From 1a6184a9aaae04bb28a53ac0fcdf1f75cf6ea9aa Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" <nick@koston.org>
Date: Tue, 31 Oct 2023 16:29:22 -0500
Subject: [PATCH] Allow non-admins to subscribe to the issue registry updated
 event (#103145)

---
 homeassistant/auth/permissions/events.py           | 2 ++
 homeassistant/components/websocket_api/commands.py | 9 ++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/homeassistant/auth/permissions/events.py b/homeassistant/auth/permissions/events.py
index d50da96a39f..aec23331664 100644
--- a/homeassistant/auth/permissions/events.py
+++ b/homeassistant/auth/permissions/events.py
@@ -19,6 +19,7 @@ from homeassistant.const import (
 from homeassistant.helpers.area_registry import EVENT_AREA_REGISTRY_UPDATED
 from homeassistant.helpers.device_registry import EVENT_DEVICE_REGISTRY_UPDATED
 from homeassistant.helpers.entity_registry import EVENT_ENTITY_REGISTRY_UPDATED
+from homeassistant.helpers.issue_registry import EVENT_REPAIRS_ISSUE_REGISTRY_UPDATED
 
 # These are events that do not contain any sensitive data
 # Except for state_changed, which is handled accordingly.
@@ -28,6 +29,7 @@ SUBSCRIBE_ALLOWLIST: Final[set[str]] = {
     EVENT_CORE_CONFIG_UPDATE,
     EVENT_DEVICE_REGISTRY_UPDATED,
     EVENT_ENTITY_REGISTRY_UPDATED,
+    EVENT_REPAIRS_ISSUE_REGISTRY_UPDATED,
     EVENT_LOVELACE_UPDATED,
     EVENT_PANELS_UPDATED,
     EVENT_RECORDER_5MIN_STATISTICS_GENERATED,
diff --git a/homeassistant/components/websocket_api/commands.py b/homeassistant/components/websocket_api/commands.py
index 7d59fd39a0c..369eca38925 100644
--- a/homeassistant/components/websocket_api/commands.py
+++ b/homeassistant/components/websocket_api/commands.py
@@ -57,6 +57,8 @@ from .messages import construct_result_message
 
 ALL_SERVICE_DESCRIPTIONS_JSON_CACHE = "websocket_api_all_service_descriptions_json"
 
+_LOGGER = logging.getLogger(__name__)
+
 
 @callback
 def async_register_commands(
@@ -134,7 +136,12 @@ def handle_subscribe_events(
     event_type = msg["event_type"]
 
     if event_type not in SUBSCRIBE_ALLOWLIST and not connection.user.is_admin:
-        raise Unauthorized
+        _LOGGER.error(
+            "Refusing to allow %s to subscribe to event %s",
+            connection.user.name,
+            event_type,
+        )
+        raise Unauthorized(user_id=connection.user.id)
 
     if event_type == EVENT_STATE_CHANGED:
         forward_events = partial(