.ReqContext) response.Response {
// 500: internalServerError
func (hs *HTTPServer) GetFolderByUID(c *contextmodel.ReqContext) response.Response {
uid := web.Params(c.Req)[":uid"]
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: &uid, SignedInUser: c.SignedInUser})
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
if err != nil {
return apierrors.ToFolderErrorResponse(err)
}
@ -117,7 +117,7 @@ func (hs *HTTPServer) GetFolderByID(c *contextmodel.ReqContext) response.Respons
if err != nil {
return response.Error(http.StatusBadRequest, "id is invalid", err)
}
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{ID: &id, OrgID: c.OrgID, SignedInUser: c.SignedInUser})
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{ID: &id, OrgID: c.SignedInUser.GetOrgID(), SignedInUser: c.SignedInUser})
if err != nil {
return apierrors.ToFolderErrorResponse(err)
}
@ -147,7 +147,7 @@ func (hs *HTTPServer) CreateFolder(c *contextmodel.ReqContext) response.Response
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
cmd.OrgID = c.OrgID
cmd.OrgID = c.SignedInUser.GetOrgID()
cmd.SignedInUser = c.SignedInUser
folder, err := hs.folderService.Create(c.Req.Context(), &cmd)
@ -210,7 +210,7 @@ func (hs *HTTPServer) MoveFolder(c *contextmodel.ReqContext) response.Response {
}
var err error
cmd.OrgID = c.OrgID
cmd.OrgID = c.SignedInUser.GetOrgID()
cmd.UID = web.Params(c.Req)[":uid"]
cmd.SignedInUser = c.SignedInUser
theFolder, err := hs.folderService.Move(c.Req.Context(), &cmd)
@ -247,7 +247,7 @@ func (hs *HTTPServer) UpdateFolder(c *contextmodel.ReqContext) response.Response
return response.Error(http.StatusBadRequest, "bad request data", err)
}
cmd.OrgID = c.OrgID
cmd.OrgID = c.SignedInUser.GetOrgID()
cmd.UID = web.Params(c.Req)[":uid"]
cmd.SignedInUser = c.SignedInUser
result, err := hs.folderService.Update(c.Req.Context(), &cmd)
@ -292,7 +292,7 @@ func (hs *HTTPServer) DeleteFolder(c *contextmodel.ReqContext) response.Response
*/
uid := web.Params(c.Req)[":uid"]
err = hs.folderService.Delete(c.Req.Context(), &folder.DeleteFolderCommand{UID: uid, OrgID: c.OrgID, ForceDeleteRules: c.QueryBool("forceDeleteRules"), SignedInUser: c.SignedInUser})
err = hs.folderService.Delete(c.Req.Context(), &folder.DeleteFolderCommand{UID: uid, OrgID: c.SignedInUser.GetOrgID(), ForceDeleteRules: c.QueryBool("forceDeleteRules"), SignedInUser: c.SignedInUser})
if err != nil {
return apierrors.ToFolderErrorResponse(err)
}
@ -314,7 +314,7 @@ func (hs *HTTPServer) DeleteFolder(c *contextmodel.ReqContext) response.Response
// 500: internalServerError
func (hs *HTTPServer) GetFolderDescendantCounts(c *contextmodel.ReqContext) response.Response {
uid := web.Params(c.Req)[":uid"]
counts, err := hs.folderService.GetDescendantCounts(c.Req.Context(), &folder.GetDescendantCountsQuery{OrgID: c.OrgID, UID: &uid, SignedInUser: c.SignedInUser})
counts, err := hs.folderService.GetDescendantCounts(c.Req.Context(), &folder.GetDescendantCountsQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
if err != nil {
return apierrors.ToFolderErrorResponse(err)
}
@ -324,7 +324,7 @@ func (hs *HTTPServer) GetFolderDescendantCounts(c *contextmodel.ReqContext) resp
func (hs *HTTPServer) newToFolderDto(c *contextmodel.ReqContext, f *folder.Folder) (dtos.Folder, error) {
ctx := c.Req.Context()
toDTO := func(f *folder.Folder, checkCanView bool) (dtos.Folder, error) {
g, err := guardian.NewByFolder(c.Req.Context(), f, c.OrgID, c.SignedInUser)
g, err := guardian.NewByFolder(c.Req.Context(), f, c.SignedInUser.GetOrgID(), c.SignedInUser)
if err != nil {
return dtos.Folder{}, err
}
@ -409,7 +409,7 @@ func (hs *HTTPServer) getFolderACMetadata(c *contextmodel.ReqContext, f *folder.
return nil, nil
}
parents, err := hs.folderService.GetParents(c.Req.Context(), folder.GetParentsQuery{UID: f.UID, OrgID: c.OrgID})
parents, err := hs.folderService.GetParents(c.Req.Context(), folder.GetParentsQuery{UID: f.UID, OrgID: c.SignedInUser.GetOrgID()})
if err != nil {
return nil, err
}
@ -437,7 +437,7 @@ func (hs *HTTPServer) searchFolders(c *contextmodel.ReqContext) ([]*folder.Folde
DashboardIds: make([]int64, 0),
FolderIds: make([]int64, 0),
Limit: c.QueryInt64("limit"),
OrgId: c.OrgID,
OrgId: c.SignedInUser.GetOrgID(),
Type: "dash-folder",
Permission: dashboards.PERMISSION_VIEW,
Page: c.QueryInt64("page"),

