Project

General

Profile

Actions

Bug #14339

open

PuppetClassImporter doesn't respect access control or taxonomies

Added by Sean O'Keeffe about 8 years ago. Updated almost 8 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Organizations and Locations
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Description of problem:
Unprivileged user can import classes and environments that are filtered out.

How reproducible:
always

Steps to Reproduce:
1. Create 2 puppet environments (env1, env2)
2. Import 2 puppet classes (ntp, motd) make both in env1 & only ntp in env2.
3. Create a limited access user so they have all access to env2 and motd. No access to env1 or ntp
4. Make changes to puppet class ntp in env2
5. hit Import from xxxx
6. page displayed will show changes about ntp in env2 (which it shouldn't, this user has no access to them)
7. Hit update and changes will by "imported"

Another slightly different example:
1. Create new org which your test user has no access to.
2. Create another environment on disk (env3) assign to this new org
3. Hit import from xxx as admin user (until there are no changes required)
4. login as test user, hit import from xxx
5. page will display new env3 (as your current user cannot view it)
6. hit update and you'll get "Validation failed: Name has already been taken" it tries to create new environment that is already in the DB

Expected results:
"Import from xxx" to respect access controls of environments/puppetclasses taxonomies.

Tested on nightly but I believe it'll work in 1.10, i don't think there has been changes to this recently.


Related issues 6 (2 open4 closed)

Related to Foreman - Bug #11328: "Name has already been taken" error when importing Puppet classesDuplicate08/11/2015Actions
Related to Foreman - Bug #11453: Warning! Validation failed: Name has already been takenDuplicate08/23/2015Actions
Related to Foreman - Bug #12048: Unable to import puppet environment "production" via foreman web interfaceDuplicate10/02/2015Actions
Related to Foreman - Tracker #10022: Taxonomies related issuesNew04/05/2015

Actions
Related to Foreman - Bug #10906: Puppet environment import returns 500 because it exists in different organizationNew06/23/2015Actions
Has duplicate Foreman - Bug #14835: Filter "Puppet class" doesn't have Organization and LocationDuplicate04/26/2016Actions
Actions #1

Updated by Sean O'Keeffe about 8 years ago

  • Related to Bug #11328: "Name has already been taken" error when importing Puppet classes added
Actions #2

Updated by Sean O'Keeffe about 8 years ago

  • Related to Bug #11453: Warning! Validation failed: Name has already been taken added
Actions #3

Updated by Sean O'Keeffe about 8 years ago

  • Related to Bug #12048: Unable to import puppet environment "production" via foreman web interface added
Actions #4

Updated by Marek Hulán about 8 years ago

Actions #5

Updated by Dominic Cleal almost 8 years ago

  • Related to Bug #10906: Puppet environment import returns 500 because it exists in different organization added
Actions #6

Updated by Ivan Necas almost 8 years ago

  • Has duplicate Bug #14835: Filter "Puppet class" doesn't have Organization and Location added
Actions #7

Updated by Ivan Necas almost 8 years ago

  • Bugzilla link set to 1329992
Actions #8

Updated by Ivan Necas almost 8 years ago

  • Category changed from Security to Organizations and Locations
Actions

Also available in: Atom PDF