Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
N
nexpie-grafana-theme
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Registry
Registry
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kornkitt Poolsup
nexpie-grafana-theme
Commits
46412c84
Commit
46412c84
authored
Jun 07, 2017
by
Torkel Ödegaard
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
dasboard_history: security fix, added orgId filter to dashboard version lookup
parent
3ba8aeb9
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
25 additions
and
52 deletions
+25
-52
pkg/api/dashboard.go
+3
-0
pkg/components/dashdiffs/compare.go
+2
-0
pkg/services/sqlstore/dashboard_version.go
+11
-34
pkg/services/sqlstore/logger.go
+9
-18
No files found.
pkg/api/dashboard.go
View file @
46412c84
...
...
@@ -346,6 +346,9 @@ func CalculateDashboardDiff(c *middleware.Context, apiOptions dtos.CalculateDiff
result
,
err
:=
dashdiffs
.
CalculateDiff
(
&
options
)
if
err
!=
nil
{
if
err
==
m
.
ErrDashboardVersionNotFound
{
return
ApiError
(
404
,
"Dashboard version not found"
,
err
)
}
return
ApiError
(
500
,
"Unable to compute diff"
,
err
)
}
...
...
pkg/components/dashdiffs/compare.go
View file @
46412c84
...
...
@@ -65,6 +65,7 @@ func CalculateDiff(options *Options) (*Result, error) {
baseVersionQuery
:=
models
.
GetDashboardVersionQuery
{
DashboardId
:
options
.
Base
.
DashboardId
,
Version
:
options
.
Base
.
Version
,
OrgId
:
options
.
OrgId
,
}
if
err
:=
bus
.
Dispatch
(
&
baseVersionQuery
);
err
!=
nil
{
...
...
@@ -74,6 +75,7 @@ func CalculateDiff(options *Options) (*Result, error) {
newVersionQuery
:=
models
.
GetDashboardVersionQuery
{
DashboardId
:
options
.
New
.
DashboardId
,
Version
:
options
.
New
.
Version
,
OrgId
:
options
.
OrgId
,
}
if
err
:=
bus
.
Dispatch
(
&
newVersionQuery
);
err
!=
nil
{
...
...
pkg/services/sqlstore/dashboard_version.go
View file @
46412c84
...
...
@@ -10,15 +10,22 @@ func init() {
bus
.
AddHandler
(
"sql"
,
GetDashboardVersions
)
}
// GetDashboardVersion gets the dashboard version for the given dashboard ID
// and version number.
// GetDashboardVersion gets the dashboard version for the given dashboard ID and version number.
func
GetDashboardVersion
(
query
*
m
.
GetDashboardVersionQuery
)
error
{
result
,
err
:=
getDashboardVersion
(
query
.
DashboardId
,
query
.
Version
)
version
:=
m
.
DashboardVersion
{}
has
,
err
:=
x
.
Where
(
"dashboard_version.dashboard_id=? AND dashboard_version.version=? AND dashboard.org_id=?"
,
query
.
DashboardId
,
query
.
Version
,
query
.
OrgId
)
.
Join
(
"LEFT"
,
"dashboard"
,
`dashboard.id = dashboard_version.dashboard_id`
)
.
Get
(
&
version
)
if
err
!=
nil
{
return
err
}
query
.
Result
=
result
if
!
has
{
return
m
.
ErrDashboardVersionNotFound
}
query
.
Result
=
&
version
return
nil
}
...
...
@@ -50,33 +57,3 @@ func GetDashboardVersions(query *m.GetDashboardVersionsQuery) error {
}
return
nil
}
// getDashboardVersion is a helper function that gets the dashboard version for
// the given dashboard ID and version ID.
func
getDashboardVersion
(
dashboardId
int64
,
version
int
)
(
*
m
.
DashboardVersion
,
error
)
{
dashboardVersion
:=
m
.
DashboardVersion
{}
has
,
err
:=
x
.
Where
(
"dashboard_id=? AND version=?"
,
dashboardId
,
version
)
.
Get
(
&
dashboardVersion
)
if
err
!=
nil
{
return
nil
,
err
}
if
!
has
{
return
nil
,
m
.
ErrDashboardVersionNotFound
}
dashboardVersion
.
Data
.
Set
(
"id"
,
dashboardVersion
.
DashboardId
)
return
&
dashboardVersion
,
nil
}
// getDashboard gets a dashboard by ID. Used for retrieving the dashboard
// associated with dashboard versions.
func
getDashboard
(
dashboardId
int64
)
(
*
m
.
