Skip to content
This repository was archived by the owner on Sep 30, 2024. It is now read-only.

Commit 0576d9e

Browse files
sqssqs
authored
fix(api): only allow a user or site admin to view that user's usage stats (#63365)
Previously, all users were allowed to view a user's usage stats. This is an admin feature and it is not needed nor desirable for other users to be able to view a user's usage stats. ## Test plan CI
1 parent 843f703 commit 0576d9e

File tree

2 files changed

+5
-4
lines changed

2 files changed

+5
-4
lines changed

cmd/frontend/graphqlbackend/user_usage_stats.go

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -26,10 +26,8 @@ import (
2626
)
2727

2828
func (r *UserResolver) UsageStatistics(ctx context.Context) (*userUsageStatisticsResolver, error) {
29-
if dotcom.SourcegraphDotComMode() {
30-
if err := auth.CheckSiteAdminOrSameUser(ctx, r.db, r.user.ID); err != nil {
31-
return nil, err
32-
}
29+
if err := auth.CheckSiteAdminOrSameUser(ctx, r.db, r.user.ID); err != nil {
30+
return nil, err
3331
}
3432

3533
stats, err := usagestats.GetByUserID(ctx, r.db, r.user.ID)

cmd/frontend/graphqlbackend/user_usage_stats_test.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,10 @@
11
package graphqlbackend
22

33
import (
4+
"context"
45
"testing"
56

7+
"github.com/sourcegraph/sourcegraph/internal/actor"
68
"github.com/sourcegraph/sourcegraph/internal/database/dbmocks"
79
"github.com/sourcegraph/sourcegraph/internal/types"
810
"github.com/sourcegraph/sourcegraph/internal/usagestats"
@@ -47,6 +49,7 @@ func TestUser_UsageStatistics(t *testing.T) {
4749
}
4850
}
4951
`,
52+
Context: actor.WithActor(context.Background(), &actor.Actor{UID: 1}),
5053
},
5154
})
5255
}

0 commit comments

Comments
 (0)