upstream/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2026-06-11 01:20:40 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 54

Annotations: only set userID if caller is a user or service account (#91898)

Browse source 
* Ignore errors when extracting current user id

* Only set userID if caller is user or service account

* Fix patch api
This commit is contained in:
Karl Persson 2024-08-14 16:07:15 +02:00 committed by GitHub
parent db5d8f03b7
commit e9bb3b4d73
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
pkg/api/annotations.go
View file

@ -9,6 +9,7 @@ import (
"github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/api/response"
"github.com/grafana/grafana/pkg/apimachinery/identity"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/annotations"
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
@ -140,12 +141,7 @@ func (hs *HTTPServer) PostAnnotation(c *contextmodel.ReqContext) response.Respon
return response.Error(http.StatusBadRequest, "Failed to save annotation", err)
}
// nolint:staticcheck
userID, err := c.SignedInUser.GetInternalID()
if err != nil {
return response.Error(http.StatusInternalServerError, "Failed to save annotation", err)
}
userID, _ := identity.UserIdentifier(c.GetID())
item := annotations.Item{
OrgID: c.SignedInUser.GetOrgID(),
UserID: userID,
@ -228,12 +224,7 @@ func (hs *HTTPServer) PostGraphiteAnnotation(c *contextmodel.ReqContext) respons
return response.Error(http.StatusBadRequest, "Failed to save Graphite annotation", err)
}
// nolint:staticcheck
userID, err := c.SignedInUser.GetInternalID()
if err != nil {
return response.Error(http.StatusInternalServerError, "Failed to save Graphite annotation", err)
}
userID, _ := identity.UserIdentifier(c.GetID())
item := annotations.Item{
OrgID: c.SignedInUser.GetOrgID(),
UserID: userID,
@ -286,12 +277,7 @@ func (hs *HTTPServer) UpdateAnnotation(c *contextmodel.ReqContext) response.Resp
}
}
// nolint:staticcheck
userID, err := c.SignedInUser.GetInternalID()
if err != nil {
return response.Error(http.StatusInternalServerError, "Failed to update annotation", err)
}
userID, _ := identity.UserIdentifier(c.GetID())
item := annotations.Item{
OrgID: c.SignedInUser.GetOrgID(),
UserID: userID,
@ -349,12 +335,7 @@ func (hs *HTTPServer) PatchAnnotation(c *contextmodel.ReqContext) response.Respo
}
}
// nolint:staticcheck
userID, err := c.SignedInUser.GetInternalID()
if err != nil {
return response.Error(http.StatusInternalServerError, "Failed to update annotation", err)
}
userID, _ := identity.UserIdentifier(c.GetID())
existing := annotations.Item{
OrgID: c.SignedInUser.GetOrgID(),
UserID: userID,