-
Notifications
You must be signed in to change notification settings - Fork 14.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Allows PUT and DELETE only for owners of dashboard filter state #17644
fix: Allows PUT and DELETE only for owners of dashboard filter state #17644
Conversation
Codecov Report
@@ Coverage Diff @@
## master #17644 +/- ##
==========================================
+ Coverage 68.51% 68.72% +0.21%
==========================================
Files 1602 1603 +1
Lines 65349 65392 +43
Branches 6992 6992
==========================================
+ Hits 44772 44942 +170
+ Misses 18691 18564 -127
Partials 1886 1886
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! Two minor nits/comments/questions that I'd be curious to hear your thoughts on
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with those non-blocking comments
…r state (apache#17644)" This reverts commit 2ae83fa.
SUMMARY
This PR changes the dashboard filters state endpoint to only allow
PUT
andDELETE
for the owners of the dashboard filter state. If someone else tries to issue these operations, a403
is returned. The main objective of this change is to prevent other users from overriding the owner's state.Two more tests were added to include the new rules:
test_put_not_owner
andtest_delete_not_owner
TESTING INSTRUCTIONS
1 - Execute all tests
2 - All tests should pass
ADDITIONAL INFORMATION