Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
N
nexpie-grafana-theme
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Registry
Registry
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kornkitt Poolsup
nexpie-grafana-theme
Commits
1f949e58
Commit
1f949e58
authored
Mar 11, 2019
by
Leonard Gram
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
teams: teams guard on all teams update methods.
parent
23231e6d
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
36 additions
and
6 deletions
+36
-6
pkg/api/team.go
+8
-1
pkg/api/team_members.go
+28
-5
No files found.
pkg/api/team.go
View file @
1f949e58
...
...
@@ -131,5 +131,12 @@ func GetTeamPreferences(c *m.ReqContext) Response {
// PUT /api/teams/:teamId/preferences
func
UpdateTeamPreferences
(
c
*
m
.
ReqContext
,
dtoCmd
dtos
.
UpdatePrefsCmd
)
Response
{
return
updatePreferencesFor
(
c
.
OrgId
,
0
,
c
.
ParamsInt64
(
":teamId"
),
&
dtoCmd
)
teamId
:=
c
.
ParamsInt64
(
":teamId"
)
orgId
:=
c
.
OrgId
if
err
:=
teams
.
CanUpdateTeam
(
orgId
,
teamId
,
c
.
SignedInUser
);
err
!=
nil
{
return
Error
(
403
,
"Not allowed to update team preferences."
,
err
)
}
return
updatePreferencesFor
(
orgId
,
0
,
teamId
,
&
dtoCmd
)
}
pkg/api/team_members.go
View file @
1f949e58
...
...
@@ -4,6 +4,7 @@ import (
"github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/bus"
m
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/teams"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util"
)
...
...
@@ -30,8 +31,15 @@ func GetTeamMembers(c *m.ReqContext) Response {
// POST /api/teams/:teamId/members
func
AddTeamMember
(
c
*
m
.
ReqContext
,
cmd
m
.
AddTeamMemberCommand
)
Response
{
cmd
.
TeamId
=
c
.
ParamsInt64
(
":teamId"
)
cmd
.
OrgId
=
c
.
OrgId
teamId
:=
c
.
ParamsInt64
(
":teamId"
)
orgId
:=
c
.
OrgId
if
err
:=
teams
.
CanUpdateTeam
(
orgId
,
teamId
,
c
.
SignedInUser
);
err
!=
nil
{
return
Error
(
403
,
"Not allowed to add team member"
,
err
)
}
cmd
.
TeamId
=
teamId
cmd
.
OrgId
=
orgId
if
err
:=
bus
.
Dispatch
(
&
cmd
);
err
!=
nil
{
if
err
==
m
.
ErrTeamNotFound
{
...
...
@@ -52,9 +60,16 @@ func AddTeamMember(c *m.ReqContext, cmd m.AddTeamMemberCommand) Response {
// PUT /:teamId/members/:userId
func
UpdateTeamMember
(
c
*
m
.
ReqContext
,
cmd
m
.
UpdateTeamMemberCommand
)
Response
{
cmd
.
TeamId
=
c
.
ParamsInt64
(
":teamId"
)
teamId
:=
c
.
ParamsInt64
(
":teamId"
)
orgId
:=
c
.
OrgId
if
err
:=
teams
.
CanUpdateTeam
(
orgId
,
teamId
,
c
.
SignedInUser
);
err
!=
nil
{
return
Error
(
403
,
"Not allowed to update team member"
,
err
)
}
cmd
.
TeamId
=
teamId
cmd
.
UserId
=
c
.
ParamsInt64
(
":userId"
)
cmd
.
OrgId
=
c
.
O
rgId
cmd
.
OrgId
=
o
rgId
if
err
:=
bus
.
Dispatch
(
&
cmd
);
err
!=
nil
{
if
err
==
m
.
ErrTeamMemberNotFound
{
...
...
@@ -67,7 +82,15 @@ func UpdateTeamMember(c *m.ReqContext, cmd m.UpdateTeamMemberCommand) Response {
// DELETE /api/teams/:teamId/members/:userId
func
RemoveTeamMember
(
c
*
m
.
ReqContext
)
Response
{
if
err
:=
bus
.
Dispatch
(
&
m
.
RemoveTeamMemberCommand
{
OrgId
:
c
.
OrgId
,
TeamId
:
c
.
ParamsInt64
(
":teamId"
),
UserId
:
c
.
ParamsInt64
(
":userId"
)});
err
!=
nil
{
orgId
:=
c
.
OrgId
teamId
:=
c
.
ParamsInt64
(
":teamId"
)
userId
:=
c
.
ParamsInt64
(
":userId"
)
if
err
:=
teams
.
CanUpdateTeam
(
orgId
,
teamId
,
c
.
SignedInUser
);
err
!=
nil
{
return
Error
(
403
,
"Not allowed to remove team member"
,
err
)
}
if
err
:=
bus
.
Dispatch
(
&
m
.
RemoveTeamMemberCommand
{
OrgId
:
orgId
,
TeamId
:
teamId
,
UserId
:
userId
});
err
!=
nil
{
if
err
==
m
.
ErrTeamNotFound
{
return
Error
(
404
,
"Team not found"
,
nil
)
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment