From 0a50ca72319349a93382e203ec1dcd2f02009398 Mon Sep 17 00:00:00 2001
From: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
Date: Fri, 6 Oct 2023 14:48:20 -0400
Subject: [PATCH] Alerting: Let users with regular permissions access export
 endpoints (#76082)

let users with regular permissions access export endpoints
---
 pkg/services/ngalert/api/authorization.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/pkg/services/ngalert/api/authorization.go b/pkg/services/ngalert/api/authorization.go
index e1c575c5315..cc7ca551937 100644
--- a/pkg/services/ngalert/api/authorization.go
+++ b/pkg/services/ngalert/api/authorization.go
@@ -189,10 +189,16 @@ func (api *API) authorize(method, path string) web.Handler {
 		return middleware.ReqOrgAdmin
 
 	// Grafana-only Provisioning Read Paths
+	case http.MethodGet + "/api/v1/provisioning/policies/export",
+		http.MethodGet + "/api/v1/provisioning/contact-points/export":
+		eval = ac.EvalAny(
+			ac.EvalPermission(ac.ActionAlertingNotificationsRead),       // organization scope
+			ac.EvalPermission(ac.ActionAlertingProvisioningRead),        // organization scope
+			ac.EvalPermission(ac.ActionAlertingProvisioningReadSecrets), // organization scope
+		)
+
 	case http.MethodGet + "/api/v1/provisioning/policies",
-		http.MethodGet + "/api/v1/provisioning/policies/export",
 		http.MethodGet + "/api/v1/provisioning/contact-points",
-		http.MethodGet + "/api/v1/provisioning/contact-points/export",
 		http.MethodGet + "/api/v1/provisioning/templates",
 		http.MethodGet + "/api/v1/provisioning/templates/{name}",
 		http.MethodGet + "/api/v1/provisioning/mute-timings",