From df64dd076243e25808b4d6384b96d6ddb338e59a Mon Sep 17 00:00:00 2001
From: Karl Persson <23356117+kalleep@users.noreply.github.com>
Date: Thu, 13 Feb 2025 09:17:16 +0100
Subject: [PATCH] LibraryElements: Propagate service identity in context when
 searching for dashboards (#100220)

* Propagate service identity in context when searching for dashboards
---
 pkg/services/libraryelements/database.go | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/pkg/services/libraryelements/database.go b/pkg/services/libraryelements/database.go
index 306352fce84..d133c36e650 100644
--- a/pkg/services/libraryelements/database.go
+++ b/pkg/services/libraryelements/database.go
@@ -250,14 +250,17 @@ func (l *LibraryElementService) deleteLibraryElement(c context.Context, signedIn
 			return err
 		}
 
-		// then find the dashboards that were supposed to be connected to this element
-		_, requester := identity.WithServiceIdentity(c, signedInUser.GetOrgID())
-		dashs, err := l.dashboardsService.FindDashboards(c, &dashboards.FindPersistedDashboardsQuery{
+		// then find the dashboards that were supposed to be connected to this element.
+		// A identity may be able to delete a library element but not read all dashboards so we fetch then as the
+		// service user so we can prevent deletion of those connections
+		serviceCtx, serviceIdent := identity.WithServiceIdentity(c, signedInUser.GetOrgID())
+		dashs, err := l.dashboardsService.FindDashboards(serviceCtx, &dashboards.FindPersistedDashboardsQuery{
 			Type:         searchstore.TypeDashboard,
-			OrgId:        signedInUser.GetOrgID(),
+			OrgId:        serviceIdent.GetOrgID(),
 			DashboardIds: dashboardIDs,
-			SignedInUser: requester, // a user may be able to delete a library element but not read all dashboards. We still need to run this check, so we don't allow deleting elements if dashboards are connected
+			SignedInUser: serviceIdent,
 		})
+
 		if err != nil {
 			return err
 		}