8
pkg/api/folder_permission.go
Unescape View File

@ -28,7 +28,7 @@ import (
// 500: internalServerError
func (hs *HTTPServer) GetFolderPermissionList(c *contextmodel.ReqContext) response.Response {
uid := web.Params(c.Req)[":uid"]
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: &uid, SignedInUser: c.SignedInUser})
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
if err != nil {
return apierrors.ToFolderErrorResponse(err)
@ -84,7 +84,7 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *contextmodel.ReqContext) respon
}
uid := web.Params(c.Req)[":uid"]
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.OrgID, UID: &uid, SignedInUser: c.SignedInUser})
folder, err := hs.folderService.Get(c.Req.Context(), &folder.GetFolderQuery{OrgID: c.SignedInUser.GetOrgID(), UID: &uid, SignedInUser: c.SignedInUser})
if err != nil {
return apierrors.ToFolderErrorResponse(err)
}
@ -92,7 +92,7 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *contextmodel.ReqContext) respon
items := make([]*dashboards.DashboardACL, 0, len(apiCmd.Items))
for _, item := range apiCmd.Items {
items = append(items, &dashboards.DashboardACL{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
DashboardID: folder.ID,
UserID: item.UserID,
TeamID: item.TeamID,
@ -110,7 +110,7 @@ func (hs *HTTPServer) UpdateFolderPermissions(c *contextmodel.ReqContext) respon
items = append(items, hs.filterHiddenACL(c.SignedInUser, acl)...)
if err := hs.updateDashboardAccessControl(c.Req.Context(), c.OrgID, folder.UID, true, items, acl); err != nil {
if err := hs.updateDashboardAccessControl(c.Req.Context(), c.SignedInUser.GetOrgID(), folder.UID, true, items, acl); err != nil {
return response.Error(http.StatusInternalServerError, "Failed to create permission", err)
}

