From a3fc9dadbde005b2838b8da7991a02290f47a508 Mon Sep 17 00:00:00 2001
From: Eneli Reimets <eneli.reimets@nortal.com>
Date: Wed, 30 Aug 2023 15:58:14 +0300
Subject: [PATCH] fix: missing authority for timestamping service table

Refs: XRDDEV-2440
---
 .../restapi/openapi/DiagnosticsApiController.java               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiController.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiController.java
index cc8128d64b..3f4a8d1089 100644
--- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiController.java
+++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiController.java
@@ -98,7 +98,7 @@ public ResponseEntity<Set<OcspResponderDiagnostics>> getOcspRespondersDiagnostic
     }
 
     @Override
-    @PreAuthorize("hasAuthority('DIAGNOSTICS')")
+    @PreAuthorize("hasAnyAuthority('DIAGNOSTICS', 'VIEW_TSPS')")
     public ResponseEntity<AddOnStatus> getAddOnDiagnostics() {
         AddOnStatusDiagnostics addOnStatus = diagnosticService.queryAddOnStatus();
         return new ResponseEntity<>(addOnStatusConverter.convert(addOnStatus), HttpStatus.OK);