grafana/SOURCES/0013-snapshot-delete-check-org.patch

22 lines
808 B
Diff
Raw Normal View History

2024-04-30 20:14:44 +00:00
From 9c1236ba6e7d4c6506c62adeb830d9e56db7f425 Mon Sep 17 00:00:00 2001
From: Sam Feifer <sfeifer@redhat.com>
Date: Thu, 28 Mar 2024 13:24:35 -0400
Subject: [PATCH] snapshot delete check org
diff --git a/pkg/api/dashboard_snapshot.go b/pkg/api/dashboard_snapshot.go
index 47ae50544a..0007e89ccb 100644
--- a/pkg/api/dashboard_snapshot.go
+++ b/pkg/api/dashboard_snapshot.go
@@ -328,6 +328,10 @@ func (hs *HTTPServer) DeleteDashboardSnapshot(c *models.ReqContext) response.Res
return response.Error(http.StatusNotFound, "Failed to get dashboard snapshot", nil)
}
+ if query.Result.OrgId != c.OrgID {
+ return response.Error(http.StatusUnauthorized, "OrgID mismatch", nil)
+ }
+
if query.Result.External {
err := deleteExternalDashboardSnapshot(query.Result.ExternalDeleteUrl)
if err != nil {