9
pkg/api/frontendsettings.go
Unescape View File

@ -6,6 +6,8 @@ import (
"net/http"
"strings"
"golang.org/x/exp/slices"
"github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/plugins"
"github.com/grafana/grafana/pkg/services/accesscontrol"
@ -19,7 +21,6 @@ import (
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/tsdb/grafanads"
"github.com/grafana/grafana/pkg/util"
"golang.org/x/exp/slices"
)
func (hs *HTTPServer) GetFrontendSettings(c *contextmodel.ReqContext) {
@ -34,7 +35,7 @@ func (hs *HTTPServer) GetFrontendSettings(c *contextmodel.ReqContext) {
// getFrontendSettings returns a json object with all the settings needed for front end initialisation.
func (hs *HTTPServer) getFrontendSettings(c *contextmodel.ReqContext) (*dtos.FrontendSettingsDTO, error) {
availablePlugins, err := hs.availablePlugins(c.Req.Context(), c.OrgID)
availablePlugins, err := hs.availablePlugins(c.Req.Context(), c.SignedInUser.GetOrgID())
if err != nil {
return nil, err
}
@ -279,8 +280,8 @@ func isSupportBundlesEnabled(hs *HTTPServer) bool {
func (hs *HTTPServer) getFSDataSources(c *contextmodel.ReqContext, availablePlugins AvailablePlugins) (map[string]plugins.DataSourceDTO, error) {
orgDataSources := make([]*datasources.DataSource, 0)
if c.OrgID != 0 {
query := datasources.GetDataSourcesQuery{OrgID: c.OrgID, DataSourceLimit: hs.Cfg.DataSourceLimit}
if c.SignedInUser.GetOrgID() != 0 {
query := datasources.GetDataSourcesQuery{OrgID: c.SignedInUser.GetOrgID(), DataSourceLimit: hs.Cfg.DataSourceLimit}
dataSources, err := hs.DataSourcesService.GetDataSources(c.Req.Context(), &query)
if err != nil {
return nil, err

4
pkg/api/index.go
Unescape View File

@ -29,7 +29,7 @@ func (hs *HTTPServer) setIndexViewData(c *contextmodel.ReqContext) (*dtos.IndexV
return nil, err
}
prefsQuery := pref.GetPreferenceWithDefaultsQuery{UserID: c.UserID, OrgID: c.OrgID, Teams: c.Teams}
prefsQuery := pref.GetPreferenceWithDefaultsQuery{UserID: c.UserID, OrgID: c.SignedInUser.GetOrgID(), Teams: c.Teams}
prefs, err := hs.preferenceService.GetWithDefaults(c.Req.Context(), &prefsQuery)
if err != nil {
return nil, err
@ -99,7 +99,7 @@ func (hs *HTTPServer) setIndexViewData(c *contextmodel.ReqContext) (*dtos.IndexV
Login: c.Login,
Email: c.Email,
Name: c.Name,
OrgId: c.OrgID,
OrgId: c.SignedInUser.GetOrgID(),
OrgName: c.OrgName,
OrgRole: c.OrgRole,
OrgCount: userOrgCount,

2
pkg/api/login.go
Unescape View File

@ -329,7 +329,7 @@ func (hs *HTTPServer) RedirectResponseWithError(c *contextmodel.ReqContext, err
func (hs *HTTPServer) redirectURLWithErrorCookie(c *contextmodel.ReqContext, err error) string {
setCookie := true
if hs.Features.IsEnabled(featuremgmt.FlagIndividualCookiePreferences) {
prefsQuery := pref.GetPreferenceWithDefaultsQuery{UserID: c.UserID, OrgID: c.OrgID, Teams: c.Teams}
prefsQuery := pref.GetPreferenceWithDefaultsQuery{UserID: c.UserID, OrgID: c.SignedInUser.GetOrgID(), Teams: c.Teams}
prefs, err := hs.preferenceService.GetWithDefaults(c.Req.Context(), &prefsQuery)
if err != nil {
c.Redirect(hs.Cfg.AppSubURL + "/login")