Dashboard
,
error
)
{
dashboard
:=
m
.
Dashboard
{
Id
:
dashboardId
}
has
,
err
:=
x
.
Get
(
&
dashboard
)
if
err
!=
nil
{
return
nil
,
err
}
if
has
==
false
{
return
nil
,
m
.
ErrDashboardNotFound
}
return
&
dashboard
,
nil
}
pkg/services/sqlstore/logger.go
View file @
46412c84
...
...
@@ -23,67 +23,59 @@ func NewXormLogger(level glog.Lvl, grafanaLog glog.Logger) *XormLogger {
}
// Error implement core.ILogger
func
(
s
*
XormLogger
)
Err
(
v
...
interface
{})
error
{
func
(
s
*
XormLogger
)
Err
or
(
v
...
interface
{})
{
if
s
.
level
<=
glog
.
LvlError
{
s
.
grafanaLog
.
Error
(
fmt
.
Sprint
(
v
...
))
}
return
nil
}
// Errorf implement core.ILogger
func
(
s
*
XormLogger
)
Err
f
(
format
string
,
v
...
interface
{})
error
{
func
(
s
*
XormLogger
)
Err
orf
(
format
string
,
v
...
interface
{})
{
if
s
.
level
<=
glog
.
LvlError
{
s
.
grafanaLog
.
Error
(
fmt
.
Sprintf
(
format
,
v
...
))
}
return
nil
}
// Debug implement core.ILogger
func
(
s
*
XormLogger
)
Debug
(
v
...
interface
{})
error
{
func
(
s
*
XormLogger
)
Debug
(
v
...
interface
{})
{
if
s
.
level
<=
glog
.
LvlDebug
{
s
.
grafanaLog
.
Debug
(
fmt
.
Sprint
(
v
...
))
}
return
nil
}
// Debugf implement core.ILogger
func
(
s
*
XormLogger
)
Debugf
(
format
string
,
v
...
interface
{})
error
{
func
(
s
*
XormLogger
)
Debugf
(
format
string
,
v
...
interface
{})
{
if
s
.
level
<=
glog
.
LvlDebug
{
s
.
grafanaLog
.
Debug
(
fmt
.
Sprintf
(
format
,
v
...
))
}
return
nil
}
// Info implement core.ILogger
func
(
s
*
XormLogger
)
Info
(
v
...
interface
{})
error
{
func
(
s
*
XormLogger
)
Info
(
v
...
interface
{})
{
if
s
.
level
<=
glog
.
LvlInfo
{
s
.
grafanaLog
.
Info
(
fmt
.
Sprint
(
v
...
))
}
return
nil
}
// Infof implement core.ILogger
func
(
s
*
XormLogger
)
Infof
(
format
string
,
v
...
interface
{})
error
{
func
(
s
*
XormLogger
)
Infof
(
format
string
,
v
...
interface
{})
{
if
s
.
level
<=
glog
.
LvlInfo
{
s
.
grafanaLog
.
Info
(
fmt
.
Sprintf
(
format
,
v
...
))
}
return
nil
}
// Warn implement core.ILogger
func
(
s
*
XormLogger
)
Warn
ing
(
v
...
interface
{})
error
{
func
(
s
*
XormLogger
)
Warn
(
v
...
interface
{})
{
if
s
.
level
<=
glog
.
LvlWarn
{
s
.
grafanaLog
.
Warn
(
fmt
.
Sprint
(
v
...
))
}
return
nil
}
// Warnf implement core.ILogger
func
(
s
*
XormLogger
)
Warn
ingf
(
format
string
,
v
...
interface
{})
error
{
func
(
s
*
XormLogger
)
Warn
f
(
format
string
,
v
...
interface
{})
{
if
s
.
level
<=
glog
.
LvlWarn
{
s
.
grafanaLog
.
Warn
(
fmt
.
Sprintf
(
format
,
v
...
))
}
return
nil
}
// Level implement core.ILogger
...
...
@@ -103,8 +95,7 @@ func (s *XormLogger) Level() core.LogLevel {
}
// SetLevel implement core.ILogger
func
(
s
*
XormLogger
)
SetLevel
(
l
core
.
LogLevel
)
error
{
return
nil
func
(
s
*
XormLogger
)
SetLevel
(
l
core
.
LogLevel
)
{
}
// ShowSQL implement core.ILogger
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment