From a811d7d76fda5809d58ea43c56b7f372719acca1 Mon Sep 17 00:00:00 2001 From: Gabriel MABILLE Date: Tue, 7 Sep 2021 17:13:11 +0200 Subject: [PATCH] Access control: Add a scope to Data Sources GET endpoint (#38933) --- pkg/api/api.go | 2 +- pkg/api/datasources_test.go | 2 +- pkg/services/accesscontrol/mock/mock.go | 2 -- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/pkg/api/api.go b/pkg/api/api.go index cbfb05c299c..2c88f5114be 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -266,7 +266,7 @@ func (hs *HTTPServer) registerRoutes() { // Data sources apiRoute.Group("/datasources", func(datasourceRoute routing.RouteRegister) { - datasourceRoute.Get("/", authorize(reqOrgAdmin, ac.EvalPermission(ActionDatasourcesRead)), routing.Wrap(hs.GetDataSources)) + datasourceRoute.Get("/", authorize(reqOrgAdmin, ac.EvalPermission(ActionDatasourcesRead, ScopeDatasourcesAll)), routing.Wrap(hs.GetDataSources)) datasourceRoute.Post("/", authorize(reqOrgAdmin, ac.EvalPermission(ActionDatasourcesCreate)), quota("data_source"), bind(models.AddDataSourceCommand{}), routing.Wrap(AddDataSource)) datasourceRoute.Put("/:id", authorize(reqOrgAdmin, ac.EvalPermission(ActionDatasourcesWrite, ScopeDatasourceID)), bind(models.UpdateDataSourceCommand{}), routing.Wrap(hs.UpdateDataSource)) datasourceRoute.Delete("/:id", authorize(reqOrgAdmin, ac.EvalPermission(ActionDatasourcesDelete, ScopeDatasourceID)), routing.Wrap(hs.DeleteDataSourceById)) diff --git a/pkg/api/datasources_test.go b/pkg/api/datasources_test.go index cde05b6fd2e..5103d3b5fa2 100644 --- a/pkg/api/datasources_test.go +++ b/pkg/api/datasources_test.go @@ -234,7 +234,7 @@ func TestAPI_Datasources_AccessControl(t *testing.T) { desc: "DatasourcesGet should return 200 for user with correct permissions", url: "/api/datasources/", method: http.MethodGet, - permissions: []*accesscontrol.Permission{{Action: ActionDatasourcesRead}}, + permissions: []*accesscontrol.Permission{{Action: ActionDatasourcesRead, Scope: ScopeDatasourcesAll}}, }, }, { diff --git a/pkg/services/accesscontrol/mock/mock.go b/pkg/services/accesscontrol/mock/mock.go index e2f6d91c0e8..1cf6ebcf856 100644 --- a/pkg/services/accesscontrol/mock/mock.go +++ b/pkg/services/accesscontrol/mock/mock.go @@ -42,8 +42,6 @@ type Mock struct { RegisterFixedRolesFunc func() error } -type MockOptions func(*Mock) - // Ensure the mock stays in line with the interface var _ fullAccessControl = New()