18
pkg/api/playlist.go
Unescape View File

@ -12,7 +12,7 @@ import (
func (hs *HTTPServer) ValidateOrgPlaylist(c *contextmodel.ReqContext) {
uid := web.Params(c.Req)[":uid"]
query := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.OrgID}
query := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.SignedInUser.GetOrgID()}
p, err := hs.playlistService.GetWithoutItems(c.Req.Context(), &query)
if err != nil {
@ -25,7 +25,7 @@ func (hs *HTTPServer) ValidateOrgPlaylist(c *contextmodel.ReqContext) {
return
}
if p.OrgId != c.OrgID {
if p.OrgId != c.SignedInUser.GetOrgID() {
c.JsonApiErr(403, "You are not allowed to edit/view playlist", nil)
return
}
@ -49,7 +49,7 @@ func (hs *HTTPServer) SearchPlaylists(c *contextmodel.ReqContext) response.Respo
searchQuery := playlist.GetPlaylistsQuery{
Name: query,
Limit: limit,
OrgId: c.OrgID,
OrgId: c.SignedInUser.GetOrgID(),
}
playlists, err := hs.playlistService.Search(c.Req.Context(), &searchQuery)
@ -72,7 +72,7 @@ func (hs *HTTPServer) SearchPlaylists(c *contextmodel.ReqContext) response.Respo
// 500: internalServerError
func (hs *HTTPServer) GetPlaylist(c *contextmodel.ReqContext) response.Response {
uid := web.Params(c.Req)[":uid"]
cmd := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.OrgID}
cmd := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.SignedInUser.GetOrgID()}
dto, err := hs.playlistService.Get(c.Req.Context(), &cmd)
if err != nil {
@ -94,7 +94,7 @@ func (hs *HTTPServer) GetPlaylist(c *contextmodel.ReqContext) response.Response
// 500: internalServerError
func (hs *HTTPServer) GetPlaylistItems(c *contextmodel.ReqContext) response.Response {
uid := web.Params(c.Req)[":uid"]
cmd := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.OrgID}
cmd := playlist.GetPlaylistByUidQuery{UID: uid, OrgId: c.SignedInUser.GetOrgID()}
dto, err := hs.playlistService.Get(c.Req.Context(), &cmd)
if err != nil {
@ -117,7 +117,7 @@ func (hs *HTTPServer) GetPlaylistItems(c *contextmodel.ReqContext) response.Resp
func (hs *HTTPServer) DeletePlaylist(c *contextmodel.ReqContext) response.Response {
uid := web.Params(c.Req)[":uid"]
cmd := playlist.DeletePlaylistCommand{UID: uid, OrgId: c.OrgID}
cmd := playlist.DeletePlaylistCommand{UID: uid, OrgId: c.SignedInUser.GetOrgID()}
if err := hs.playlistService.Delete(c.Req.Context(), &cmd); err != nil {
return response.Error(500, "Failed to delete playlist", err)
}
@ -140,7 +140,7 @@ func (hs *HTTPServer) CreatePlaylist(c *contextmodel.ReqContext) response.Respon
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
cmd.OrgId = c.OrgID
cmd.OrgId = c.SignedInUser.GetOrgID()
p, err := hs.playlistService.Create(c.Req.Context(), &cmd)
if err != nil {
@ -165,7 +165,7 @@ func (hs *HTTPServer) UpdatePlaylist(c *contextmodel.ReqContext) response.Respon
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
cmd.OrgId = c.OrgID
cmd.OrgId = c.SignedInUser.GetOrgID()
cmd.UID = web.Params(c.Req)[":uid"]
_, err := hs.playlistService.Update(c.Req.Context(), &cmd)
@ -175,7 +175,7 @@ func (hs *HTTPServer) UpdatePlaylist(c *contextmodel.ReqContext) response.Respon
dto, err := hs.playlistService.Get(c.Req.Context(), &playlist.GetPlaylistByUidQuery{
UID: cmd.UID,
OrgId: c.OrgID,
OrgId: c.SignedInUser.GetOrgID(),
})
if err != nil {
return response.Error(500, "Failed to load playlist", err)

2
pkg/api/plugin_dashboards.go
Unescape View File

@ -18,7 +18,7 @@ func (hs *HTTPServer) GetPluginDashboards(c *contextmodel.ReqContext) response.R
pluginID := web.Params(c.Req)[":pluginId"]
listReq := &plugindashboards.ListPluginDashboardsRequest{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
PluginID: pluginID,
}
list, err := hs.pluginDashboardService.ListPluginDashboards(c.Req.Context(), listReq)

