From 6fe084f92737d949896e68a056c396ace9dfb241 Mon Sep 17 00:00:00 2001 From: Surabhi Date: Thu, 2 Apr 2026 18:18:20 -0700 Subject: [PATCH] Change permission from modify to view for view based reports --- central/main.go | 2 +- central/reports/service/v2/service_impl.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/central/main.go b/central/main.go index 601a8c38740e5..14dd0557cbbd8 100644 --- a/central/main.go +++ b/central/main.go @@ -958,7 +958,7 @@ func customRoutes() (customRoutes []routes.CustomRoute) { // Append report custom routes customRoutes = append(customRoutes, routes.CustomRoute{ Route: "/api/reports/jobs/download", - Authorizer: user.With(permissions.Modify(resources.WorkflowAdministration), permissions.View(resources.Image)), + Authorizer: user.With(permissions.View(resources.WorkflowAdministration), permissions.View(resources.Image)), ServerHandler: v2Service.NewDownloadHandler(), Compression: true, }) diff --git a/central/reports/service/v2/service_impl.go b/central/reports/service/v2/service_impl.go index efeb9fe5d73b2..ddf6dc999687c 100644 --- a/central/reports/service/v2/service_impl.go +++ b/central/reports/service/v2/service_impl.go @@ -59,12 +59,12 @@ var ( apiV2.ReportService_GetMyReportHistory_FullMethodName, apiV2.ReportService_GetViewBasedReportHistory_FullMethodName, apiV2.ReportService_GetViewBasedMyReportHistory_FullMethodName, + apiV2.ReportService_PostViewBasedReport_FullMethodName, }, user.With(permissions.Modify(resources.WorkflowAdministration), permissions.View(resources.Image)): { apiV2.ReportService_RunReport_FullMethodName, apiV2.ReportService_CancelReport_FullMethodName, apiV2.ReportService_DeleteReport_FullMethodName, - apiV2.ReportService_PostViewBasedReport_FullMethodName, }, }) )