[v11.0.x] User: Check SignedInUser OrgID in RevokeInvite #95487

grafana-delivery-bot · 2024-10-28T12:21:54Z

What is this feature?
This PR adds a check to ensure that invitations can only be revoked by requesters within the same organization.

Why do we need this feature?

Who is this feature for?

Which issue(s) does this PR fix?:

Fixes #

Special notes for your reviewer:

Please check that:

It works as expected from a user's perspective.
If this is a pre-GA feature, it is behind a feature toggle.
The docs are updated, and if this is a notable improvement, it's added to our What's New doc.

Check SignedInUser OrgID in RevokeInvite (cherry picked from commit fedcf47)

User: Check SignedInUser OrgID in RevokeInvite (#95476)

8492e78

Check SignedInUser OrgID in RevokeInvite (cherry picked from commit fedcf47)

grafana-delivery-bot bot added this to the 11.0.x milestone Oct 28, 2024

grafana-delivery-bot bot added add to changelog area/admin/user area/auth area/backend backport A backport PR missing-labels labels Oct 28, 2024

grafana-delivery-bot bot requested a review from a team as a code owner October 28, 2024 12:21

grafana-delivery-bot bot requested review from mgyongyosi, papagian, zserge and undef1nd and removed request for a team October 28, 2024 12:21

mgyongyosi approved these changes Oct 28, 2024

View reviewed changes

mgyongyosi enabled auto-merge (squash) October 28, 2024 12:23

mgyongyosi merged commit b2ba2ea into v11.0.x Oct 28, 2024
22 checks passed

mgyongyosi deleted the backport-95476-to-v11.0.x branch October 28, 2024 12:41

Sergej-Vlasov modified the milestones: 11.0.x, 11.0.8 Nov 15, 2024

Provide feedback