2
pkg/api/plugin_proxy.go
Unescape View File

@ -43,7 +43,7 @@ func (hs *HTTPServer) ProxyPluginRequest(c *contextmodel.ReqContext) {
return
}
query := pluginsettings.GetByPluginIDArgs{OrgID: c.OrgID, PluginID: plugin.ID}
query := pluginsettings.GetByPluginIDArgs{OrgID: c.SignedInUser.GetOrgID(), PluginID: plugin.ID}
ps, err := hs.PluginSettings.GetPluginSettingByPluginID(c.Req.Context(), &query)
if err != nil {
c.JsonApiErr(http.StatusInternalServerError, "Failed to fetch plugin settings", err)

2
pkg/api/plugin_resource.go
Unescape View File

@ -27,7 +27,7 @@ func (hs *HTTPServer) CallResource(c *contextmodel.ReqContext) {
}
func (hs *HTTPServer) callPluginResource(c *contextmodel.ReqContext, pluginID string) {
pCtx, err := hs.pluginContextProvider.Get(c.Req.Context(), pluginID, c.SignedInUser, c.OrgID)
pCtx, err := hs.pluginContextProvider.Get(c.Req.Context(), pluginID, c.SignedInUser, c.SignedInUser.GetOrgID())
if err != nil {
if errors.Is(err, plugins.ErrPluginNotRegistered) {
c.JsonApiErr(404, "Plugin not found", nil)

11
pkg/api/plugins.go
Unescape View File

@ -13,10 +13,11 @@ import (
"sort"
"strings"
"github.com/grafana/grafana-plugin-sdk-go/backend"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promauto"
"github.com/grafana/grafana-plugin-sdk-go/backend"
"github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/api/response"
"github.com/grafana/grafana/pkg/plugins"
@ -64,7 +65,7 @@ func (hs *HTTPServer) GetPluginList(c *contextmodel.ReqContext) response.Respons
ac.EvalPermission(pluginaccesscontrol.ActionInstall),
))
pluginSettingsMap, err := hs.pluginSettings(c.Req.Context(), c.OrgID)
pluginSettingsMap, err := hs.pluginSettings(c.Req.Context(), c.SignedInUser.GetOrgID())
if err != nil {
return response.Error(http.StatusInternalServerError, "Failed to get list of plugins", err)
}
@ -205,7 +206,7 @@ func (hs *HTTPServer) GetPluginSettingByID(c *contextmodel.ReqContext) response.
ps, err := hs.PluginSettings.GetPluginSettingByPluginID(c.Req.Context(), &pluginsettings.GetByPluginIDArgs{
PluginID: pluginID,
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
})
if err != nil {
if !errors.Is(err, pluginsettings.ErrPluginSettingNotFound) {
@ -243,7 +244,7 @@ func (hs *HTTPServer) UpdatePluginSetting(c *contextmodel.ReqContext) response.R
return response.Error(404, "Plugin not installed", nil)
}
cmd.OrgId = c.OrgID
cmd.OrgId = c.SignedInUser.GetOrgID()
cmd.PluginId = pluginID
if err := hs.PluginSettings.UpdatePluginSetting(c.Req.Context(), &pluginsettings.UpdateArgs{
Enabled: cmd.Enabled,
@ -391,7 +392,7 @@ func (hs *HTTPServer) redirectCDNPluginAsset(c *contextmodel.ReqContext, plugin
// /api/plugins/:pluginId/health
func (hs *HTTPServer) CheckHealth(c *contextmodel.ReqContext) response.Response {
pluginID := web.Params(c.Req)[":pluginId"]
pCtx, err := hs.pluginContextProvider.Get(c.Req.Context(), pluginID, c.SignedInUser, c.OrgID)
pCtx, err := hs.pluginContextProvider.Get(c.Req.Context(), pluginID, c.SignedInUser, c.SignedInUser.GetOrgID())
if err != nil {
return response.ErrOrFallback(http.StatusInternalServerError, "Failed to get plugin settings", err)
}

