feat: Add new read filtering to datasources guardian (#91345)

* feat: Add new read filtering to datasources guardian * Apply suggestion to use datasources read guardian check for frontend settings --------- Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
2025-02-25 18:55:37 -06:00 · 2024-08-22 05:26:46 -05:00
parent 94a119ac63
commit 0176ead117
4 changed files with 7 additions and 2 deletions
--- a/pkg/api/datasources.go
+++ b/pkg/api/datasources.go
@@ -54,7 +54,7 @@ func (hs *HTTPServer) GetDataSources(c *contextmodel.ReqContext) response.Respon
 		return response.Error(http.StatusInternalServerError, "Failed to query datasources", err)
 	}

-	filtered, err := hs.dsGuardian.New(c.SignedInUser.OrgID, c.SignedInUser).FilterDatasourcesByQueryPermissions(dataSources)
+	filtered, err := hs.dsGuardian.New(c.SignedInUser.OrgID, c.SignedInUser).FilterDatasourcesByReadPermissions(dataSources)
 	if err != nil {
 		return response.Error(http.StatusInternalServerError, "Failed to query datasources", err)
 	}
--- a/pkg/api/frontendsettings.go
+++ b/pkg/api/frontendsettings.go
@@ -410,7 +410,7 @@ func (hs *HTTPServer) getFSDataSources(c *contextmodel.ReqContext, availablePlug
 			// If RBAC is enabled, it will filter out all datasources for a public user, so we need to skip it
 			orgDataSources = dataSources
 		} else {
-			filtered, err := hs.dsGuardian.New(c.SignedInUser.OrgID, c.SignedInUser).FilterDatasourcesByQueryPermissions(dataSources)
+			filtered, err := hs.dsGuardian.New(c.SignedInUser.OrgID, c.SignedInUser).FilterDatasourcesByReadPermissions(dataSources)
 			if err != nil {
 				return nil, err
 			}