From f9c310dbaf53df26d56f0bf0ad7413b579b9adf1 Mon Sep 17 00:00:00 2001
From: dsotirakis <dimitrios.sotirakis@grafana.com>
Date: Thu, 25 May 2023 09:51:19 +0300
Subject: [PATCH] Require alert.notifications:write permissions to test
 receivers and templates (#865)

# Conflicts:
#	pkg/services/ngalert/api/authorization.go
---
 pkg/services/ngalert/api/authorization.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pkg/services/ngalert/api/authorization.go b/pkg/services/ngalert/api/authorization.go
index c375745c1ef..6589dc48e19 100644
--- a/pkg/services/ngalert/api/authorization.go
+++ b/pkg/services/ngalert/api/authorization.go
@@ -152,9 +152,10 @@ func (api *API) authorize(method, path string) web.Handler {
 	case http.MethodGet + "/api/alertmanager/grafana/config/api/v1/receivers":
 		eval = ac.EvalPermission(ac.ActionAlertingNotificationsRead)
 	case http.MethodPost + "/api/alertmanager/grafana/config/api/v1/receivers/test":
-		eval = ac.EvalPermission(ac.ActionAlertingNotificationsRead)
+		eval = ac.EvalPermission(ac.ActionAlertingNotificationsWrite)
 	case http.MethodPost + "/api/alertmanager/grafana/config/api/v1/templates/test":
-		eval = ac.EvalPermission(ac.ActionAlertingNotificationsRead)
+		fallback = middleware.ReqEditorRole
+		eval = ac.EvalPermission(ac.ActionAlertingNotificationsWrite)
 
 	// External Alertmanager Paths
 	case http.MethodDelete + "/api/alertmanager/{DatasourceUID}/config/api/v1/alerts":