14
pkg/api/preferences.go
Unescape View File

@ -20,7 +20,7 @@ func (hs *HTTPServer) SetHomeDashboard(c *contextmodel.ReqContext) response.Resp
return response.Error(http.StatusBadRequest, "bad request data", err)
}
cmd.UserID = c.UserID
cmd.OrgID = c.OrgID
cmd.OrgID = c.SignedInUser.GetOrgID()
// the default value of HomeDashboardID is taken from input, when HomeDashboardID is set also,
// UID is used in preference to identify dashboard
@ -56,7 +56,7 @@ func (hs *HTTPServer) SetHomeDashboard(c *contextmodel.ReqContext) response.Resp
// 401: unauthorisedError
// 500: internalServerError
func (hs *HTTPServer) GetUserPreferences(c *contextmodel.ReqContext) response.Response {
return hs.getPreferencesFor(c.Req.Context(), c.OrgID, c.UserID, 0)
return hs.getPreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), c.UserID, 0)
}
func (hs *HTTPServer) getPreferencesFor(ctx context.Context, orgID, userID, teamID int64) response.Response {
@ -124,7 +124,7 @@ func (hs *HTTPServer) UpdateUserPreferences(c *contextmodel.ReqContext) response
if err := web.Bind(c.Req, &dtoCmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
return hs.updatePreferencesFor(c.Req.Context(), c.OrgID, c.UserID, 0, &dtoCmd)
return hs.updatePreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), c.UserID, 0, &dtoCmd)
}
func (hs *HTTPServer) updatePreferencesFor(ctx context.Context, orgID, userID, teamId int64, dtoCmd *dtos.UpdatePrefsCmd) response.Response {
@ -182,7 +182,7 @@ func (hs *HTTPServer) PatchUserPreferences(c *contextmodel.ReqContext) response.
if err := web.Bind(c.Req, &dtoCmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
return hs.patchPreferencesFor(c.Req.Context(), c.OrgID, c.UserID, 0, &dtoCmd)
return hs.patchPreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), c.UserID, 0, &dtoCmd)
}
func (hs *HTTPServer) patchPreferencesFor(ctx context.Context, orgID, userID, teamId int64, dtoCmd *dtos.PatchPrefsCmd) response.Response {
@ -238,7 +238,7 @@ func (hs *HTTPServer) patchPreferencesFor(ctx context.Context, orgID, userID, te
// 403: forbiddenError
// 500: internalServerError
func (hs *HTTPServer) GetOrgPreferences(c *contextmodel.ReqContext) response.Response {
return hs.getPreferencesFor(c.Req.Context(), c.OrgID, 0, 0)
return hs.getPreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), 0, 0)
}
// swagger:route PUT /org/preferences org_preferences updateOrgPreferences
@ -257,7 +257,7 @@ func (hs *HTTPServer) UpdateOrgPreferences(c *contextmodel.ReqContext) response.
return response.Error(http.StatusBadRequest, "bad request data", err)
}
return hs.updatePreferencesFor(c.Req.Context(), c.OrgID, 0, 0, &dtoCmd)
return hs.updatePreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), 0, 0, &dtoCmd)
}
// swagger:route PATCH /org/preferences org_preferences patchOrgPreferences
@ -275,7 +275,7 @@ func (hs *HTTPServer) PatchOrgPreferences(c *contextmodel.ReqContext) response.R
if err := web.Bind(c.Req, &dtoCmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
return hs.patchPreferencesFor(c.Req.Context(), c.OrgID, 0, 0, &dtoCmd)
return hs.patchPreferencesFor(c.Req.Context(), c.SignedInUser.GetOrgID(), 0, 0, &dtoCmd)
}
// swagger:parameters updateUserPreferences

2
pkg/api/quota.go
Unescape View File

@ -23,7 +23,7 @@ import (
// 404: notFoundError
// 500: internalServerError
func (hs *HTTPServer) GetCurrentOrgQuotas(c *contextmodel.ReqContext) response.Response {
return hs.getOrgQuotasHelper(c, c.OrgID)
return hs.getOrgQuotasHelper(c, c.SignedInUser.GetOrgID())
}
// swagger:route GET /orgs/{org_id}/quotas orgs getOrgQuota

