From 2c210909312625bf891332a86d2ebf00c3104376 Mon Sep 17 00:00:00 2001 From: Misi Date: Wed, 12 Apr 2023 14:53:05 +0200 Subject: [PATCH] AccessControl: Allow editors to access GET /api/datasources (#66343) Allow editors to access GET /datasources --- pkg/api/api.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/api/api.go b/pkg/api/api.go index 366b632fb2e..8f7c0117ec4 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -392,7 +392,7 @@ func (hs *HTTPServer) registerRoutes() { idScope := datasources.ScopeProvider.GetResourceScope(ac.Parameter(":id")) uidScope := datasources.ScopeProvider.GetResourceScopeUID(ac.Parameter(":uid")) nameScope := datasources.ScopeProvider.GetResourceScopeName(ac.Parameter(":name")) - datasourceRoute.Get("/", authorize(reqOrgAdmin, ac.EvalPermission(datasources.ActionRead)), routing.Wrap(hs.GetDataSources)) + datasourceRoute.Get("/", authorize(reqEditorRole, ac.EvalPermission(datasources.ActionRead)), routing.Wrap(hs.GetDataSources)) datasourceRoute.Post("/", authorize(reqOrgAdmin, ac.EvalPermission(datasources.ActionCreate)), quota(string(datasources.QuotaTargetSrv)), routing.Wrap(hs.AddDataSource)) datasourceRoute.Put("/:id", authorize(reqOrgAdmin, ac.EvalPermission(datasources.ActionWrite, idScope)), routing.Wrap(hs.UpdateDataSourceByID)) datasourceRoute.Put("/uid/:uid", authorize(reqOrgAdmin, ac.EvalPermission(datasources.ActionWrite, uidScope)), routing.Wrap(hs.UpdateDataSourceByUID))