From c4edd45267922e8f8d7a0b9ab36aaaaa1d691bdf Mon Sep 17 00:00:00 2001
From: Mark Laing <mark.laing@canonical.com>
Date: Mon, 25 Sep 2023 15:40:57 +0100
Subject: [PATCH] lxd: Update authorization for warnings.

Signed-off-by: Mark Laing <mark.laing@canonical.com>
---
 lxd/warnings.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/lxd/warnings.go b/lxd/warnings.go
index 3f61f33ff227..6372867b321a 100644
--- a/lxd/warnings.go
+++ b/lxd/warnings.go
@@ -12,6 +12,7 @@ import (
 
 	"github.com/gorilla/mux"
 
+	"github.com/canonical/lxd/lxd/auth"
 	"github.com/canonical/lxd/lxd/db"
 	"github.com/canonical/lxd/lxd/db/cluster"
 	"github.com/canonical/lxd/lxd/db/operationtype"
@@ -31,16 +32,16 @@ import (
 var warningsCmd = APIEndpoint{
 	Path: "warnings",
 
-	Get: APIEndpointAction{Handler: warningsGet},
+	Get: APIEndpointAction{Handler: warningsGet, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
 }
 
 var warningCmd = APIEndpoint{
 	Path: "warnings/{id}",
 
-	Get:    APIEndpointAction{Handler: warningGet},
-	Patch:  APIEndpointAction{Handler: warningPatch},
-	Put:    APIEndpointAction{Handler: warningPut},
-	Delete: APIEndpointAction{Handler: warningDelete},
+	Get:    APIEndpointAction{Handler: warningGet, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
+	Patch:  APIEndpointAction{Handler: warningPatch, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
+	Put:    APIEndpointAction{Handler: warningPut, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
+	Delete: APIEndpointAction{Handler: warningDelete, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
 }
 
 func filterWarnings(warnings []api.Warning, clauses *filter.ClauseSet) ([]api.Warning, error) {