From d873bf6caaa1000c4a3e0cd4a6556b7fa3332fa6 Mon Sep 17 00:00:00 2001
From: Mark Laing <mark.laing@canonical.com>
Date: Mon, 4 Mar 2024 15:31:22 +0000
Subject: [PATCH] lxd: Fix entitlement for group list request.

`can_view_groups` is defined on server. For fine-grained
permissions on this endpoint, we want `can_view` defined on
`group`.

Signed-off-by: Mark Laing <mark.laing@canonical.com>
---
 lxd/auth_groups.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lxd/auth_groups.go b/lxd/auth_groups.go
index 9051b4304308..d67fdc505f04 100644
--- a/lxd/auth_groups.go
+++ b/lxd/auth_groups.go
@@ -164,7 +164,7 @@ func getAuthGroups(d *Daemon, r *http.Request) response.Response {
 	recursion := request.QueryParam(r, "recursion")
 	s := d.State()
 
-	hasPermission, err := s.Authorizer.GetPermissionChecker(r.Context(), r, auth.EntitlementCanViewGroups, entity.TypeAuthGroup)
+	hasPermission, err := s.Authorizer.GetPermissionChecker(r.Context(), r, auth.EntitlementCanView, entity.TypeAuthGroup)
 	if err != nil {
 		return response.SmartError(fmt.Errorf("Failed to get a permission checker: %w", err))
 	}