Access control: Enable data source view for partial permissions (#44695)

* Return correct value * Remove scope all requirement * Only add dashboard sub nav if user is admin
2025-08-02 13:16:03 +08:00 · 2022-02-01 15:00:05 +01:00
parent bc24fdcf8d
commit e93e1bdd2b
3 changed files with 5 additions and 5 deletions
--- a/pkg/api/datasources.go
+++ b/pkg/api/datasources.go
@ -606,5 +606,5 @@ func filterDatasourcesByQueryPermission(ctx context.Context, user *models.Signed
 		return datasources, nil
 	}

-	return query.Datasources, nil
+	return query.Result, nil
 }
--- a/pkg/api/roles.go
+++ b/pkg/api/roles.go
@ -256,7 +256,7 @@ func (hs *HTTPServer) declareFixedRoles() error {

 // dataSourcesConfigurationAccessEvaluator is used to protect the "Configure > Data sources" tab access
 var dataSourcesConfigurationAccessEvaluator = accesscontrol.EvalAll(
-	accesscontrol.EvalPermission(ActionDatasourcesRead, ScopeDatasourcesAll),
+	accesscontrol.EvalPermission(ActionDatasourcesRead),
 	accesscontrol.EvalAny(
 		accesscontrol.EvalPermission(ActionDatasourcesCreate),
 		accesscontrol.EvalPermission(ActionDatasourcesDelete),
@ -266,14 +266,14 @@ var dataSourcesConfigurationAccessEvaluator = accesscontrol.EvalAll(

 // dataSourcesNewAccessEvaluator is used to protect the "Configure > Data sources > New" page access
 var dataSourcesNewAccessEvaluator = accesscontrol.EvalAll(
-	accesscontrol.EvalPermission(ActionDatasourcesRead, ScopeDatasourcesAll),
+	accesscontrol.EvalPermission(ActionDatasourcesRead),
 	accesscontrol.EvalPermission(ActionDatasourcesCreate),
 	accesscontrol.EvalPermission(ActionDatasourcesWrite),
 )

 // dataSourcesEditAccessEvaluator is used to protect the "Configure > Data sources > Edit" page access
 var dataSourcesEditAccessEvaluator = accesscontrol.EvalAll(
-	accesscontrol.EvalPermission(ActionDatasourcesRead, ScopeDatasourcesAll),
+	accesscontrol.EvalPermission(ActionDatasourcesRead),
 	accesscontrol.EvalPermission(ActionDatasourcesWrite),
 )