From e93e1bdd2bb1d9c2c0d8d462d8538dbb67d3475c Mon Sep 17 00:00:00 2001
From: Karl Persson <kalle.persson@grafana.com>
Date: Tue, 1 Feb 2022 15:00:05 +0100
Subject: [PATCH] Access control: Enable data source view for partial
 permissions (#44695)

* Return correct value

* Remove scope all requirement

* Only add dashboard sub nav if user is admin
---
 pkg/api/datasources.go                            | 2 +-
 pkg/api/roles.go                                  | 6 +++---
 public/app/features/datasources/state/navModel.ts | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkg/api/datasources.go b/pkg/api/datasources.go
index 0809a9cfc4a..b24612f763f 100644
--- a/pkg/api/datasources.go
+++ b/pkg/api/datasources.go
@@ -606,5 +606,5 @@ func filterDatasourcesByQueryPermission(ctx context.Context, user *models.Signed
 		return datasources, nil
 	}
 
-	return query.Datasources, nil
+	return query.Result, nil
 }
diff --git a/pkg/api/roles.go b/pkg/api/roles.go
index 15b741d17a3..943649a41d3 100644
--- a/pkg/api/roles.go
+++ b/pkg/api/roles.go
@@ -256,7 +256,7 @@ func (hs *HTTPServer) declareFixedRoles() error {
 
 // dataSourcesConfigurationAccessEvaluator is used to protect the "Configure > Data sources" tab access
 var dataSourcesConfigurationAccessEvaluator = accesscontrol.EvalAll(
-	accesscontrol.EvalPermission(ActionDatasourcesRead, ScopeDatasourcesAll),
+	accesscontrol.EvalPermission(ActionDatasourcesRead),
 	accesscontrol.EvalAny(
 		accesscontrol.EvalPermission(ActionDatasourcesCreate),
 		accesscontrol.EvalPermission(ActionDatasourcesDelete),
@@ -266,14 +266,14 @@ var dataSourcesConfigurationAccessEvaluator = accesscontrol.EvalAll(
 
 // dataSourcesNewAccessEvaluator is used to protect the "Configure > Data sources > New" page access
 var dataSourcesNewAccessEvaluator = accesscontrol.EvalAll(
-	accesscontrol.EvalPermission(ActionDatasourcesRead, ScopeDatasourcesAll),
+	accesscontrol.EvalPermission(ActionDatasourcesRead),
 	accesscontrol.EvalPermission(ActionDatasourcesCreate),
 	accesscontrol.EvalPermission(ActionDatasourcesWrite),
 )
 
 // dataSourcesEditAccessEvaluator is used to protect the "Configure > Data sources > Edit" page access
 var dataSourcesEditAccessEvaluator = accesscontrol.EvalAll(
-	accesscontrol.EvalPermission(ActionDatasourcesRead, ScopeDatasourcesAll),
+	accesscontrol.EvalPermission(ActionDatasourcesRead),
 	accesscontrol.EvalPermission(ActionDatasourcesWrite),
 )
 
diff --git a/public/app/features/datasources/state/navModel.ts b/public/app/features/datasources/state/navModel.ts
index 2cf04410370..25c88ae6935 100644
--- a/public/app/features/datasources/state/navModel.ts
+++ b/public/app/features/datasources/state/navModel.ts
@@ -39,7 +39,7 @@ export function buildNavModel(dataSource: DataSourceSettings, plugin: GenericDat
     }
   }
 
-  if (pluginMeta.includes && hasDashboards(pluginMeta.includes)) {
+  if (pluginMeta.includes && hasDashboards(pluginMeta.includes) && contextSrv.hasRole('Admin')) {
     navModel.children!.push({
       active: false,
       icon: 'apps',