Allow listing Dashboards through k8s APIs (#98997)

What This PR changes the dashboard authorizer logic to no longer require requester to be the super admin user in order to list dashboards using k8s APIs. Why We no longer need this precondition - dashboards should be listable based on the regular authorizer logic. Signed-off-by: Igor Suleymanov <igor.suleymanov@grafana.com>
4 months ago · 7f04f66137
parent 32790c6918
commit 7f04f66137
1 changed files with 0 additions and 7 deletions
--- a/pkg/registry/apis/dashboard/authorizer.go
+++ b/pkg/registry/apis/dashboard/authorizer.go
@ -7,7 +7,6 @@ import (

 	"github.com/grafana/authlib/claims"
 	"github.com/grafana/grafana/pkg/apimachinery/identity"
-	"github.com/grafana/grafana/pkg/apis/dashboard"
 	"github.com/grafana/grafana/pkg/infra/log"
 	"github.com/grafana/grafana/pkg/services/dashboards"
 	"github.com/grafana/grafana/pkg/services/guardian"
@ -27,12 +26,6 @@ func GetAuthorizer(dashboardService dashboards.DashboardService, l log.Logger) a
 			}

 			if attr.GetName() == "" {
-				// Discourage use of the "list" command for non super admin users
-				if attr.GetVerb() == "list" && attr.GetResource() == dashboard.DashboardResourceInfo.GroupResource().Resource {
-					if !user.GetIsGrafanaAdmin() {
-						return authorizer.DecisionDeny, "list summary objects (or connect as GrafanaAdmin)", err
-					}
-				}
 				return authorizer.DecisionNoOpinion, "", nil
 			}