From 2a566dddfd1e3a850eaa6cedb7323a7db1071e5f Mon Sep 17 00:00:00 2001 From: "Grot (@grafanabot)" <43478413+grafanabot@users.noreply.github.com> Date: Wed, 17 May 2023 20:18:01 +0200 Subject: [PATCH] [v9.5.x] Revert: Allow editors to access GET /datasources (#68654) Revert: Allow editors to access GET /datasources (#68632) Revert "Allow editors to access GET /datasources" This reverts commit 5a830c43c0f4793726b9826aee063da114e88738. (cherry picked from commit 6a2bcba07808c24d6d1dad0d9c2784424cf7e377) Co-authored-by: Eric Leijonmarck --- pkg/api/api.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/api/api.go b/pkg/api/api.go index 8f7c0117ec4..366b632fb2e 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -392,7 +392,7 @@ func (hs *HTTPServer) registerRoutes() { idScope := datasources.ScopeProvider.GetResourceScope(ac.Parameter(":id")) uidScope := datasources.ScopeProvider.GetResourceScopeUID(ac.Parameter(":uid")) nameScope := datasources.ScopeProvider.GetResourceScopeName(ac.Parameter(":name")) - datasourceRoute.Get("/", authorize(reqEditorRole, ac.EvalPermission(datasources.ActionRead)), routing.Wrap(hs.GetDataSources)) + datasourceRoute.Get("/", authorize(reqOrgAdmin, ac.EvalPermission(datasources.ActionRead)), routing.Wrap(hs.GetDataSources)) datasourceRoute.Post("/", authorize(reqOrgAdmin, ac.EvalPermission(datasources.ActionCreate)), quota(string(datasources.QuotaTargetSrv)), routing.Wrap(hs.AddDataSource)) datasourceRoute.Put("/:id", authorize(reqOrgAdmin, ac.EvalPermission(datasources.ActionWrite, idScope)), routing.Wrap(hs.UpdateDataSourceByID)) datasourceRoute.Put("/uid/:uid", authorize(reqOrgAdmin, ac.EvalPermission(datasources.ActionWrite, uidScope)), routing.Wrap(hs.UpdateDataSourceByUID))