From 6a2bcba07808c24d6d1dad0d9c2784424cf7e377 Mon Sep 17 00:00:00 2001 From: Eric Leijonmarck Date: Wed, 17 May 2023 18:24:18 +0100 Subject: [PATCH] Revert: Allow editors to access GET /datasources (#68632) Revert "Allow editors to access GET /datasources" This reverts commit 5a830c43c0f4793726b9826aee063da114e88738. --- pkg/api/api.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/api/api.go b/pkg/api/api.go index c3756ea58ee..77ee1c69420 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -392,7 +392,7 @@ func (hs *HTTPServer) registerRoutes() { idScope := datasources.ScopeProvider.GetResourceScope(ac.Parameter(":id")) uidScope := datasources.ScopeProvider.GetResourceScopeUID(ac.Parameter(":uid")) nameScope := datasources.ScopeProvider.GetResourceScopeName(ac.Parameter(":name")) - datasourceRoute.Get("/", authorize(reqEditorRole, ac.EvalPermission(datasources.ActionRead)), routing.Wrap(hs.GetDataSources)) + datasourceRoute.Get("/", authorize(reqOrgAdmin, ac.EvalPermission(datasources.ActionRead)), routing.Wrap(hs.GetDataSources)) datasourceRoute.Post("/", authorize(reqOrgAdmin, ac.EvalPermission(datasources.ActionCreate)), quota(string(datasources.QuotaTargetSrv)), routing.Wrap(hs.AddDataSource)) datasourceRoute.Put("/:id", authorize(reqOrgAdmin, ac.EvalPermission(datasources.ActionWrite, idScope)), routing.Wrap(hs.UpdateDataSourceByID)) datasourceRoute.Put("/uid/:uid", authorize(reqOrgAdmin, ac.EvalPermission(datasources.ActionWrite, uidScope)), routing.Wrap(hs.UpdateDataSourceByUID))