6 年之前 · 22e098b830
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -14,6 +14,7 @@ func (hs *HTTPServer) registerRoutes() {
 
				 	reqGrafanaAdmin := middleware.ReqGrafanaAdmin
			
 
				 	reqEditorRole := middleware.ReqEditorRole
			
 
				 	reqOrgAdmin := middleware.ReqOrgAdmin
			
 
				+	reqAdminOrEditorCanAdmin := middleware.EditorCanAdmin(hs.Cfg.EditorsCanOwn)
			
 
				 	redirectFromLegacyDashboardURL := middleware.RedirectFromLegacyDashboardURL()
			
 
				 	redirectFromLegacyDashboardSoloURL := middleware.RedirectFromLegacyDashboardSoloURL()
			
 
				 	quota := middleware.Quota(hs.QuotaService)
			
@@ -41,8 +42,8 @@ func (hs *HTTPServer) registerRoutes() {
 
				 	r.Get("/org/users", reqOrgAdmin, hs.Index)
			
 
				 	r.Get("/org/users/new", reqOrgAdmin, hs.Index)
			
 
				 	r.Get("/org/users/invite", reqOrgAdmin, hs.Index)
			
 
				-	r.Get("/org/teams", reqOrgAdmin, hs.Index)
			
 
				-	r.Get("/org/teams/*", reqOrgAdmin, hs.Index)
			
 
				+	r.Get("/org/teams", reqAdminOrEditorCanAdmin, hs.Index)
			
 
				+	r.Get("/org/teams/*", reqAdminOrEditorCanAdmin, hs.Index)
			
 
				 	r.Get("/org/apikeys/", reqOrgAdmin, hs.Index)
			
 
				 	r.Get("/dashboard/import/", reqSignedIn, hs.Index)
			
 
				 	r.Get("/configuration", reqGrafanaAdmin, hs.Index)
			
@@ -161,7 +162,7 @@ func (hs *HTTPServer) registerRoutes() {
 
				 			teamsRoute.Delete("/:teamId/members/:userId", Wrap(RemoveTeamMember))
			
 
				 			teamsRoute.Get("/:teamId/preferences", Wrap(GetTeamPreferences))
			
 
				 			teamsRoute.Put("/:teamId/preferences", bind(dtos.UpdatePrefsCmd{}), Wrap(UpdateTeamPreferences))
			
 
				-		}, reqOrgAdmin)
			
 
				+		}, reqAdminOrEditorCanAdmin)
			
 
				 
			
 
				 		// team without requirement of user to be org admin
			
 
				 		apiRoute.Group("/teams", func(teamsRoute routing.RouteRegister) {
			
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@@ -86,3 +86,20 @@ func Auth(options *AuthOptions) macaron.Handler {
 
				 		}
			
 
				 	}
			
 
				 }
			
 
				+
			
 
				+func EditorCanAdmin(enabled bool) macaron.Handler {
			
 
				+	return func(c *m.ReqContext) {
			
 
				+		ok := false
			
 
				+		if c.OrgRole == m.ROLE_ADMIN {
			
 
				+			ok = true
			
 
				+		}
			
 
				+
			
 
				+		if c.OrgRole == m.ROLE_EDITOR && enabled {
			
 
				+			ok = true
			
 
				+		}
			
 
				+
			
 
				+		if !ok {
			
 
				+			accessForbidden(c)
			
 
				+		}
			
 
				+	}
			
 
				+}
			
--- a/public/app/routes/routes.ts
+++ b/public/app/routes/routes.ts
@@ -207,7 +207,7 @@ export function setupAngularRoutes($routeProvider, $locationProvider) {
 
				     .when('/org/teams/edit/:id/:page?', {
			
 
				       template: '<react-container />',
			
 
				       resolve: {
			
 
				-        roles: () => ['Admin'],
			
 
				+        roles: () => (config.editorsCanOwn ? ['Editor', 'Admin'] : ['Admin']),
			
 
				         component: () => TeamPages,
			
 
				       },
			
 
				     })