2
pkg/api/render.go
Unescape View File

@ -58,7 +58,7 @@ func (hs *HTTPServer) RenderToPng(c *contextmodel.ReqContext) {
Timeout: time.Duration(timeout) * time.Second,
},
AuthOpts: rendering.AuthOpts{
OrgID: c.OrgID,
OrgID: c.SignedInUser.GetOrgID(),
UserID: c.UserID,
OrgRole: c.OrgRole,
},

2
pkg/api/search.go
Unescape View File

@ -76,7 +76,7 @@ func (hs *HTTPServer) Search(c *contextmodel.ReqContext) response.Response {
Limit: limit,
Page: page,
IsStarred: starred == "true",
OrgId: c.OrgID,
OrgId: c.SignedInUser.GetOrgID(),
DashboardIds: dbIDs,
DashboardUIDs: dbUIDs,
Type: dashboardType,

2
pkg/api/short_url.go
Unescape View File

@ -26,7 +26,7 @@ func (hs *HTTPServer) createShortURL(c *contextmodel.ReqContext) response.Respon
return response.Err(err)
}
url := fmt.Sprintf("%s/goto/%s?orgId=%d", strings.TrimSuffix(setting.AppUrl, "/"), shortURL.Uid, c.OrgID)
url := fmt.Sprintf("%s/goto/%s?orgId=%d", strings.TrimSuffix(setting.AppUrl, "/"), shortURL.Uid, c.SignedInUser.GetOrgID())
c.Logger.Debug("Created short URL", "url", url)
dto := dtos.ShortURL{

10
pkg/api/team_members.go
Unescape View File

@ -34,7 +34,7 @@ func (hs *HTTPServer) GetTeamMembers(c *contextmodel.ReqContext) response.Respon
return response.Error(http.StatusBadRequest, "teamId is invalid", err)
}
query := team.GetTeamMembersQuery{OrgID: c.OrgID, TeamID: teamId, SignedInUser: c.SignedInUser}
query := team.GetTeamMembersQuery{OrgID: c.SignedInUser.GetOrgID(), TeamID: teamId, SignedInUser: c.SignedInUser}
queryResult, err := hs.teamService.GetTeamMembers(c.Req.Context(), &query)
if err != nil {
@ -77,13 +77,13 @@ func (hs *HTTPServer) AddTeamMember(c *contextmodel.ReqContext) response.Respons
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
cmd.OrgID = c.OrgID
cmd.OrgID = c.SignedInUser.GetOrgID()
cmd.TeamID, err = strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "teamId is invalid", err)
}
isTeamMember, err := hs.teamService.IsTeamMember(c.OrgID, cmd.TeamID, cmd.UserID)
isTeamMember, err := hs.teamService.IsTeamMember(c.SignedInUser.GetOrgID(), cmd.TeamID, cmd.UserID)
if err != nil {
return response.Error(500, "Failed to add team member.", err)
}
@ -124,7 +124,7 @@ func (hs *HTTPServer) UpdateTeamMember(c *contextmodel.ReqContext) response.Resp
if err != nil {
return response.Error(http.StatusBadRequest, "userId is invalid", err)
}
orgId := c.OrgID
orgId := c.SignedInUser.GetOrgID()
isTeamMember, err := hs.teamService.IsTeamMember(orgId, teamId, userId)
if err != nil {
@ -162,7 +162,7 @@ func getPermissionName(permission dashboards.PermissionType) string {
// 404: notFoundError
// 500: internalServerError
func (hs *HTTPServer) RemoveTeamMember(c *contextmodel.ReqContext) response.Response {
orgId := c.OrgID
orgId := c.SignedInUser.GetOrgID()
teamId, err := strconv.ParseInt(web.Params(c.Req)[":teamId"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "teamId is invalid", err)

Write Preview
Loading…
Cancel
Save