From 7f04f661371fb5dc55a19584ec32d81f8bf9ec03 Mon Sep 17 00:00:00 2001
From: Igor Suleymanov <radiohead@users.noreply.github.com>
Date: Wed, 15 Jan 2025 11:50:28 +0200
Subject: [PATCH] Allow listing Dashboards through k8s APIs (#98997)

What

This PR changes the dashboard authorizer logic to no longer require
requester to be the super admin user in order to list dashboards using
k8s APIs.

Why

We no longer need this precondition - dashboards should be listable
based on the regular authorizer logic.

Signed-off-by: Igor Suleymanov <igor.suleymanov@grafana.com>
---
 pkg/registry/apis/dashboard/authorizer.go | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/pkg/registry/apis/dashboard/authorizer.go b/pkg/registry/apis/dashboard/authorizer.go
index 34598438015..8f7a509ec1d 100644
--- a/pkg/registry/apis/dashboard/authorizer.go
+++ b/pkg/registry/apis/dashboard/authorizer.go
@@ -7,7 +7,6 @@ import (
 
 	"github.com/grafana/authlib/claims"
 	"github.com/grafana/grafana/pkg/apimachinery/identity"
-	"github.com/grafana/grafana/pkg/apis/dashboard"
 	"github.com/grafana/grafana/pkg/infra/log"
 	"github.com/grafana/grafana/pkg/services/dashboards"
 	"github.com/grafana/grafana/pkg/services/guardian"
@@ -27,12 +26,6 @@ func GetAuthorizer(dashboardService dashboards.DashboardService, l log.Logger) a
 			}
 
 			if attr.GetName() == "" {
-				// Discourage use of the "list" command for non super admin users
-				if attr.GetVerb() == "list" && attr.GetResource() == dashboard.DashboardResourceInfo.GroupResource().Resource {
-					if !user.GetIsGrafanaAdmin() {
-						return authorizer.DecisionDeny, "list summary objects (or connect as GrafanaAdmin)", err
-					}
-				}
 				return authorizer.DecisionNoOpinion, "", nil
 			}