Alerting: Use notifications:read permission for contact points and policies export (#76954)

2024-11-26 02:40:26 -06:00 · 2023-10-31 11:51:20 +01:00 · 2023-10-31 11:51:20 +01:00 · ba7a8fb75f
commit ba7a8fb75f
parent b65aa6afec
5 changed files with 12 additions and 33 deletions
--- a/public/app/features/alerting/unified/components/receivers/ReceiversTable.test.tsx
+++ b/public/app/features/alerting/unified/components/receivers/ReceiversTable.test.tsx
@ -183,29 +183,13 @@ describe('ReceiversTable', () => {

      const notifiers: NotifierDTO[] = [mockNotifier('googlechat', 'Google Chat'), mockNotifier('sensugo', 'Sensu Go')];

-      it('should be visible when user has permissions to read provisioning', async () => {
-        grantUserPermissions([AccessControlAction.AlertingProvisioningRead]);
-
-        await renderReceieversTable(receivers, notifiers, GRAFANA_RULES_SOURCE_NAME);
-
-        const buttons = within(screen.getByTestId('dynamic-table')).getAllByTestId('export');
-        expect(buttons).toHaveLength(2);
-      });
-      it('should be visible when user has permissions to read provisioning with secrets', async () => {
-        grantUserPermissions([AccessControlAction.AlertingProvisioningReadSecrets]);
-
-        await renderReceieversTable(receivers, notifiers, GRAFANA_RULES_SOURCE_NAME);
-
-        const buttons = within(screen.getByTestId('dynamic-table')).getAllByTestId('export');
-        expect(buttons).toHaveLength(2);
-      });
-      it('should not be visible when user has no provisioning permissions', async () => {
+      it('should be visible when user has permissions to read notifications', async () => {
        grantUserPermissions([AccessControlAction.AlertingNotificationsRead]);

-        await renderReceieversTable(receivers, [], GRAFANA_RULES_SOURCE_NAME);
+        await renderReceieversTable(receivers, notifiers, GRAFANA_RULES_SOURCE_NAME);

-        const buttons = within(screen.getByTestId('dynamic-table')).queryAllByTestId('export');
-        expect(buttons).toHaveLength(0);
+        const buttons = within(screen.getByTestId('dynamic-table')).getAllByTestId('export');
+        expect(buttons).toHaveLength(2);
      });
    });
  });
@ -232,7 +216,7 @@ describe('ReceiversTable', () => {

      const notifiers: NotifierDTO[] = [mockNotifier('googlechat', 'Google Chat'), mockNotifier('sensugo', 'Sensu Go')];

-      grantUserPermissions([AccessControlAction.AlertingProvisioningRead]);
+      grantUserPermissions([AccessControlAction.AlertingNotificationsRead]);

      // Act
      await renderReceieversTable(receivers, notifiers, GRAFANA_RULES_SOURCE_NAME);
--- a/public/app/features/alerting/unified/hooks/snapshots/useAbilities.test.tsx.snap
+++ b/public/app/features/alerting/unified/hooks/snapshots/useAbilities.test.tsx.snap
@ -153,11 +153,11 @@ exports[`alertmanager abilities should report everything except exporting for Mi
  ],
  "export-contact-point": [
    false,
-    false,
+    true,
  ],
  "export-notification-policies": [
    false,
-    false,
+    true,
  ],
  "update-external-configuration": [
    true,
@ -254,11 +254,11 @@ exports[`alertmanager abilities should report everything is supported for builti
  ],
  "export-contact-point": [
    true,
-    false,
+    true,
  ],
  "export-notification-policies": [
    true,
-    false,
+    true,
  ],
  "update-external-configuration": [
    true,
--- a/public/app/features/alerting/unified/hooks/useAbilities.test.tsx
+++ b/public/app/features/alerting/unified/hooks/useAbilities.test.tsx
@ -128,7 +128,7 @@ describe('alertmanager abilities', () => {
    expect(abilities.result.current).toHaveLength(3);
    expect(abilities.result.current[0]).toStrictEqual([true, true]);
    expect(abilities.result.current[1]).toStrictEqual([true, false]);
-    expect(abilities.result.current[2]).toStrictEqual([true, false]);
+    expect(abilities.result.current[2]).toStrictEqual([true, true]);
  });
 });

--- a/public/app/features/alerting/unified/hooks/useAbilities.ts
+++ b/public/app/features/alerting/unified/hooks/useAbilities.ts
@ -131,8 +131,7 @@ export function useAllAlertmanagerAbilities(): Abilities<AlertmanagerAction> {
    // only Grafana flavored alertmanager supports exporting
    [AlertmanagerAction.ExportContactPoint]: [
      isGrafanaFlavoredAlertmanager,
-      ctx.hasPermission(notificationsPermissions.provisioning.read) ||
-        ctx.hasPermission(notificationsPermissions.provisioning.readSecrets),
+      ctx.hasPermission(notificationsPermissions.read),
    ],
    // -- notification templates --
    [AlertmanagerAction.CreateNotificationTemplate]: [
@ -167,8 +166,7 @@ export function useAllAlertmanagerAbilities(): Abilities<AlertmanagerAction> {
    ],
    [AlertmanagerAction.ExportNotificationPolicies]: [
      isGrafanaFlavoredAlertmanager,
-      ctx.hasPermission(notificationsPermissions.provisioning.read) ||
-        ctx.hasPermission(notificationsPermissions.provisioning.readSecrets),
+      ctx.hasPermission(notificationsPermissions.read),
    ],
    [AlertmanagerAction.DecryptSecrets]: [
      isGrafanaFlavoredAlertmanager,
--- a/public/app/features/alerting/unified/utils/access-control.ts
+++ b/public/app/features/alerting/unified/utils/access-control.ts
@ -124,9 +124,6 @@ export function getRulesAccess() {
    canEditRules: (rulesSourceName: string) => {
      return contextSrv.hasPermission(getRulesPermissions(rulesSourceName).update);
    },
-    canReadProvisioning:
-      contextSrv.hasPermission(provisioningPermissions.read) ||
-      contextSrv.hasPermission(provisioningPermissions.readSecrets),
  };
 }