* * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search
* Teams: Ensure that users searching for teams are only able see teams they have access to
* Teams: Require teamGuardian admin privileges to list team members
* Teams: Prevent org viewers from administering teams
* Teams: Add org_id condition to team count query
* Teams: clarify permission requirements in teams api docs
* Teams: expand scenarios for team search tests
* Teams: mock teamGuardian in tests
Co-authored-by: Dan Cech <dcech@grafana.com>
* remove duplicate WHERE statement
* Fix for CVE-2022-21702
(cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e)
* Lint and test fixes
(cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981)
* check content type properly
(cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98)
* basic csrf origin check
(cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1)
* compare origin to host
(cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42)
* simplify url parsing
(cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d)
* check csrf for GET requests, only compare origin
(cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709)
* parse content type properly
(cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0)
* mentioned get in the comment
(cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345)
* add content-type: application/json to test HTTP requests
* fix pluginproxy test
* Fix linter when comparing errors
Co-authored-by: Kevin Minehart <kmineh0151@gmail.com>
Co-authored-by: Dan Cech <dcech@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
Co-authored-by: Vardan Torosyan <vardants@gmail.com>
* Remove bus from dashboard api
* Polish api dashboard tests
* Remove Delete Slug method
* Fix sqlstore dashboard test
* Remove bus from dashboard permission
* Remove GetDashboardsBySlug from sqlstore
* Chore: Refactor api handlers to use web.Bind
* fix comments
* fix comment
* trying to fix most of the tests and force routing.Wrap type check
* fix library panels tests
* fix frontend logging tests
* allow passing nil as a response to skip writing
* return nil instead of the response
* rewrite login handler function types
* remove handlerFuncCtx
* make linter happy
* remove old bindings from the libraryelements
* restore comments
Fixes#30144
Co-authored-by: dsotirakis <sotirakis.dim@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
Co-authored-by: Leon Sorokin <leeoniya@gmail.com>
Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com>
Co-authored-by: spinillos <selenepinillos@gmail.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
* expose folder UID in dashboards API response, import dashboards into folders by folder UID
* handle bad folder UID as 400 error
* 12591:Add tests for request with folderUid
* Use more descriptive error status for missing folders
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* return 400 when folder id is missing
* put error checking in the right place this time
* mention folderUid in the docs
* Clarify usage of folderUid and folderId when both present
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Capitalise UID
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* mention folder UID in the metadata for a GET response
Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* Chore: moves common and response into separate packages
* Chore: moves common and response into separate packages
* Update pkg/api/utils/common.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Chore: changes after PR comments
* Chore: move wrap to routing package
* Chore: move functions in common to response package
* Chore: move functions in common to response package
* Chore: formats imports
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Chore: Convert tests to standard Go lib
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* Add file path to metadata and show it in dialogs
* Make path relative to config directory
* Fix tests
* Add test for the relative path
* Refactor to use path relative to provisioner path
* Change return types
* Rename attribute
* Small fixes from review
* Unprovision dashboard in case of DisableDeletion = true
* Rename command struct
* Handle removed provision files
* Allow html in confirm-modal
* Do not show confirm button without onConfirm
* Show dialog on deleting provisioned dashboard
* Changed DeleteDashboard to DeleteProvisionedDashboard
* Remove unreachable return
* Add provisioned checks to API
* Remove filter func
* Fix and add tests for deleting dashboards
* Change delete confirm text
* Added and used pkg/errors for error wrapping
* Rewriting team pages in react
* teams to react progress
* teams: getting team by id returns same DTO as search, needed for AvatarUrl
* teams: progress on new team pages
* fix: team test
* listing team members and removing team members now works
* teams: team member page now works
* ux: fixed adding team member issue
* refactoring TeamPicker to conform to react coding styles better
* teams: very close to being done with team page rewrite
* minor style tweak
* ux: polish to team pages
* feature: team pages in react & everything working
* fix: removed flickering when changing tabs by always rendering PageHeader
the GetProvisionedDashboardQuery wasent used for anything
else than check if a dashboard is provisioned or not. So
we simplified this query to make it more maintainable.
* dashboards: new command for validating dashboard before update
Removes validation logic from saveDashboard and later on use the new command for validating
dashboard before saving a dashboard. This due to the fact that we need to validate permissions
for overwriting other dashboards by uid and title.
* dashboards: use the new command for validating dashboard before saving
Had to refactor dashboard provisioning a bit to be able to sidetrack the permission validation
in a somewhat reasonable way.
Adds some initial tests of the dashboard repository, but needs to be extended later. At least
now you can mock the dashboard guardian
* dashboards: removes validation logic in the save dashboard api layer
Use the dashboard repository solely for create/update dashboards and let it do all
the validation. One exception regarding quota validation which still is in api layer
since that logic is in a macaron middleware.
Need to move out-commented api tests later.
* dashboards: fix database tests for validate and saving dashboards
* dashboards: rename dashboard repository to dashboard service
Split the old dashboard repository interface in two new interfaces, IDashboardService and
IDashboardProvisioningService. Makes it more explicit when using it from the provisioning package
and there's no possibility of calling an incorrect method for saving a dashboard.
* database: make the InitTestDB function available to use from other packages
* dashboards: rename ValidateDashboardForUpdateCommand and some refactoring
* dashboards: integration tests of dashboard service
* dashboard: fix sqlstore test due to folder exist validation
* dashboards: move dashboard service integration tests to sqlstore package
Had to move it to the sqlstore package due to concurrency problems when running
against mysql and postgres. Using InitTestDB from two packages added conflicts
when clearing and running migrations on the test database
* dashboards: refactor how to find id to be used for save permission check
* dashboards: remove duplicated dashboard tests
* dashboards: cleanup dashboard service integration tests
* dashboards: handle save dashboard errors and return correct http status
* fix: remove log statement
* dashboards: import dashboard should use dashboard service
Had to move alerting commands to models package due to problems with import cycles of packages.
* dashboards: cleanup dashboard api tests and add some tests for post dashboard
* dashboards: rename dashboard service interfaces
* dashboards: rename dashboard guardian interface
Since we're already have possibility to get a dashboard by slug
it makes little sense to have a separate endpoint in api for
retrieving uid by slug.
#7883
Introduces new url in api /dashboards/<uid> for fetching dashboard by unique id
Leave the old dashboard by slug url /dashboards/db/<slug> for backward
compatibility and for supporting fallback
WIP for #7883
Dimitris Sotirakis
idafurjes
Ryan McKinley
Agnès Toulet
Isabella Siu
Serge Zaitsev
Alexander Emelin
Will Browne
Tania B
Joan López de la Franca Beltran
Hugo Häggmark
Arve Knudsen
Marcus Efraimsson
Carl Bergquist
Dimitris Sotirakis
ying-jeanne
kay delaney
gastonqiu
Carl Bergquist
huanggze
Jon Gyllenswärd
Andrej Ocenas
Leonard Gram
Torkel Ödegaard
Julian Kornberger
Dan Cech
Daniel Lee
Alexander Zobnin
Torkel Ödegaard