Access Control: Allow signed in users access to GET data sources endpoints (#43338)

* remove scopes from endpoints and add datasources:read without scope to the compatibility role
2025-02-25 18:55:37 -06:00 · 2022-01-17 10:16:12 +01:00
parent f763be8f0f
commit f75e4d1a4f
4 changed files with 55 additions and 29 deletions
--- a/pkg/api/frontendsettings.go
+++ b/pkg/api/frontendsettings.go
@@ -2,7 +2,6 @@ package api

 import (
 	"context"
-	"errors"
 	"strconv"

 	"github.com/grafana/grafana/pkg/bus"
@@ -25,20 +24,12 @@ func (hs *HTTPServer) getFSDataSources(c *models.ReqContext, enabledPlugins Enab
 			return nil, err
 		}

-		dsFilterQuery := models.DatasourcesPermissionFilterQuery{
-			User:        c.SignedInUser,
-			Datasources: query.Result,
+		filtered, err := filterDatasourcesByQueryPermission(c.Req.Context(), c.SignedInUser, query.Result)
+		if err != nil {
+			return nil, err
 		}

-		if err := bus.Dispatch(c.Req.Context(), &dsFilterQuery); err != nil {
-			if !errors.Is(err, bus.ErrHandlerNotFound) {
-				return nil, err
-			}
-
-			orgDataSources = query.Result
-		} else {
-			orgDataSources = dsFilterQuery.Result
-		}
+		orgDataSources = filtered
 	}

 	dataSources := make(map[string]plugins.DataSourceDTO)