Alerting: Fix fine-grained rule access control to use 403 for authorization error (#79239)

* use 403 for authorization error * update silences API * add ForbiddenError to rule API responses
2023-12-07 13:43:58 -05:00
parent aa12c6c772
commit 2be7605794
17 changed files with 629 additions and 444 deletions
@@ -124,7 +124,7 @@ func TestBacktesting(t *testing.T) {
 		t.Run("fail if can't query data sources", func(t *testing.T) {
 			status, body := testUserApiCli.SubmitRuleForBacktesting(t, queryRequest)
 			require.Contains(t, body, "user is not authorized to access rule group")
-			require.Equalf(t, http.StatusUnauthorized, status, "Response: %s", body)
+			require.Equalf(t, http.StatusForbidden, status, "Response: %s", body)
 		})
 	})
 }