From 5c465549e7fdeef673ac11b746a3f7cfd8d896f8 Mon Sep 17 00:00:00 2001
From: Juan Fernandez <juan-fdz-hawa@users.noreply.github.com>
Date: Tue, 21 Mar 2023 15:29:59 -0400
Subject: [PATCH] Bug 10631: Updated SearchHost authorization action (#10655)

Updated authorization on 'host/search' endpoint so that logged in users can list hosts.
---
 changes/10631-updated-action-on-host-search | 1 +
 server/service/hosts.go                     | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 changes/10631-updated-action-on-host-search

diff --git a/changes/10631-updated-action-on-host-search b/changes/10631-updated-action-on-host-search
new file mode 100644
index 0000000000..391a8a8d26
--- /dev/null
+++ b/changes/10631-updated-action-on-host-search
@@ -0,0 +1 @@
+Bug: Updated authorization action used on host/search endpoint
\ No newline at end of file
diff --git a/server/service/hosts.go b/server/service/hosts.go
index a860d1a052..99897de4ed 100644
--- a/server/service/hosts.go
+++ b/server/service/hosts.go
@@ -324,7 +324,7 @@ func searchHostsEndpoint(ctx context.Context, request interface{}, svc fleet.Ser
 }
 
 func (svc *Service) SearchHosts(ctx context.Context, matchQuery string, queryID *uint, excludedHostIDs []uint) ([]*fleet.Host, error) {
-	if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionRead); err != nil {
+	if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil {
 		return nil, err
 	}